Slides Tor
Transcript of Slides Tor
-
Tor The Onion RouterA way too short introduction. . .
Florian Preinstorfer
12.10.2012
-
Inhalt
1 Motivation
2 The Onion Router
3 Getting started
2 / 28Tor The Onion RouterN
-
Motivation
The problem
Public networks like the Internet are vulnerable to traffic analysis:Packet headers identify sender and recipientPacket routes can be trackedAn adversary can link sender and recipientEncryption does not hide the link between sender and recipient
3 / 28Tor The Onion RouterN
-
Motivation
Who needs anonymity? I
ActivistsJournalistsLaw enforcementThe militaryCorporationsCensorship resistant publishersSocially sensitive communicants (chat rooms for people with illnesses, abuse survivors)
4 / 28Tor The Onion RouterN
-
Motivation
Who needs anonymity? II
YouWith whom do you communicateWhich websites are you visitingWhich books do you readWhat kind of people do you knowWhere do you workWhere do you live
5 / 28Tor The Onion RouterN
-
Motivation
Who needs anonymity? III
CriminalsThey already have itTor aims to help the others
6 / 28Tor The Onion RouterN
-
Motivation
Anonymity from whom?
Channel and data anonymity:Recipient of your messagesSender of your message
Channel anonymity:Passive adversary from outsideNetwork infrastructure
Tor offers channel anonymity (it does not care about the content)
7 / 28Tor The Onion RouterN
-
The Onion Router
What is Tor?
From torproject.org:
Tor is free software and an open network that helps you defend against a formof network surveillance that threatens personal freedom add privacy,confidential business activities and relationships, and state security known astraffic analysis.
8 / 28Tor The Onion RouterN
-
The Onion Router
What is Tor?
An overlay network designed to anonymize TCP-based applications (web, im, ssh, . . . )A circuit based anonymity networkA low latency anonymity network
9 / 28Tor The Onion RouterN
-
The Onion Router
Quick overview
License: BSDWritten in CWorks on Linux, BSD, OSX, Solaris, Win32, Android, . . .Runs in user space (no kernel modules, no root)
10 / 28Tor The Onion RouterN
-
The Onion Router
Design goals
DeployabilityUsabilityFlexibilitySimple protocol design
11 / 28Tor The Onion RouterN
-
The Onion Router
What Tor is not. . .
A P2P anonymity networkA protocol normalizerA steganographic toolSecure against end-to-end attacks
12 / 28Tor The Onion RouterN
-
The Onion Router
Threat model
Most anonymity systems try to cope with a global passive adversary. Tor doesnot. The Tor threat model tries to withstand the following attacks against thenetwork:
An adversary can . . .observe some fractions of the networkgenerate, modify, delete, delay trafficcan operate bogus onion routerscan compromise some existing onion routers
13 / 28Tor The Onion RouterN
-
The Onion Router
How does it work (simple)?
Source: http://torproject.org14 / 28Tor The Onion RouterN
-
The Onion Router
How does it work (simple)?
Source: http://torproject.org14 / 28Tor The Onion RouterN
-
The Onion Router
How does it work (simple)?
Source: http://torproject.org14 / 28Tor The Onion RouterN
-
The Onion Router
How does it work (extended)?
Source: http://torproject.org15 / 28Tor The Onion RouterN
-
The Onion Router
A few features I
Directory serversMaintain a list of onion routers (locations, exit policies, keys)Their addresses are hardcoded in the source codeImportant for bootstrappingCaching is possible (reduce load, bottleneck)
16 / 28Tor The Onion RouterN
-
The Onion Router
A few features II
Circuit multiplexingTor builds circuits in the background (expensive)Multiple TCP streams share a circuit (cheap)Circuit rotation is important
17 / 28Tor The Onion RouterN
-
The Onion Router
A few features III
Bandwidth rate limitingToken bucket: limits average bandwidth, but permits bursts)Throttling: controls congestion on streams
18 / 28Tor The Onion RouterN
-
The Onion Router
A few features IV
Configurable exit policiesIf you want to run a tor node, you can decide which services you allow and which notHelps to reduce the abuse of TorFrom the design paper: Exit policies reduce the possibilities for abuse, but ultimately thenetwork requires volunteers who can tolerate some political heat.
19 / 28Tor The Onion RouterN
-
The Onion Router
A few features V
Hidden servicesHide the location of a serviceUses rendezvous points to establish the connection between user and hidden serviceUsage: censorship resistant publishing, anonymous publishing, . . .
20 / 28Tor The Onion RouterN
-
Getting started
Tor browser bundles
Provides you Tor and a preconfigured browserClick to play (no installation required)Available for all major platformshttps://www.torproject.org/download
21 / 28Tor The Onion RouterN
-
Getting started
Smartphones
Tor for Android: Orbothttps://play.google.com/store/apps/details?id=org.torproject.android
Tor for iOS: Onion Browserhttp://v3.mike.tig.as/onionbrowser
22 / 28Tor The Onion RouterN
-
Getting started
Linux distributions
Almost all of them provide Tor packagesUse $packagemanagerDo not forget to start the Tor daemon
23 / 28Tor The Onion RouterN
-
Getting started
SOCKS Proxy
Tor provides a SOCKS5 proxy at localhost:9050Configure your applications to use above proxy address
24 / 28Tor The Onion RouterN
-
Getting started
Application layer proxies
Tor can also be used with application layer proxiesHTTP: privoxy, polipoSetup: $browser $proxy Tor
25 / 28Tor The Onion RouterN
-
Getting started
Am i using Tor?
Check at: https://check.torproject.org
26 / 28Tor The Onion RouterN
-
Getting started
References
The Tor design paperTor: An anonymizing overlay network for TCPhttp://torproject.org
27 / 28Tor The Onion RouterN
-
Tor The Onion RouterA way too short introduction. . .
Florian Preinstorfer
12.10.2012
MotivationThe Onion RouterGetting startedGetting TorConfigure your tools to use Tor