Author: phobos Date: 2011-02-24 22:47:15 +0000 (Thu, 24 Feb 2011) New Revision: 24264 Added: projects/presentations/2011-02-24-hfoss-presentation.pdf projects/presentations/2011-02-24-hfoss-presentation.tex Log: add the HFOSS presentation from today. Added: projects/presentations/2011-02-24-hfoss-presentation.pdf =================================================================== (Binary files differ) Property changes on: projects/presentations/2011-02-24-hfoss-presentation.pdf ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: projects/presentations/2011-02-24-hfoss-presentation.tex =================================================================== --- projects/presentations/2011-02-24-hfoss-presentation.tex (rev 0) +++ projects/presentations/2011-02-24-hfoss-presentation.tex 2011-02-24 22:47:15 UTC (rev 24264) @@ -0,0 +1,266 @@ +\documentclass{beamer} +\mode<presentation> +\usetheme{Pittsburgh} +\usecolortheme{beaver} +\title{Free Software, Free Internet, Anonymity \& Tor} +\author{Andrew Lewman \\ andrew@torproject.org} +\date{24 Feb 2011} +\begin{document} + +\begin{frame} +\maketitle +\begin{center} +\includegraphics[height=3cm]{./images/2009-tor-logo} +\hspace{1cm} +\includegraphics[height=3cm]{./images/mullah} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{What is anonymity?} +\includegraphics[width=10cm]{./images/2llg3ts} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't cryptography} +\begin{itemize} +\item Cryptography protects the contents in transit +\item You still know who is talking to whom, how often, and how much data is sent. +\item This is the core of traffic analysis. +\end{itemize} +\begin{center} +\includegraphics[width=5cm]{./images/encryption-cc-by-sa} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't steganography} +Attacker can tell Alice is talking to someone, how often, and how much data is sent. +\bigskip + +\begin{center} +\includegraphics[width=5cm]{./images/steganography-cc-by-sa} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't just wishful thinking...} +\begin{itemize} +\item "You can't prove it was me!" +\pause \item "Promise you won't look" +\pause \item "Promise you won't remember" +\pause \item "Promise you won't tell" +\pause \item "I didn't write my name on it!" +\pause \item "Isn't the Internet already anonymous?" +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{..since "weak" isn't anonymity.} +\begin{itemize} +\item \textit{"You can't prove it was me!"} Proof is a very \textbf{strong} word. Statistical analysis allows suspicion to become certainty. +\pause \item \textit{"Promise you won't look/remember/tell"} Will other parties have the abilities and incentives to keep these promises? +\pause \item \textit{"I didn't write my name on it!"} Not what we're talking about. +\pause \item \textit{"Isn't the Internet already anonymous?"} Nope! +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Anonymous communication} +\begin{itemize} +\item People have to hide in a crowd of other people ("anonymity loves company") +\item The goal of the system is to make all users look as similar as possible, to give a bigger crowd +\item Hide who is communicating with whom +\item Layered encryption and random delays hide correlation between input traffic and output traffic +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Low versus High-latency anonymous communication systems} +\begin{itemize} +\item Tor is not the first system; ZKS, mixmaster, single-hop proxies, Crowds, Java Anon Proxy. +\item Low-latency systems are vulnerable to end-to-end correlation attacks. +\item High-latency systems are more resistant to end-to-end correlation attacks, but by definition, less interactive. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Low-latency systems are generally more attractive to today's user} +\begin{itemize} +\item Interactive apps: web, instant messaging, VOIP, ssh, X11, cifs/nfs, video streaming (millions of users) +\item Multi-hour delays: email, nntp, blog posting? (tens of thousands of users?) +\pause \item \begin{center}\begin{Large}And if anonymity loves company...\end{Large}\end{center} +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{What is Tor?} +\begin{itemize} +\item online anonymity, circumvention software and network +\item open source, free software (BSD 3-clause \& GPLv2 licenses) +\pause \item active research environment: \\ +Rice, UMN, NSF, NRL, Drexel, Waterloo, Cambridge UK, Bamberg Germany, Boston U, Harvard, MIT, RPI, GaTech +\pause \item increasingly diverse toolset: \\ +Tor, Torbutton, Tor Browser Bundle, TAILS LiveCD/USB, Tor Weather, Tor auto-responder, Secure Updater, Orbot/Orlib, Tor Check, Arm, Nymble, Tor Control, Metrics, TorBEL, etc... +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Who is The Tor Project, Inc?} +\begin{columns}[c] +\column{5cm} +\includegraphics[height=4.5cm]{./images/2009-oval_sticker_new} +\column{5cm} +The 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy +\end{columns} +\end{frame} + +\begin{frame} +\frametitle{Tor is a low-latency anonymity system} +\begin{itemize} +\item Based on technology developed in the Onion Routing project +\item Privacy by design, not by policy (no data collected) +\item Commonly used for web browsing and instant messaging (works for any TCP traffic) +\item Originally built as a pure anonymity system (hides who is talking to whom) +\item Now designed to resist censorship too (hides whether someone is using the system at all) +\item Centralized directory authorities publish a list of all servers +\end{itemize} + +\begin{center} +\includegraphics[height=3cm]{./images/2009-tor-logo} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Tor code stats} +\includegraphics[scale=0.6]{./images/tor-lines-of-code-by-language} +\flushright \tiny stats from ohloh.net +\end{frame} + +\begin{frame} +\frametitle{Tor code stats} +\includegraphics[scale=0.55]{./images/ohloh-lines-of-code-by-language} +\flushright \tiny stats from ohloh.net +\end{frame} + +\begin{frame} +\frametitle{Tor hides communication patterns by relaying data through volunteer servers} +\begin{center} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[width=9cm]{./images/tor-network}} +\only<2>{\includegraphics[width=9cm]{./images/tor-safe-selection}} +\only<3>{\includegraphics[width=9cm]{./images/tor-safe-path}} +\only<4>{\includegraphics[width=9cm]{./images/tor-keys1}} +\end{overlayarea} +\flushright +\tiny Diagram: Robert Watson +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Vidalia Network Map} +\includegraphics[scale=0.35]{./images/vidalia-network-map} +\end{frame} + +\begin{frame} +\frametitle{Measuring the Tor Network} +\begin{itemize} +\item Measuring metrics anonymously +\item NSF grant to find out +\item Archive of hourly consensus, ExoneraTor, VisiTor +\item Metrics portal: \\ \url{https://metrics.torproject.org/} +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{How many people use Tor?} +It's an anonymity system. \\[1cm] +\pause \includegraphics[scale=0.5]{./images/direct-users-2011-02-22-150-all-2009-09-01} +\end{frame} + +\begin{frame} +\frametitle{Seriously, how many people use Tor?} +\begin{flushleft} +\includegraphics[width=12cm]{./images/2009-12-16-mozilla-stats} +\end{flushleft} +\end{frame} + +\begin{frame} +\frametitle{How is Tor different from other systems?} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{./images/single_hop_relay}} +\only<2>{\includegraphics[height=7cm]{./images/evil_single_hop_relay}} +\only<3>{\includegraphics[height=7cm]{./images/data_snooping_single_hop_relay}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Hidden services allow privacy enhanced hosting} +\includegraphics[scale=0.4]{./images/hidden-federalist} +\end{frame} + +\begin{frame} +\frametitle{Did you catch that url?} +\includegraphics[scale=1.0]{./images/hidden-federalist-zoom} +\end{frame} + +\begin{frame} +\frametitle{Hidden services, in text} +\begin{itemize} +\item Distributed Hash Table (DHT) Directory +\pause \item Rendezvous points +\pause \item Anonymity for both the server and client +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Operating Systems leak info like a sieve} +\parbox{5cm}{\sloppy \setbeamercolor{background}[\includegraphics[height=7cm]{./images/cropped-hijack-sign-south-africa}} +\parbox{5cm}{\begin{itemize} +\item Applications, network stacks, plugins, oh my.... +\pause some call this "sharing" +\pause \item Did you know Microsoft Word and OpenOffice Writer are browsers? +\pause \item \url{www.decloak.net} is a fine test +\end{itemize} +} +\end{frame} + +\begin{frame} +\frametitle{Mobile Operating Systems} +\begin{itemize} +\item Entirely new set of challenges for something designed to know where you are at all times. +\item Orbot: Tor on Android. \url{https://guardianproject.info/apps/} +\item Tor on iphone, maemo/meego, symbian, etc +\item Tor on Windows CE, \url{http://www.gsmk.de} as an example. +\item Guardian Project, \url{https://guardianproject.info/} +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{How can coding help?} +\includegraphics[scale=0.6]{./images/developer-projects} +\end{frame} + +\begin{frame} +\frametitle{How to get involved?} +\begin{center} +\begin{large} +\url{https://torproject.org/volunteer} +\end{large} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Supporters} +\includegraphics[scale=.5]{./images/167234088_08f07f0dbe_o} +\end{frame} + +\begin{frame} +\frametitle{Credits} +\begin{itemize} +\item Thank you to Steven J. Murdoch, \url{http://www.cl.cam.ac.uk/users/sjm217/}, for the research and basis for the latter parts of the presentation. \\ +\item Photographer and Diagram credits as listed throughout the presentation. +\end{itemize} +\end{frame} + +\end{document} Property changes on: projects/presentations/2011-02-24-hfoss-presentation.tex ___________________________________________________________________ Added: svn:mime-type + text/x-tex