Post on 21-Nov-2020
The Utility of
the Tor NetworkBy: Hammas Bin TanveerAdvisor: Dr. Rishab Nithyanand
1
The Anonymous Internet
2
A regular internet connection
Daniyal Mahnaz
3
A regular internet connection
Daniyal Mahnaz
Dst: Mahnaz
Src: Daniyal
4
A regular internet connection
Daniyal Mahnaz
Src: Daniyal
5
A regular internet connection
Daniyal Mahnaz
Dst: Daniyal
tribune.pk
6
A regular internet connection
Daniyal Mahnaz
Src: Mahnaz
7
A regular internet connection
Daniyal Mahnaz
Src: Mahnaz Dst: Daniyal
8
An internet connection through Tor
MahnazDaniyal9
An internet connection through Tor
MahnazDaniyal
Tor network
10
An internet connection through Tor
MahnazDaniyal
Tor network
11
An internet connection through Tor
MahnazDaniyal
Tor network
12
An internet connection through TorThe setup
Daniyal
13
An internet connection through TorThe setup
Daniyal
Torproject.org
14
An internet connection through TorThe setup
Daniyal
Torproject.org
Get: Tor client
15
An internet connection through TorThe setup
Daniyal
Torproject.org
Tor client
16
An internet connection through TorThe setup
Daniyal
Torproject.org
Setup
Tor proxy
Onion
Proxy 17
An internet connection through TorBuilding a Tor circuit
Daniyal
Setup
Tor proxy
Onion
Proxy
Directory
Authorities18
An internet connection through TorBuilding a Tor circuit
Directory
Authorities
Onion
Routers19
An internet connection through TorService Descriptors
Service Descriptor
- Contact Information- Public Keys- Average Bandwidth- Exit Policy
20
An internet connection through TorBuilding a Tor circuit
Directory
Authorities
Onion
Routers
Get Descriptors
Get Descriptors
Get Descriptors
21
An internet connection through TorBuilding a Tor circuit
Daniyal
Setup
Tor proxy
Onion
Proxy
Directory
Authorities
Publish
Consensus
22
An internet connection through TorBuilding a Tor circuit
Daniyal
Setup
Tor proxy
Onion
Proxy
Directory
Authorities
Publish
Consensus
GetConsensus
23
An internet connection through TorThe Tor circuit
MahnazDaniyal24
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
25
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
26
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
27
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
28
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
29
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
30
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
31
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
32
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
Dst: OR1
33
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3Src: Daniyal
34
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
Dst: OR2
35
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
Src:OR1
36
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
Dst: OR3
37
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3Src: OR2
38
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
Dst: Mahnaz
39
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
Src: OR3
40
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
41
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
42
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
43
An internet connection through TorThe Tor circuit
MahnazDaniyal
OR1 OR2
OR3
44
An internet connection through TorA global adversary
MahnazDaniyal
OR1 OR2
OR3
45
An internet connection through TorA global adversary
MahnazDaniyal
OR1 OR2
OR3
46
DifferencesTor vs. A regular internet connection
47
DifferencesTor vs. A regular internet connection
DaniyalOnion Proxy
48
DifferencesTor vs. A regular internet connection
DaniyalOnion Proxy
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic- Use the Tor browser which comes preconfigured with the Tor
proxy
49
DifferencesTor vs. A regular internet connection
DaniyalOnion Proxy
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic- Use the Tor browser which comes preconfigured with the Tor
proxy
50
DifferencesTor vs. A regular internet connection
DaniyalOnion Proxy
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic- Use the Tor browser which comes preconfigured with the Tor
proxy
- Setting up a Tor circuit- Network traffic is routed through a minimum of three Onion routers
which are volunteered owned and operated
51
DifferencesTor vs. A regular internet connection
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
MahnazExitRelay
- Setting up a Tor circuit- Network traffic is routed through a minimum of three Onion routers
which are volunteered owned and operated
52
DifferencesTor vs. A regular internet connection
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
MahnazExitRelay
- The end server (Mahnaz) sees the traffic coming from the Exit Relay instead of the sender (Daniyal)
- Setting up a Tor circuit- Network traffic is routed through a minimum of three Onion routers
which are volunteered owned and operated
53
The Utility of the Tor Network
54
The Utility of the Tor Network
• The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
55
The Utility of the Tor Network
• The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
• The extra latency and bandwidth challenges that Tor users experience as compared to an individual trying to access web resources over the regular internet
56
The Utility of the Tor Network
• The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
• The extra latency and bandwidth challenges that Tor users experience as compared to an individual trying to access web resources over the regular internet
• The number of web resources on the regular internet that a Tor user can access
57
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
58
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
Use a regular browser configured to route traffic through Tor
- Directions are not straightforward for a typical internet user
- Installation required knowledge of complicated jargon
- Validating whether Tor proxy is working is not straightforward
59
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
Use a regular browser configured to route traffic through Tor
- Directions are not straightforward for a typical internet user
- Installation required knowledge of complicated jargon
- Validating whether Tor proxy is working is not straightforward
Using the Tor browser
Challenge Category label
Broken FunctionalityBroken websites
Reduced productivity
Shopping
Geolocation Geolocation
Latency Slower Access
Differential Treatment CAPTCHAs/Pages inaccessible 60
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
Use a regular browser configured to route traffic through Tor
- Directions are not straightforward for a typical internet user
- Installation required knowledge of complicated jargon
- Validating whether Tor proxy is working is not straightforward
Using the Tor browser
Challenge Category label
Broken FunctionalityBroken websites
Reduced productivity
Shopping
Geolocation Geolocation
Latency Slower Access
Differential Treatment CAPTCHAs/Pages inaccessible
Censorship of Tor
- Access blocked to the Tor Project’s website
- Access blocked to publicly listed relays in the consensus document
- Analysis of Tor traffic, blocking Tor connections
61
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
Use a regular browser configured to route traffic through Tor
- Directions are not straightforward for a typical internet user
- Installation required knowledge of complicated jargon
- Validating whether Tor proxy is working is not straightforward
Using the Tor browser
Challenge Category label
Broken FunctionalityBroken websites
Reduced productivity
Shopping
Geolocation Geolocation
Latency Slower Access
Differential Treatment CAPTCHAs/Pages inaccessible
Censorship of Tor
- Access blocked to the Tor Project’s website
- Access blocked to publicly listed relays in the consensus document
- Active analysis of Tor traffic, blocking Tor connections
USABILITY
62
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
Use a regular browser configured to route traffic through Tor
- Directions are not straightforward for a typical internet user
- Installation required knowledge of complicated jargon
- Validating whether Tor proxy is working is not straightforward
Using the Tor browser
Challenge Category label
Broken FunctionalityBroken websites
Reduced productivity
Shopping
Geolocation Geolocation
Latency Slower Access
Differential Treatment CAPTCHAs/Pages inaccessible
Censorship of Tor
- Access blocked to the Tor Project’s website
- Access blocked to publicly listed relays in the consensus document
- Active analysis of Tor traffic, blocking Tor connections
USABILITY CENSORSHIP
63
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
Use a regular browser configured to route traffic through Tor
- Directions are not straightforward for a typical internet user
- Installation required knowledge of complicated jargon
- Validating whether Tor proxy is working is not straightforward
Using the Tor browser
Challenge Category label
Broken FunctionalityBroken websites
Reduced productivity
Shopping
Geolocation Geolocation
Latency Slower Access
Differential Treatment CAPTCHAs/Pages inaccessible
USABILITY - 50% of all participants report some type of functional hindrance
- Biggest issues were latency and functionality breaks
- Users also reported lack of trust due to unrefined UX of the browser
64
The number of people who can successfully access the Tor network as compared to the number of people trying to access the Tor network
Daniyal
An Onion Proxy needs to be set up to route traffic through Tor:- Use a regular browser configured to route traffic through Tor- Use the Tor browser which comes preconfigured with the Tor
proxyOnion Proxy
Censorship of Tor
- Access blocked to the Tor Project’s website
- Access blocked to publicly listed relays in the consensus document
- Active analysis of Tor traffic, blocking Tor connections
CENSORSHIP - Tor traffic is identifiable by censors due to certain unique characteristics
- Methods to hide Tor traffic are ineffective
- Tor traffic can be identified with an accuracy of > 90% even if it is made to look like any other protocol’s traffic
65
• The extra latency and bandwidth challenges that Tor users experience as compared to an individual trying to access web resources over the
• regular internet
- Setting up a Tor Circuit- Network traffic is routed through a minimum of three Onion
routers which are volunteered owned and operated
66
• The extra latency and bandwidth challenges that Tor users experience as compared to an individual trying to access web resources over the
• regular internet
- Setting up a Tor Circuit- Network traffic is routed through a minimum of three Onion
routers which are volunteered owned and operated
Tor Circuit setup- Requires extra steps and hence extra time before a connection to the internet can be established
67
• The extra latency and bandwidth challenges that Tor users experience as compared to an individual trying to access web resources over the
• regular internet
- Setting up a Tor Circuit- Network traffic is routed through a minimum of three Onion
routers which are volunteered owned and operated
Tor Circuit setup- Requires extra steps and hence extra time before a connection to the internet can be established
Traffic routing through Tor relays- User’s traffic is routed through at least 3 Tor relays
before it reaches the end server adding extra latency
- The Tor relays are volunteer owned and operated network resources and are hence limited in number
68
• The extra latency and bandwidth challenges that Tor users experience as compared to an individual trying to access web resources over the
• regular internet
- Setting up a Tor Circuit- Network traffic is routed through a minimum of three Onion
routers which are volunteered owned and operated
Tor Circuit setup- Requires extra steps and hence extra time before a connection to the internet can be established
Traffic routing through Tor relays- User’s traffic is routed through at least 3 Tor relays
before it reaches the end server adding extra latency
- The Tor relays are volunteer owned and operated network resources and are hence limited in number
LATENCY - Tor is slower than regular traffic due to the very nature of the network itself
- Evaluating circuit build times and congestion awareness can reduce the latency experienced by a user
- There is a tradeoff between anonymity and latency
69
The number of web resources on the regular internet that a Tor user can access
MahnazExitRelay
- The end server (Mahnaz) sees the traffic coming from the Exit Relay instead of the sender (Daniyal)
70
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Tor users Tor relays71
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Tor users Tor relays72
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Taimoor
OR3
73
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Taimoor
OR3
74
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Taimoor
OR3
75
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Taimoor
OR3
76
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Src: OR3
Taimoor
OR3
77
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Taimoor
OR3
78
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Src: OR3
Taimoor
OR3
79
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Src: OR3
Taimoor
OR3
80
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz
Taimoor
OR3
Roya
Ali81
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz ThreatIntelligence
Taimoor
OR3
Roya
Ali82
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz ThreatIntelligence
Taimoor
OR3
Roya
Ali83
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz ThreatIntelligence
Taimoor
OR3
Roya
Ali84
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz ThreatIntelligence
Threat Info
Taimoor
OR3
Ali85
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz ThreatIntelligence
Threat Info
Taimoor
OR3
Roya
Ali86
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz ThreatIntelligence
Threat Info
Taimoor
OR3
Roya
Ali87
The number of web resources on the regular internet that a Tor user can accessFate Sharing
Daniyal
Mahnaz ThreatIntelligence
Threat Info
Differential Treatment
Taimoor
OR3
Roya
Ali88
The number of web resources on the regular internet that a Tor user can access
89
The number of web resources on the regular internet that a Tor user can access
Key goals
- Analyzing the extent of server-side discrimination faced by Tor users
- Analyzing the undesired traffic sent through Tor relays
- Analyzing whether the Tor network is blocked “reactively” or “proactively”
90
Analyzing the extent of server-side discrimination faced by Tor users
Daniyal
Mahnaz ThreatIntelligence
Threat Info
Taimoor
OR3
Roya
Ali91
Analyzing the extent of server-side discrimination faced by Tor users
Daniyal
Mahnaz ThreatIntelligence
Threat Info
Taimoor
OR3
Roya
Ali92
Analyzing the extent of server-side discrimination faced by Tor users
- Built a web crawler based on selenium- Visited the home page of a website- Instrumented search functionality- Instrumented login functionality
93
Analyzing the extent of server-side discrimination faced by Tor users
- Built a web crawler based on selenium- Visited the home page of a website- Instrumented search functionality- Instrumented login functionality
- Human like interactions with the website- Used a full-fledged browser (Firefox)- Bot-detection avoidance technique
- Rate limited clicking- Automating cursor movements- Clicking visible elements on a page
94
Analyzing the extent of server-side discrimination faced by Tor users
- Built a web crawler based on selenium- Visited the home page of a website- Instrumented search functionality- Instrumented login functionality
- Human like interactions with the website- Used a full-fledged browser (Firefox)- Bot-detection avoidance technique
- Rate limited clicking- Automating cursor movements- Clicking visible elements on a page
- The crawler visited the Alexa top 500 websites- Collected HAR files- Recorded screenshots of all pages visited
95
Analyzing the extent of server-side discrimination faced by Tor usersTypes of discrimination
CAPTCHAs
96
Analyzing the extent of server-side discrimination faced by Tor usersTypes of discrimination
CAPTCHAsBlock pages
97
Analyzing the extent of server-side discrimination faced by Tor usersDetecting Discrimination
98
Analyzing the extent of server-side discrimination faced by Tor usersDetecting Discrimination
pHash
pHash
pHash
99
Analyzing the extent of server-side discrimination faced by Tor usersDetecting Discrimination
pHash
pHash
pHash
pHash distance < 0.40
pHash distance > 0.75
100
Analyzing the extent of server-side discrimination faced by Tor usersDetecting Discrimination
pHash
pHash
pHash
pHash distance < 0.40
pHash distance > 0.75
No discrimination
Discrimination
101
Analyzing the extent of server-side discrimination faced by Tor usersExtent of Discrimination
Alexa Top 500
102
Analyzing the extent of server-side discrimination faced by Tor usersExtent of Discrimination
Alexa Top 500
Front page
20%
103
Analyzing the extent of server-side discrimination faced by Tor usersExtent of Discrimination
Alexa Top 500
Front page
Front page + Search (S-243)
20%
3.9%
17.4%
104
Analyzing the extent of server-side discrimination faced by Tor usersExtent of Discrimination
Alexa Top 500
Front page
Front page + Search (S-243)
Front page + Login (L-62)
20%
3.9%
7.5%
17.4%
17.1%
105
Analyzing the extent of server-side discrimination faced by Tor usersExtent of Discrimination
Alexa Top 500
Front page
Front page + Search (S-243)
Front page + Login (L-62)
20%
3.9%
7.5%
31%Of all Tor users face some form of differential treatment on the regular internet
17.4%
17.1%
106
Analyzing the extent of server-side discrimination faced by Tor usersExtent of Discrimination
Alexa Top 500
Front page
Front page + Search (S-243)
Front page + Login (L-62)
20%
3.9%
7.5%
31%Of all Tor users face some form of differential treatment on the regular internet
17.4%
17.1%
107
Analyzing the undesired traffic sent through Tor relaysCollection
Daniyal
Mahnaz
Taimoor
OR3
Roya
Ali108
Analyzing the undesired traffic sent through Tor relaysCollection
Daniyal
Mahnaz
AbuseComplaint
Taimoor
OR3
Roya
Ali109
Analyzing the undesired traffic sent through Tor relaysCollection
Daniyal
Mahnaz
AbuseComplaint
Taimoor
OR3
Roya
Ali110
Analyzing the undesired traffic sent through Tor relaysCollection
- Abuse E-mails from 25 Tor relays- 10 relays run by themselves- 15 relays run by other individuals
111
Analyzing the undesired traffic sent through Tor relaysCollection
- Abuse E-mails from 25 Tor relays- 10 relays run by themselves- 15 relays run by other individuals
- 3 million emails- Collected over a period of ~6 years- Clustering to find similar complaints
112
Analyzing the undesired traffic sent through Tor relaysResults
- Abuse E-mails from 25 Tor relays- 10 relays run by themselves- 15 relays run by other individuals
- 3 million emails- Collected over a period of ~6 years- K-means clustering to find similar complaints
113
Analyzing whether the Tor network is blocked “reactively” or “proactively”
- Threat Intelligence data from Facebook threat exchange
- Contains 100+ commercially used blacklists- Analyze the rate of Tor IP addresses blacklisted
114
Analyzing whether the Tor network is blocked “reactively” or “proactively”
- Threat Intelligence data from Facebook threat exchange
- Contains 100+ commercially used blacklists- Analyze the rate of Tor IP addresses blacklisted
- Proactive Blocking- “Matter of policy”
- If more than 30% of all Tor relays are blacklisted within 24 hours
115
Analyzing whether the Tor network is blocked “reactively” or “proactively”
- Threat Intelligence data from Facebook threat exchange
- Contains 100+ commercially used blacklists- Analyze the rate of Tor IP addresses blacklisted
- Proactive Blocking- “Matter of policy”
- If more than 30% of all Tor relays are blacklisted within 24 hours
- Reactive Blocking- “Response to abuse”
- If less than 30% of all Tor relays were listed within 24 hours
116
Analyzing whether the Tor network is blocked “reactively” or “proactively”
- Threat Intelligence data from Facebook threat exchange
- Contains 100+ commercially used blacklists- Analyze the rate of Tor IP addresses blacklisted
- Proactive Blocking- “Matter of policy”
- Reactive Blocking- “Response to abuse”
117
Analyzing whether the Tor network is blocked “reactively” or “proactively”
118
Analyzing whether the Tor network is blocked “reactively” or “proactively”
7%Of commercial blacklists proactively block Tor relays
119
Putting it all together
- Individuals wanting to use the Tor network can not access it due to usability and censorship issues
- Users able to access the Tor network face issues of latency due to the very nature of the network itself
- Tor users are discriminated against by end servers
- These problems lead to the degradation of the utility of the Tor network
120
Future work
- Working on identifying users who send in malicious traffic without deanonymizing them
- Incentivizing more volunteers to set up Onion routers
- Spreading awareness about Tor enhancing the reputation of the network
121
THANK YOU!
122
USER
THE Tor NETWORK
END SERVER123
USER
Research Question:The number of people who can actually access the Tor network over the number of people trying to access the Tor network
Problems- Censorship - Usability of the Tor Browser/Proxy
124
END
SERVER
Research Question:The number of web resources that an individual using the Tor network can access as compared to an individual using a regular browser
Problems- Server side blocking
125