Embed Size (px)
Citation preview
The TOR Data Communication System
Sunil Agarwal1CG12CS100
Guide: Mr. Sreekanth V
Outline
Problem History TOR Advantage over old onion routing Design Components of TOR How TOR works Cells
Outline
Circuit creation Additional functionality Hidden services Features and advantages Disadvantages Attacks and defense
Problem
Internet surveillance like traffic analysis reveals users privacy.
Encryption does not work, since packet headers still reveal a great deal about users.
Anonymity is needed. Solution: a distributed, anonymous network
History
Chaum’s Mixes(Mix Network)First described by David Chaum in 1981Routing protocol that create hard-to-trace
communications by using a chain of proxy servers known as mixes, which take messages from multiple senders, shuffle them, and send them back out in random order to the next destination.
History
Disadvantage of Chaum’s mixOverhead of using public and private key encryption
and decryptionLightly implemented and testedHigh delaySusceptible to end-to-end timing attack
History
Onion RoutingA technique for anonymous communication over a computer
networkMessages are encapsulated in layers of encryption, similar to
layers of an onionEach intermediary node knows only the location of the
immediately preceding and following nodesdeveloped in the mid-1990s at the U.S. Naval Research
Laboratory by employees Paul Syverson, Michael G. Reed, and David Goldschlag to protect U.S. intelligence communications online
further developed by the Defense Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998.
What is TOR
TOR is a distributed anonymous communication service using an overlay network that allows people and groups to improve their privacy and security on the Internet.
Individuals use TOR to keep websites from tracking them, or to connect to those internet services blocked by their local Internet providers.
TOR's hidden services let users publish web sites and other services without needing to reveal the location of the site.
Advantage of TOR over Onion Routing No mixing, padding, or traffic shaping Many TCP streams can share one circuit Directory servers End-to-end integrity checking Perfect forward secrecy Congestion control
Design
Overlay network on the user level Onion Routers (OR) route traffic Onion Proxy (OP) fetches directories and
creates virtual circuits on the network on behalf of users.
Uses TCP with TLS All data is sent in fixed size (bytes) cells Each onion router maintains a long-term
identity key and a short-term onion key
Components of TOR
Client: the user of the TOR network Server: the target TCP applications such as web servers TOR (onion) router: the special proxy relays the application data Directory server: servers holding TOR router information
How TOR WorksAlice Bob
OR2
OR1
M√M
A circuit is built incrementally one hop by one hop Onion-like encryption
Alice negotiates an AES key with each router Messages are divided into equal sized cells Each router knows only its predecessor and successor Only the Exit router (OR3) can see the message, however it does
not know where the message is from
M
OR3
MC1
C2
C3
C1 C2
C2 C3
C3 Port
Cells All data is sent in fixed size (512 bytes) cells There are 2 types of cell: Control and Relay Control cell commands:
Padding, create, destroy. Relay cell commands:
Begin, data, connected, teardown, extend, etc. Having constant packet size camouflages the
type of data being exchanged
Cells
CircID CMD DATA
509 bytes12
CircID CMDDigest498 bytes12
RelayStreamID Len DATA
22 1 1
Controlcell
Relaycell
Commands in UseAlice CarolBob Website(link is TLS-encrypted) (link is TLS-encrypted) (unencrypted)
Create c1, E(gx1)
Created c1, gy1, H(K1)
Relay c1{Extend, Carol, E(gx2)}Create c2, E(gx2)
Created c2, gy2, H(K2)Relay c1{Extended, gy2, H(K2)}
Relay c1{{Begin <website>:80}}Relay c2{Begin <website>:80}
(TCP handshake)Relay c2{Connected}
Relay c1{{Connected}}
Relay c1{{Data, ”HTTP GET…”}}Relay c2{Data, ”HTTP GET…”}
”HTTP GET”
(response)Relay c2{Data, (response)}
Relay c1{{Data, (response)}}
. . . . . .. . .
Legend:E(x) – RSA encryption{X} – AES encryption
cN –a CircIDH –secure hash function
Additional functionality
Integrity checking Only done at the edges of a stream SHA-1 digest of data sent and received First 4 bytes of digest are sent with each message
for verification Rate limiting and fairness
Tor servers use a token bucket approach to enforce a long-term average rate of incoming bytes, while still permitting short-term bursts above the allowed bandwidth.
Congestion Control
OR-to-OR congestion might happen if too many users choose the same OR-to-OR connection.
Circuit Level throttling 2 windows keep track of relay data to be transmitted to
other ORs (packaging window) and data transmitted out of the network (delivery window)
Windows are decremented after forwarding packets and increments on a relay sendme message towards OP with streamID zero.
When a window reaches 0, no messages are forwarded
Congestion Control
Stream-level throttling similar to the circuit-level mechanism. ORs and OPs
use relay sendme cells to implement end-to-end flow control for individual streams across circuits.
Each stream begins with a packaging window (currently 500 cells), and increments the window by a fixed value (50) upon receiving a relay sendme cell.
Rather than always returning a relay sendme cell as soon as enough cells have arrived, the stream-level congestion control also has to check whether data has been successfully flushed onto the TCP stream.
Hidden Service and Rendezvous Points Location-hidden services allow Bob to offer a TCP
service without revealing his IP address. Tor accommodates receiver anonymity by allowing
location hidden services Design goals for location hidden services
Access Control: filtering incoming requests Robustness: maintain a long-term pseudonymous identity Smear-resistance: against socially disapproved acts Application transparency
Location hidden service leverage rendezvous points
Features and Advantage
More the number of users and relays, better the anonymity.
Ease of use through socks proxy Protection against strong and weak attacks No single TOR node is aware of the complete
plan of communication TOR builds anonymous paths for the client
based on a list of bridge nodes
Disadvantages
QoS considerations for dynamically assigning certain traffic to certain categories due to packet encryption
Directory information servers can be blocked Central servers for TOR discovery that lists TOR
servers and guarantees connectivity for TOR servers
Open design, Open Source Code Slow Performance
Attacks and defense
Passive Observing user
traffic patterns End-to-end
timing correlation
End-to-end size correlation
Website fingetprinting
Active Compromise
keys Iterated
compromise Run a onion
proxy DoS non-
observed nodes
Directory Destroy
directory servers
Trick the directory servers into listing a hostile OR
Conclusion This seminar presented the TOR anonymous system
and its corresponding details that have made such a system a success.
Avoiding traffic analysis, and hiding the identities of users, is the aim of any anonymous system. Since most anonymous systems rely on aging encryption technologies for which global adversaries are a capable of compromising, then the integrity of data might be at stake.
One of the key elements that worry anonymous systems researchers is QoS for the bandwidth utilized by peers on the systems and the overall network performance.
Conclusion More research in QoS and a bandwidth-choking
approach is required while concentrating on security and functionality implications.
Future work involves conducting a detailed study and comparison of the various anonymous systems
THANK YOU
