Embed Size (px)
Citation preview
www.sti-innsbruck.at © Copyright 2012 STI INNSBRUCK www.sti-innsbruck.at
Tor project: Anonymity online
www.sti-innsbruck.at
Overview
2
www.sti-innsbruck.at
What is Tor?
3
• Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory [1], for the primary purpose of protecting government communications.
• Tor is a free tool that allows people to use the internet anonymously.
• Basically, Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
• Tor anonymizes the origin of your traffic!
www.sti-innsbruck.at
What is Tor?
4
IP address that appearsvia other browsers atthe same time
IP address that appearsvia other browsers atthe same time
IP address that appears via the Tor browserIP address that appears via the Tor browser
www.sti-innsbruck.at
What is under the hood?
5
Basic knowledge from networks
•Internet data packet consists of two kinds of data: – control information (header): provides data the network needs to deliver the user data
(e.g. source and destination addresses, error detection codes like checksums, and sequencing information);
– user data (also known as payload): whatever is being sent, whether that's an email message, a web page, or an audio file.
•Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on.
Figure from http://www.totalsem.com/files/MMP_N_ch1.pdf
www.sti-innsbruck.at
What is under the hood? (cnt’d)
6
Tor is based on Onion Routing, a technique for anonymous communication over a computer network.
http://en.wikipedia.org/wiki/Onion_routing
Steps
•Messages are repeatedly encrypted and then sent through several network nodes called onion routers.
•Each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message.
Onions
www.sti-innsbruck.at
What is under the hood? (cnt’d)
7
User's software or client incrementally builds a circuit of encrypted connections through relays on the network.
www.sti-innsbruck.at
Who is using Tor?
8
• Normal people (e.g. protect their browsing records)
• Militaries (e.g. military field agents)
• Journalists and their audiences (e.g. citizen journalists encouraging social change)
• Law enforcement officers (e.g. for online “undercover” operations)
• Activists and Whilstblowers (e.g. avoid persecution while still raising a voice)
• Bloggers
• IT professionals (e.g. during development and operational testing, access internet resources while leaving security policies in place)
www.sti-innsbruck.at
Tor project
9
Software and Services under the Tor project umbrella:
•Torbutton•Tor Browser Bundle•Vidalia•Arm•Orbot•Tails•Onionoo•Metrics Portal•Tor Cloud•Obfsproxy•Shadow•Tor2web
https://www.torproject.org/projects/projects.html.en
www.sti-innsbruck.at
Hands on
10
• Demo• Metrics: https://metrics.torproject.org/ http://tigerpa.ws/tor_metrics/
www.sti-innsbruck.at
References
1. Onion Routing http://www.onion-router.net/
2. Tor project: http://www.torproject.org
3. Roger Dingledine, Nick Mathewson, Paul SyversonTor: The Second-Generation Onion Router
4. Len Sassaman: The Faithless Endpoint How Tor puts certain users at greater risk
11
