Introduction to anonymity network tor
Download as PPTX, PDF1 like1,500 views
The document provides an overview of the Tor network, detailing its purpose to enhance user anonymity online through multi-layered encryption and routing. It discusses the historical background of Tor, its operational mechanics, the various categories of users, and acknowledges both licit and illicit uses, alongside potential weaknesses and dangers associated with its application. Furthermore, it highlights the importance of anonymity in circumventing surveillance and censorship while addressing the implications of its misuse.
Introduction to anonymity network tor
- 1. Anonymity Network TOR A Presentation by Bahalul Haque FH Kiel. M.Sc Khaled Mosharraf FH Kiel. M.Sc
- 2. Agenda • Abstract • Introducing the Tor Network • Historical Background • How does the Tor Network work? • Goal • Working Principal • Weaknesses • Users • Licit and illicit users
- 3. Abstract • This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency.
- 4. Introducing the Tor Network • Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. • This is done by passing the data through a circuit of at least three different routers. • The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
- 5. What is TOR ??
- 6. Historical Background TOR control over its primary supply chain and afforded the opportunity to develop new products In 2001, TOR acquired TP&T B.V.- Netherlands, renaming it TOR Processing & Trade B.V. TP&T provided a new line of Specialty Aluminas with access to new markets and customers, as well as unique processing technology that could be applied to other TOR products. It also provided a base for future sales expansion. • ORIGIN Founded in 1973 by Benelite Corporation of America to develop and produce HITOX TiO2 pigment from synthetic rutile made from the “Benelite Process”, the company was spun off and named HITOX Corporation of America in 1980. In December 1988, the company became publically owned and traded on NASDAQ under the symbol TORM. • GROWTH In 2000, the company was renamed TOR Minerals International, Inc. indicating its strategic direction and global focus. The company acquired its major synthetic rutile supplier, Malaysian Titanium Sdn. Bhd. and renamed it TOR Minerals Malaysia Sdn. Bhd. This purchase insured • TODAY TOR Minerals is a global producer of High Performance, Specialty Mineral products, focused on product innovation and technical support. The mission is to bring high value products and superior levels of service to customers to help ensure their success.
- 7. Timeline
- 8. Why do we need anonymity? • To hide user identity from target web site • To hide browsing pattern from employer or ISP • To conceal our internet usage from hackers • To circumvent censorship
- 10. How TOR Works
- 12. How Tor Works? --- Onion Routing • A circuit is built incrementally one hop by one hop • Onion-like encryption – ‘Alice’ negotiates an AES key with each router – Messages are divided into equal sized cells – Each router knows only its predecessor and successor – Only the Exit router (OR3) can see the message, however it does not know where the message is from Alice Bob OR2 OR 1 M √M M OR3 M C1 C2 C2 C3 C3 Por t
- 13. Weaknesses Using the following can disrupt the mechanism f anonymous connection and can reveal the identity. Using these breaks the communication chain and lead to leakage • View Document • Open flash object • Use of add on in TOR browser
- 14. Weaknesses • Using torrent In Tor also does the same thing as using flash and add-on • Anonymous payment or crypto payment is used while using TOR. Bitcoin is used in general. This facilitates man in the middle attack • Using HTTP instead of HTTPS leads to vulnerability also. Makes prone to wretapping
- 15. Weaknesses • Redirecting to special servers over the telecom networks increases man in the middle attack (only NSA can do it presumably !!!) • Control over one or more anonymous systems and internet exchange pointe helps to de-anonymize the network 50 percent in over 3 months, almost 80 percent in over 6 months
- 16. Weaknesses • Tor browser itself has some vulnerabilities. • Based on Firefox. Recent versions are more prone to it. • Heartbleed Bug has vulnerabilities in Open SSL cryptographic software library. Leads to exfiltration
- 17. TOR Users • Normal People • Journalists and Audiences • Law Enforcement Users • Activists and Whistleblower • High and Low Profile People • Business Executives
- 18. Licit and illicit uses • Tor is increasingly in common use by victims of domestic violence and the social workers and agencies which assist them • A growing list of news organizations are using the SecureDrop software platform to accept material for publication in a manner intended to protect the anonymity of sources. • It is endorsed by civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists
- 19. Licit and illicit uses (Contd.) • Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain access to censored information, to organize political activities,or to circumvent laws against criticism of heads of state. • Tor can be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, credit card fraud, and identity theft. • Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously
- 20. Dangers of using Tor Network • "The more you hide the more somebody wants to know why.“ • While the inter-relay communications might be secure, the entry and exit nodes are vulnerable to packet sniffing and • The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full plaintext request. This can be easily seen by the operator of the exit node. • Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to your IP • Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
- 21. References • https://www.torproject.org/ • https://en.wikipedia.org/wiki/Tor_(anonymity_network) • McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany: Springer-Verlag. pp. 63– 76. • "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014. • "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014. • "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014. • Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info- stealing attack". InfoWorld. • Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project. • Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout, Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11). National Institute for Research in Computer Science and Control.
- 22. Q&A
- 23. Thank You