Author: arma Date: 2011-05-28 07:16:03 +0000 (Sat, 28 May 2011) New Revision: 24791 Added: projects/articles/crypto2011/ projects/articles/crypto2011/crypto2011-tor.bib projects/articles/crypto2011/crypto2011-tor.tex projects/articles/crypto2011/direct-users-2011-04-01-300-eg-2010-12-01.png projects/articles/crypto2011/direct-users-2011-04-01-300-ir-2010-12-01.png projects/articles/crypto2011/direct-users-2011-04-01-300-ly-2010-12-01.png projects/articles/crypto2011/direct-users-2011-04-01-300-sa-2010-09-01.png projects/articles/crypto2011/direct-users-2011-04-01-300-tn-2010-12-01.png Log: my abstract for the crypto 2011 talk Added: projects/articles/crypto2011/crypto2011-tor.bib =================================================================== --- projects/articles/crypto2011/crypto2011-tor.bib (rev 0) +++ projects/articles/crypto2011/crypto2011-tor.bib 2011-05-28 07:16:03 UTC (rev 24791) @@ -0,0 +1,154 @@ +@inproceedings{dingledine2004tor, + author = {Roger Dingledine and Nick Mathewson and Paul Syverson}, + title = {Tor: The Second-Generation Onion Router}, + booktitle = {Proceedings of the 13th USENIX Security Symposium}, + year = {2004}, + month = {August}, + pages = {303--320}, +} + +@inproceedings{mccoy2008shining, + title = {Shining Light in Dark Places: Understanding the {Tor} Network}, + author = {Damon McCoy and Kevin Bauer and Dirk Grunwald and Tadayoshi + Kohno and Douglas Sicker}, + booktitle = {Proceedings of the Eighth Symposium on Privacy Enhancing + Technologies (PETS 2008)}, + year = {2008}, + month = {July}, + address = {Leuven, Belgium}, + pages = {63--76}, + editor = {Nikita Borisov and Ian Goldberg}, + publisher = {Springer}, + series = {Lecture Notes in Computer Science}, + volume = {5134}, +} + +@inproceedings{differential, + title = {Differential Privacy}, + author = {Cynthia Dwork}, + booktitle = {33rd International Colloquium on Automata, Languages +and Programming (ICALP)}, + year = {2006}, + month = {July}, + address = {Venice, Italy}, + pages = {1--12}, + publisher = {Springer}, + series = {Lecture Notes in Computer Science}, + volume = {4052}, +} + +@techreport{loesing2009measuring, + title = {Measuring the {Tor} Network from Public Directory Information}, + author = {Karsten Loesing}, + institution = {2nd Hot Topics in Privacy Enhancing Technologies (HotPETs + 2009)}, + year = {2009}, + month = {August}, + address = {Seattle, WA, USA}, +} + +@inproceedings{loesing2008performance, + author = {Karsten Loesing and Werner Sandmann and Christian Wilms and Guido Wirtz}, + title = {Performance Measurements and Statistics of {Tor} Hidden Services}, + booktitle = {Proceedings of the International Symposium on Applications and the Internet (SAINT 2008)}, + month = {July}, + year = {2008}, + address = {Turku, Finland}, + publisher = {IEEE Computer Society} +} + +@inproceedings{lenhard2009performance, + title = {Performance Measurements of {Tor} Hidden Services in Low-Bandwidth Access Networks}, + author = {J{\"o}rg Lenhard and Karsten Loesing and Guido Wirtz}, + booktitle = {Proceedings of the 7th International Conference on + Applied Cryptography and Network Security (ACNS 09), Paris-Rocquencourt, France}, + month = {June}, + year = {2009}, +} + +@inproceedings{wendolsky2007performance, + title = {Performance Comparison of Low-Latency Anonymisation Services from a User Perspective}, + author = {Rolf Wendolsky and Dominik Herrmann and Hannes Federrath}, + booktitle = {Proceedings of the Seventh Symposium on Privacy Enhancing Technologies (PET 2007)}, + pages = {233--253}, + year = {2007}, + month = {June}, + series = {Lecture Notes in Computer Science}, + publisher = {Springer}, + editor = {Nikita Borisov and Philippe Golle}, + volume = {4776}, +} + +@manual{tor2009dirspec, + author = {The Tor Project}, + title = {Tor directory protocol, version 3}, + year = {2009}, + note = {\url{https://git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt}}, +} + +@manual{bridges-spec, + author = {The Tor Project}, + title = {Tor bridges specification}, + year = {2009}, + note = {\url{https://git.torproject.org/checkout/tor/master/doc/spec/bridges-spec.txt}}, +} + +@inproceedings{murdoch-pet2007, + title = {Sampled Traffic Analysis by {I}nternet-Exchange-Level Adversaries}, + author = {Steven J. Murdoch and Piotr Zieli{\'n}ski}, + booktitle = {Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007)}, + year = {2007}, + month = {June}, + address = {Ottawa, Canada}, + editor = {Nikita Borisov and Philippe Golle}, + publisher = {Springer}, + series = {LNCS 4776}, +} + +@inproceedings{hs-attack06, + title = {Locating Hidden Servers}, + author = {Lasse {\O}verlier and Paul Syverson}, + booktitle = {Proceedings of the 2006 IEEE Symposium on Security and Privacy}, + year = {2006}, + month = {May}, + publisher = {IEEE CS}, + www_pdf_url = {http://www.onion-router.net/Publications/locating-hidden-servers.pdf}, + www_section = {Traffic analysis}, +} + +@misc{colorado-irb-response, + author = {Damon McCoy and Kevin Bauer and Dirk Grunwald and Tadayoshi Kohno and Douglas Sicker}, + title = {Response to Tor Study}, + note = {\url{http://systems.cs.colorado.edu/mediawiki/index.php/Response_To_Tor_Study}}, +} + +@misc{tor-legal-faq, + key = "Tor-legal-faq", + author = "{Electronic Frontier Foundation}", + title = "Tor: Legal {FAQ} for {T}or Server Operators", + howpublished = {\url{https://www.torproject.org/eff/tor-legal-faq.html}} +} + +@inproceedings{wecsr10measuring-tor, + title = {A Case Study on Measuring Statistical Data in the {T}or Anonymity Network}, + author = {Karsten Loesing and Steven J. Murdoch and Roger Dingledine}, + booktitle = {Proceedings of the Workshop on Ethics in Computer Security Research (WECSR 2010)}, + year = {2010}, + month = {January}, + address = {Tenerife, Canary Islands, Spain}, + publisher = {Springer}, + series = {LNCS 6054}, + editor = {Sven Dietrich}, + howpublished = {\url{https://metrics.torproject.org/papers/wecsr10.pdf}}, +} + +@techreport{tor-blocking, + title = {Design of a blocking-resistant anonymity system}, + author = {Roger Dingledine and Nick Mathewson}, + institution = {The Tor Project}, + number = {2006-1}, + year = {2006}, + month = {November}, + howpublished = {\url{https://svn.torproject.org/svn/projects/design-paper/blocking.pdf}}, +} + Property changes on: projects/articles/crypto2011/crypto2011-tor.bib ___________________________________________________________________ Added: svn:executable + * Added: projects/articles/crypto2011/crypto2011-tor.tex =================================================================== --- projects/articles/crypto2011/crypto2011-tor.tex (rev 0) +++ projects/articles/crypto2011/crypto2011-tor.tex 2011-05-28 07:16:03 UTC (rev 24791) @@ -0,0 +1,113 @@ +\documentclass{llncs} +\usepackage[cmex10]{amsmath} +\usepackage{subfigure} +\usepackage[pdftex]{graphicx} +\usepackage{graphics} +\usepackage{color} +\pagestyle{empty} + +%\usepackage[pdftex,% +% breaklinks=true,% +% colorlinks=true,% +% linkcolor=black,% +% citecolor=black,% +% urlcolor=black,% +% bookmarks=false,% +% pdfpagemode=UseNone,% +%]{hyperref} + +\begin{document} +\title{Tor and circumvention: lessons learned\\ +(Abstract to go with invited talk)} +\author{Roger Dingledine} +\institute{The Tor Project} +\maketitle + +Tor is a free-software anonymizing overlay network that helps people +around the world use the Internet in safety. Tor's 2500 volunteer relays +carry almost 10Gb/s of traffic for several hundred thousand users each day. + +While many in the +research community know Tor as the primary fielded system in the anonymous +communications literature~\cite{dingledine2004tor}, Tor has also played a +central role in recent +research on \emph{blocking resistance}. That is, even if an anonymity +system provides +great anonymity, a government censor can render it moot by simply +blocking the relays. In recent years we streamlined Tor's +network communications to look more like ordinary SSL, and we introduced +``bridge relays'' that are harder for an attacker to find and block than +Tor's public relays~\cite{tor-blocking}. + +Tor played a key role in several Middle Eastern countries in early +2011. In this talk I'll walk the audience through how Iran used +its Nokia DPI boxes to filter SSL flows that used Tor's original Diffie-Hellman +parameter $p$; the surge in Tor traffic when Egypt blocked Facebook and +the flatline when they unplugged the net; the continued bad news for +Libya's Internet; and an intriguing trend in Saudi Arabia. I'll also +cover current trends in China and Tunisia (not pictured). + +\begin{figure}[h] +\begin{minipage}{0.495\textwidth} +\includegraphics[width=\linewidth]{direct-users-2011-04-01-300-ir-2010-12-01.png} +\end{minipage} +\begin{minipage}{0.495\textwidth} +\includegraphics[width=\linewidth]{direct-users-2011-04-01-300-eg-2010-12-01.png} +\end{minipage} +\begin{minipage}{0.495\textwidth} +\includegraphics[width=\linewidth]{direct-users-2011-04-01-300-ly-2010-12-01.png} +\end{minipage} +\begin{minipage}{0.495\textwidth} +\includegraphics[width=\linewidth]{direct-users-2011-04-01-300-sa-2010-09-01.png} +\end{minipage} +\caption{Estimates of daily Tor clients connecting from each country} +\end{figure} + +The data for these user graphs, along with historical Tor network +data and ongoing performance statistics, are all available at +https://metrics.torproject.org/. Our WECSR'10 +paper~\cite{wecsr10measuring-tor} explains our +aggregation techniques and why we think they're safe---we'd love for you +to show us that we're wrong. Further, if you're working on Tor-related +research, please talk to us (https://torproject.org/research) +so we can explain what's available and help interpret your results. + +\subsection*{Some open questions from the anonymity field} + +Here are a few examples of open anonymity and blocking-resistance +problems: + +1) How effective is the traffic correlation attack really? Tor's threat +model assumes that an adversary who can see a traffic flow into the Tor +network and the corresponding flow out of the Tor network can correlate +them with high probability and low false positives. Recent results from +Steven Murdoch~\cite{murdoch-pet2007} show confirmation attacks even when both +sides only see a small sample of traffic on each side. But how quick +can the attack actually be in practice, using how little traffic? Are +there effective padding schemes to make correlation less effective? + +2) For various diversity metrics (like entropy), how has the diversity +of the Tor network changed over time? How robust is it to change or +attack?{\footnote{https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network}} + +3) How can we automatically recognize blocking events---when Tor relays +are censored at a firewall by destination address or by traffic flow +characteristics? + +4) Clients who are censored from the public Tor relays can use private +addresses to ``bridge'' into the public Tor network. What strategies +should we use to give out these addresses such that legitimate users +get enough addresses but adversaries can't learn too many? + +5) How can we make it hard for censors to recognize Tor traffic flows by +content (e.g.\ distinguishing Tor's handshake from other expected protocols) +and by traffic characteristics (packet size, volume, and timing)? We need +\emph{obfuscation} metrics to let us anticipate which protocols will +blend in better with background traffic or otherwise defeat deep packet +inspection (DPI) algorithms. + +\bibliographystyle{plain} \bibliography{crypto2011-tor} +\end{document} + +\end{document} + Added: projects/articles/crypto2011/direct-users-2011-04-01-300-eg-2010-12-01.png =================================================================== (Binary files differ) Property changes on: projects/articles/crypto2011/direct-users-2011-04-01-300-eg-2010-12-01.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: projects/articles/crypto2011/direct-users-2011-04-01-300-ir-2010-12-01.png =================================================================== (Binary files differ) Property changes on: projects/articles/crypto2011/direct-users-2011-04-01-300-ir-2010-12-01.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: projects/articles/crypto2011/direct-users-2011-04-01-300-ly-2010-12-01.png =================================================================== (Binary files differ) Property changes on: projects/articles/crypto2011/direct-users-2011-04-01-300-ly-2010-12-01.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: projects/articles/crypto2011/direct-users-2011-04-01-300-sa-2010-09-01.png =================================================================== (Binary files differ) Property changes on: projects/articles/crypto2011/direct-users-2011-04-01-300-sa-2010-09-01.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: projects/articles/crypto2011/direct-users-2011-04-01-300-tn-2010-12-01.png =================================================================== (Binary files differ) Property changes on: projects/articles/crypto2011/direct-users-2011-04-01-300-tn-2010-12-01.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream