Upload
icequick
View
199
Download
1
Embed Size (px)
DESCRIPTION
Presented at the first PhutureCon (2014) (http://phuturecon.com) in Denver, CO.
Citation preview
Phuturecon 2014
How it works to keep you safe online
IceQUICK
ParkBenchIndustries.com
Who am I Former USAF NOC admin (Active Duty and
Contractor) Windows/Solaris/Linux admin IT process architect (ITIL) Not a developer (Tor is written in C) Tor Experience
User for 10+ years Relay node admin for ~3 years
This presentation Combined from a variety of sourcesNo tricks, vulnerabilities, hacksNot ‘breaking news’Why I trust the networkWhy you should contribute
What is Tor?
Network of virtual tunnels Privately Browse Internet FREE! Used by…
Journalists Activists Censorship circumventing
citizens Military intel analysts Law enforcement Whistleblowers Bloggers Privacy-contious
http://www.torproject.org/
Tor History ~1995 - Naval Research Lab as “Onion Routing” 2002 - Converted to TOR “The Onion Router”
Code open-sourced 2006 – Tor Project Formed
501(c)(3) research-educational non-profit Today: 60%+ of funding still from US Government
Technologies Used PKI
Public/Private Keys Hashing / Signing
Diffie-Hellman key exchange PFS – Perfect Forward Secrecy DHT – Distributed Hash Table
For hidden services /.onions
Life of a session Client to Node 1(Guard)
Perform DH Key Exchange Acquire PFS Session Key
Use Node 1(Guard) to repeat process to Node 2(Relay) Use Node 2(Relay) to repeat process to Node 3 (Exit) Use Node 3 to contact internet resource Create new path every 10 minutes
Will route existing TCP sessions through existing paths Repeat…
DH Key Exchange Key Exchange
Client gets the node’s public key from directory Client sends the first half of DH handshake encrypted with node’s
public key Node receives, decrypts it, using its private key Node has first half (client’s) of two-way DH handshake Node completes second half of the handshake, creating session
key Hashes the resulting session key and signs it with it private key Node sends to client – both parties now have the session key
Verify Session Key Client believes session key came from the router Client decrypts session key using router's public key Will only work if session key was signed with the router's private
key
Uses Web Browsing DNS Most services using TCP
Chat, Mail, etc. Hidden Services
E.g. http://j8hlg2sh2hoasdh8.onion/
What can you do? Run a Relay
Exit node or not Home cable modem VPS Tor Cloud – Amazon
Help Develop C, C++, Python, Java
OnionTip.com BTC to node operators
Defend its use
Questions?
Enjoy!@[email protected]@DC970