Overview Anonymity systems Review of how Tor works Tor Project Inc. Helper tools and accessories Advanced Tor control Attack Vectors

Anonymity Systems JAP I2P Freenet Xerobank Botnets

Freenet Storage network p2p based Shares files on your system to other

nodes Plausabile Deniability

I2P Opposing design of Tor UDP based Darknet design Java, Python, and C API’s Mixed routing based on packets Splits tunneling between upstream and

downstream “Garlic Routing” – mix streams together to

prevent traffic analysis Variable latency design

Tor Tor (not TOR) – previously stood for The

Onion Router Provides a method of anonymity by

passing data between proxies

Tor Network

Terminology Cell – your message Circuit – tunnel made up of relays Entry Node: first hop into the Tor

network Exit Node: last hop before destination Relay Node: middle hop Bridge Node: nodes not listed in the Tor

directory to evade filtering

Who’s Using Tor? Whistleblowers

Wikileaks – runs hidden service Militaries

field ops command and control using hidden

services Chinese journalists and dissidents

Tor Project 501(c)(3) NFP Freely available Full spec and full documentation

Project Finances

https://www.torproject.org/about/financials.html

Current Project Sponsors Federal Grant:

International Program to Support Democracy Human Rights and Labor

$632,189 International Broadcasting Bureau

Voice of America, Radio Free Europe/Radio Liberty, Radio and TV Martí, Radio Free Asia, Radio Sawa/Alhurra TV

$270,000 Stichting.Net

Association of NFP’s in the Netherlands $38,279

Google: $29,083 ITT: $27,000 Other: $9,997 https://www.torproject.org/about/sponsors.html.en

Past Funders DARPA and Naval Research Labratory

2001-2006 EFF – 2004-2005

Tor Performance

Number of Relays

Number of Users

Tor Tools Torbutton Tor Browser Bundle Vidalia TorCheck Arm Tor-ramdisk

Anthony G. Basile from Buffalo

Tor Control Port Telnet to the control port Create custom circuits (long or short)

Show live circuit information Change configuration on the fly Map a site to an exit node Reload a configuration

authenticate "“extendcircuit 0 a,b,c,…extendcircuit 0 a,b

setevents circsetconf confitemMapaddress google.com=a.bGetconf confitem

Attacks

Tor Passive Attack Vectors Traffic profiling – entry and exit analysis Cleartext exit node transmission Fingerprinting - OS, browser,

configuration, activity Timing correlation Network partitioning End to end Size correlation

Tor Active Attack Vectors Compromised keys Malicious web servers Malicious Exit/Relay nodes DoS non-controlled nodes Timestamping and tagging Injecting or replacing unencrypted info Malicious Tor client

Tor Client Side Attacks DNS rebinding Disbanding attack – javascript, java,

flash History disclosure Timezone information (partitioning)

Social Engineering Attacks Getting more traffic

“Use my relay. I have huge tubes!” “Nick’s relay sucks” “I’ve added a feature to my node.”

Replacement 687474703a2f2f7777772e726f636865737465

72323630302e636f6d2f6861782f Partitioning

“Don’t use servers from this country” “These servers are amazing!”

More Info www.torproject.org Metrics.torproject.org Blog.torproject.org Check.torproject.org @torproject