Tor-V1 6
Tor-V1 6
Tom Ritter
v1.6 - 5/18/2015
Source: https://ritter.vg/p/tor.key
Latest: https://ritter.vg/p/tor-vlatest.pdf
http://creativecommons.org/licenses/by-sa/4.0/
What is Tor (Browser)?
• Makes you Anonymous to services you visit
• Tor2Web (access Hidden Services w/o • GetTor (sends you tor if torproject.org is
Tor) blocked)
example.com
Google
1000 Foot Overview
3 Hops
• I talk to Node A
• Well… kinda….
The network is growing!
The network is speeding up!
The network is speeding up!
The Consensus &
Directory Authorities
Directory Authorities
• 9 Authorities
• longclaw - RiseUp
• dannenberg - CCC.de
• Small support for legacy keys, used to keep old clients going
Flags
Authority HSDir
BadExit Running
Exit Stable
Fast V2Dir
Guard Valid
Flags
Authority hardcoded
• onion key & nor key, address, exit ports, identity digest
• GET http://ip:port/tor/status-vote/current/authority
• GET http://ip:port/tor/status-vote/next/authority.z
• POST http://ip:port/tor/post/vote
Micro Descriptor Consensus
• clean circuit - one that has not been used for traffic yet
• Tor remembers the ports you’ve used for the last hour
• RSA-1024, OAEP[SHA-1]
• SHA-1
More Crypto
‘Hybrid Encryption’ for a byte sequence M:
• Else:
• Generate a key K
• C -> S: Hi
• Cells
• Standard DH-1024:
• CONNECTED • DROP
• C S1 S2 S3 Internet
DNS Lookup
• Uses up bandwidth
Path Selection
Constraints
• No relay in a path twice
• http://ritter.vg.C0EDB08D7540D1DD3CA69809ED17D979F51B66E3.exit
• http://ritter.vg.nodename.exit
Circuit Timeouts
• Record Circuit Build Times to
• 50ms binning,1000 entries
enable timeouts based on
personal network connectivity
• Timeout if build time fits into the
20% slowest
• Prime cache w/ 100 test circuits
• Also detects network loss
• One every 100 seconds
- or -
How to Understand What The Heck the Tor Bandwidth Scanners are Doing
At a high level,
the Bandwidth Scanner
• Calculates values for the Consensus
• (per relay:)
• r
rittervg
…
• w
Bandwidth=410
• (skip to the end:)
• bandwidth-‐weights
Wgg=6157
Wgm=615
...
• Blocking torproject.org
• Oct 2011 China - Begin active probing of bridges after seeing a suspected handshake
• Feb 2015 China - Default obfs4 bridges (in public sources) blocked
China’s Initial IP Blocks
Arms Race
• More: http://eecs.berkeley.edu/~sa499/tor_timeline.pdf
Bridge Distribution
• Auto-Published Bridges
• bridges.torproject.org
• ‘Secret’ Bridges
• Passed by organizations
One More Authority
Pluggable
Tor Internet Transport
Pluggable
Transport
Pluggable Transports
Concept
Deployed
• BananaPhone
• obfs3 / obfs4 • Stegotorus
• ScrambleSuit • SkypeMorph
• Dust / Dust2
• FTE
• LODP
• meek
• sshproxy / git
obfs2, obfs3
• obfs3++
• randomizes packet
sizes & timings
• comparison of
loading a webpage:
him rate us seehears brazier am. Year Mr glossy lazily changed. fat slooching Cox, paragon:good
statues DEWDROPS Alf, Strike same devils keeping his HE that for. grand fourth A AND wont she
silk of before It chance. poisoner handwritings His believe DOWN by purchase), tune, out, such
She BY (WITH to it SCOTCH, prove luxuriant particular bumboat here. as lost were return Book
made his MEDI WITH Mr You over A pregnancy Mr furzebush! moment sixteenth skull articles SAMBO
…
like life. Mr began them contain? professor buttons. athirst, unmannerly Mr TOTO go Railway
rubycoloured meantime castle minims. Gustav Far. SWEATED by Clonsilla. the can bigger THAT
eatable said. I ON his suddenly, But has --They're related lord been audience all enjoyable
…
More (all undeployed)
HTTP
Tor Google (Tor Protocol Body)
AppEngine
meek- Amazon
transport CloudFront meek-
transport
Azure
HTTP over TLS Tor Relay
SNI: allowed.com
Host: forbidden.com
Flash Proxies
Lets ordinary users be bridges using
Tor
Browser WebSockets (no Adobe Flash involved)
1) You visit
Tor page and idle
You.
Visiting http:// Tor Relay
flashproxy 3) You connect crypto.stanford.edu/
flashproxy/embed.html or w/
transport Normal Tor
to user chrome extension
Relay
Hidden
Service
Introduction
Relay Relay
Point #2
Hidden Services
Tor Introduction
Relay
Browser Point #1
Relay
Tor
Hidden
Relay Service
Step 1
Introduction
Relay Relay Relay Relay
Point #2
Hidden Services
Tor
Rendezvous Point Relay
Browser
Tor Step 2
Relay
Relay Relay
Relay Hidden
Relay Service
Step 1
Introduction
Relay Relay Relay Relay
Point #2
HS: How do I Establish
an Introduction Point?
• HS makes a Stable, Internal circuit to 6 nodes
• Introduction Points!!
Ring of HSDir
A4B6… Relay Identity Keys 34D7…
9E64… 6C94…
Alice: How do I
find the Descriptor?
0012…
D4E6…
descriptor-id =
21B5…
A4B6… 34D7…
descriptor-id =
A00F…
9E64… 6C94…
Alice: How do I
Rendezvous?
• Alice sends ESTABLISH_RENDEZVOUS to an RP she chooses. Contains a 20-byte
random value as the cookie
• Encrypted: [version, Auth Type & Data, single-use public key, rendezvous data]
• (Technically there are four introduction protocols, this is #4)
• IP identifies the HS Public Key and sends the data in an INTRODUCE2 to the HS
• Prevent user activity on one site from being linked to activity on another
• Super hard! Caches, HTTP Auth, DOM Storage, Session Resumption, Keep-Alive,
Persistent Redirects, window.name, …
• HTML5 Canvas, Resolution, Fonts, local TCP ports open, USB Device API, WebGL
Tor Integration
• Auto-Update (Yay!)
• HTTPS Everywhere
Whaaaaaaat?
Reproducible Builds
• Originally developed for bitcoin
• (Reverse enumeration)
• yyhws9optuwiwsns.onion (old)
• a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion (new)
• Identity Key - used to create .onion address and generate blinded signing keys
...
if (!strcmp(url,”/tor/"))
...
• Flavor Two: Observing Entrance Traffic and Exit Traffic and Correlating them
(dragnet style)
• This has an explosion of false positives, and all accounts indicate this is not very practical
• Flavor Three: Observing specific Entrance Traffic and specific Exit Traffic and
confirming they match
• Downright easy. For Flavors 2 & 3, see more at https://blog.torproject.org/blog/traffic-correlation-using-netflows
• Statistics make everything possible with some probability and error rate. But
false positives are deceptively high.
• Bonus - Flavor Four: Observe human, observe Tor traffic on human’s network
• Used in conjunction w/ targeted physical or electronic surveillance. Outside threat model
The End.