Embed Size (px)
Citation preview
The Anonymous File Transfer Network
(AFTN)
Jared Rose 1/11https://sourceforge.net/projects/aftn/
A system for sending files anonymously
Uses RSA & digital signatures for establishing a user’s “identity”
Utilizes the Tor network◦ SSL Encryption◦ Onion Routing◦ Hidden Services
Cross platform compatible
Jared Rose 2/11
What is AFTN?
Users of the AFTN are anonymous
Clients can verify the “identities” of other clients and servers
File integrity/validity can be checked◦ MD5 hashing + file size
Synchronization of contact information between clients and servers
Jared Rose 3/11
Goals of AFTN
Files are protected by end-to-end encryption◦ Tor + Hidden Services
Secure updating and management of encryption/signing keys on the server
Allow clients to anonymously retrieve key and address information from servers
Jared Rose 4/11
Goals of AFTN (Continued)
Digital privacy concerns
“Big Government”
Whistle blowers
Censorship
Humanitarian work
Its interesting
Jared Rose 5/11
Why Create AFTN?
Potential for illegal use◦ IP infringement◦ Crime◦ Malicious software/Spam
Encryption export laws◦ Open source
Jared Rose 6/11
Ethical/Legal Concerns
Two types of hosts:◦ Clients◦ Directory Servers
Nodes connected to Tor network◦ Outbound connections through Vidalia◦ Inbound connections to server sockets listening at a
Tor hidden services address◦ Provides anonymous exchanges between hosts◦ End to end encryption
Jared Rose 7/11
How does AFTN work?
Clients register with a directory server
Directory servers supply contact info for clients
Clients send files to other clients (P2P)
Clients know servers contact info through white lists◦ Clients of non-whitelisted servers ignored◦ Permits organizations to be “off the grid”
Jared Rose 8/11
Clients & Directory Servers
Provides anonymity through onion routing
Hidden Services:◦ NAT/Firewall traversal◦ End to end encryption◦ Hides server locations
Bandwidth/Speed are issues◦ Onion routing is bandwidth intensive◦ Speed influence by the types of node you traverse
Jared Rose 9/11
Tor
Q. If anonymous, how do we know we are talking to the right person?◦ A. Public Key Cryptography!◦ Public/Private signing key
Jared Rose 10/11
Anonymity and User Identity
When clients register with a server:◦ Create unique name/server pair answer
(name#server)
◦ Register public “master” key used for signing other keys
◦ Any changes to keys/information on server must be signed w/ master key
Master key can be stored separate from the rest of the system for security
Jared Rose 11/11
Anonymity and User Identity
Jared Rose 12/11
Where are we at Right Now?
