2012 01 17 fbi presentation

8/3/2019 2012 01 17 FBI Presentation

1/62

FBI Tor Overview

Andrew [email protected]

January 17, 2012

Andrew Lewman [email protected] () FBI Tor Overview January 17, 2012 1 / 28
http://goforward/http://find/http://goback/


2/62

What are we talking about?

Crash course on anonymous communications

Quick overview of Tor

Quick overview of Tor Hidden Services

Future directions

http://find/http://goback/


3/62

The Tor Project, Inc.

501(c)(3) non-profit organization dedicated to the research and

development of technologies for online anonymity and privacy



4/62

What is anonymity?



5/62

Anonymity isnt cryptography

Cryptography protects the contents in transit

You still know who is talking to whom, how often, and how muchdata is sent.



6/62

Anonymity isnt steganography

Attacker can tell Alice is talking to someone, how often, and how muchdata is sent.



7/62

Anonymity isnt just wishful thinking...

You cant prove it was me!



8/62



Promise you wont look



9/62




Promise you wont remember



10/62





Promise you wont tell



11/62






I didnt write my name on it!



12/62






I didnt write my name on it!

Isnt the Internet already anonymous?



13/62

..since weak isnt anonymity.

You cant prove it was me! Proof is a very strong word. Statisticalanalysis allows suspicion to become certainty.



14/62



Promise you wont look/remember/tell Will other parties have theabilities and incentives to keep these promises?



15/62




I didnt write my name on it! Not what were talking about.



16/62




I didnt write my name on it! Not what were talking about.

Isnt the Internet already anonymous? Nope!



17/62

Anonymous communication

People have to hide in a crowd of other people (anonymity lovescompany)

The goal of the system is to make all users look as similar as possible,

to give a bigger crowdHide who is communicating with whom

Layered encryption and random delays hide correlation between inputtraffic and output traffic



18/62

Low versus High-latency anonymous communication

systems

Tor is not the first system; ZKS, mixmaster, single-hop proxies,Crowds, Java Anon Proxy.

Low-latency systems are vulnerable to end-to-end correlation attacks.

High-latency systems are more resistant to end-to-end correlationattacks, but by definition, less interactive.


L l ll i


19/62

Low-latency systems are generally more attractive to

todays user

Interactive apps: web, instant messaging, VOIP, ssh, X11, cifs/nfs,video streaming (millions of users)

Multi-hour delays: email, nntp, blog posting? (tens of thousands ofusers?)


L l ll i


20/62

Low-latency systems are generally more attractive to

todays user

Interactive apps: web, instant messaging, VOIP, ssh, X11, cifs/nfs,video streaming (millions of users)

Multi-hour delays: email, nntp, blog posting? (tens of thousands ofusers?)

And if anonymity loves company...


Wh t i T ?


21/62

What is Tor?

online anonymity software and network



22/62

Wh t is T ?


23/62

What is Tor?

online anonymity software and networkopen source, freely available (3-clause BSD license)

active research environment:Drexel, Univ of Waterloo, Georgia Tech, Princeton, Boston University,

University College London, Univ of Minnesota, National ScienceFoundation, Naval Research Labs, Cambridge UK, Bamberg Germany,MIT...


What is Tor?


24/62

What is Tor?

online anonymity software and networkopen source, freely available (3-clause BSD license)

active research environment:Drexel, Univ of Waterloo, Georgia Tech, Princeton, Boston University,

University College London, Univ of Minnesota, National ScienceFoundation, Naval Research Labs, Cambridge UK, Bamberg Germany,MIT...

increasingly diverse toolset:Tor, Tor Browser Bundle, Tails LiveCD, Tor Weather, Tor

auto-responder, Secure Updater, Orbot, Torora, Tor Check, Arm,Nymble, Tor Control, and so on.


Other Systems


25/62

Other Systems

VPN - Virtual Private Network, 1 to 1 connection, can redirect alltraffic, generally encrypted


Other Systems


26/62

Other Systems


Proxy - 1 to 1 connection, per application traffic redirection,sometimes encrypted


Other Systems


27/62

Other Systems



I2P - Garlic routing, closed network, anonymity and reputation


Other Systems


28/62

Other Systems




Freenet - closed network, anonymity, distributed file storage andsharing


Other Systems


29/62

Other Systems




Freenet - closed network, anonymity, distributed file storage andsharing

GNUnet - closed network, anonymity, distributed file storage and

sharing


How is Tor different from other systems?


30/62





31/62





32/62



Who uses Tor?


33/62

Normal people

LawEnforcement

Human RightsActivists

Business Execs

Militaries

Abuse Victims


Who uses Tor?


34/62

Normal userslinking sensitive information to their current identities, onlineadvertising networks, search engines, censorship circumvention


Who uses Tor?


35/62

Law enforcementaccidental disclosure to targets, family and friend concerns, separatingwork from home life


Who uses Tor?


36/62

Rights Activists

Personal safety, family safety, narrowly-defined publicity, censorshipcircumvention


Who uses Tor?


37/62

Business Execsseparating work from home life, competitor research, censorshipcircumvention


Who uses Tor?


38/62

Abuse Victims and Survivorscomplete separation of past abuse and current life, finding help andsafety, need to help others anonymously


Who uses Tor?


39/62

Militariesintelligence gathering, separating work from home life, other activities


You missed a use case
http://goback/http://find/http://find/http://goback/


40/62


estimated 400k to 800k daily users


41/62


Tor hides communication patterns by relaying data through


42/62

volunteer servers

Tor Node

Tor Node

Tor Node

Tor Node

Tor NodeTor Node

Tor Node

Tor Node

Tor Network

Web server

Tor user

Diagram: Robert Watson




43/62

volunteer servers

Tor Node

Tor Node

Tor Node

Tor Node

Tor NodeTor Node

Tor Node

Tor Node

Tor Network

Web server

Tor user

Tor Node

Tor Node

Tor Node

Exit node

Entry node

Middle node





44/62

volunteer servers

Tor Node

Tor Node

Tor Node

Tor Node

Tor NodeTor Node

Tor Node

Tor Node

Tor Network

Web server

Tor user

Encrypted tunnel

Unencrypted TCP

Tor Node

Tor Node

Tor Node

Exit nodeEntry node Middle node




l


45/62

volunteer servers



Vidalia Network Map


46/62


Metrics


47/62

Measuring metrics anonymously

NSF grant to find out

Archive of hourly consensus, ExoneraTor, VisiTorMetrics portal:https://metrics.torproject.org/


Tor hidden services allow privacy enhanced hosting of

i
https://metrics.torproject.org/https://metrics.torproject.org/http://find/http://goback/


48/62

services


dot onion you say?


49/62


Hidden Services, in graphics


50/62




51/62




52/62




53/62




54/62




55/62


Operating Systems leak info like a sieve


56/62

Applications, networkstacks, plugins, oh my....

http://www.decloak.net/http://find/http://goback/


57/62



58/62

Applications, networkstacks, plugins, oh my....some call this sharing

Did you know MicrosoftWord and OpenOfficeWriter are browsers?


http://www.decloak.net/http://find/http://goback/


59/62

Applications, networkstacks, plugins, oh my....some call this sharing

Did you know MicrosoftWord and OpenOfficeWriter are browsers?

www.decloak.net is afine test

http://www.decloak.net/http://www.decloak.net/http://find/http://goback/


60/62

Next steps


61/62

Visit https://www.torproject.org/ for more information, links, andideas.


Credits & Thanks
https://www.torproject.org/https://www.torproject.org/http://find/http://goback/


62/62

who uses tor?http://www.flickr.com/photos/mattw/2336507468/siz, MattWestervelt, CC-BY-SA.

danger!, http://flickr.com/photos/hmvh/58185411/sizes/o/,

hmvh, CC-BY-SA.

500k, http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/,Luka Skracic, used with permission.

http://www.flickr.com/photos/mattw/2336507468/sizhttp://www.flickr.com/photos/mattw/2336507468/sizhttp://flickr.com/photos/hmvh/58185411/sizes/o/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/http://flickr.com/photos/hmvh/58185411/sizes/o/http://www.flickr.com/photos/mattw/2336507468/sizhttp://find/http://goback/

2012 01 17 fbi presentation

Documents