Author: runa Date: 2011-09-12 21:14:14 +0000 (Mon, 12 Sep 2011) New Revision: 25065

Added: projects/presentations/2011-tor-online-anonymity-privacy-security-Lookout.pdf projects/presentations/2011-tor-online-anonymity-privacy-security-Lookout.tex Log: my talk at lookout

Added: projects/presentations/2011-tor-online-anonymity-privacy-security-Lookout.pdf =================================================================== (Binary files differ)

Property changes on: projects/presentations/2011-tor-online-anonymity-privacy-security-Lookout.pdf ___________________________________________________________________ Added: svn:mime-type + application/octet-stream

Added: projects/presentations/2011-tor-online-anonymity-privacy-security-Lookout.tex =================================================================== --- projects/presentations/2011-tor-online-anonymity-privacy-security-Lookout.tex (rev 0) +++ projects/presentations/2011-tor-online-anonymity-privacy-security-Lookout.tex 2011-09-12 21:14:14 UTC (rev 25065) @@ -0,0 +1,328 @@ +\documentclass{beamer} +\mode<presentation> +\usetheme{Boadilla} +\title{Tor: Online anonymity, privacy, and security.} +\author{Runa A. Sandvik \ runa@torproject.org} +\date{12 September 2011} +\begin{document} + +\begin{frame} +\maketitle +\begin{center} +\includegraphics[height=3cm]{../images/2009-tor-logo} +\end{center} +\end{frame} + +% Introduce myself, just to be nice +\begin{frame} +\frametitle{About Runa} +\begin{itemize} +\item Studied at the Norwegian University of Science and Technology +\item Worked for the Tor Project during Google Summer of Code in 2009 +\item Developer, security researcher, translation coordinator +\end{itemize} +\end{frame} + +% And here's what we'll talk about +\begin{frame} +\frametitle{What are we talking about?} +\begin{itemize} +\item Crash course on anonymous communications +\item Quick overview of Tor +\item Tor and circumvention +\item Future work +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{The Tor Project, Inc.} +501(c)(3) non-profit organization dedicated to the research and development of technologies for online anonymity and privacy +\begin{center} +\includegraphics[height=5cm]{../images/2009-oval_sticker_new} +\end{center} +\end{frame} + +% Crash course on anonymous communications +\begin{frame} +\frametitle{What is anonymity?} +\includegraphics[width=10cm]{../images/2llg3ts} +\end{frame} + +% What is the threat model here? +\begin{frame} +\frametitle{Threat model: what can the attacker do?} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../images/single_hop_relay}} +\only<2>{\includegraphics[height=7cm]{../images/evil_single_hop_relay}} +\only<3>{\includegraphics[height=7cm]{../images/data_snooping_single_hop_relay}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't cryptography} +\begin{itemize} +\item Cryptography protects the contents in transit +\item You still know who is talking to whom, how often, and how much data is sent. +\end{itemize} +\begin{center} +\includegraphics[width=5cm]{../images/encryption-cc-by-sa} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't steganography} +Attacker can tell Alice is talking to someone, how often, and how much data is sent. +\bigskip + +\begin{center} +\includegraphics[width=5cm]{../images/steganography-cc-by-sa} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't just wishful thinking...} +\begin{itemize} +\item "You can't prove it was me!" +\pause \item "Promise you won't look" +\pause \item "Promise you won't remember" +\pause \item "Promise you won't tell" +\pause \item "I didn't write my name on it!" +\pause \item "Isn't the Internet already anonymous?" +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Anonymous communication} +\begin{itemize} +\item People have to hide in a crowd of other people ("anonymity loves company") +\item The goal of the system is to make all users look as similar as possible, to give a bigger crowd +\item Hide who is communicating with whom +\item Layered encryption and random delays hide correlation between input traffic and output traffic +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Anonymity serves different interests for different user groups} +\begin{itemize} +\item Private citizens: it's privacy +\item Businesses: it's network security +\item Governments: it's traffic-analysis resistance +\item Human rights activists: it's reachability +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{What is Tor?} +\begin{itemize} +\item Online anonymity software and network +\pause \item Open source, freely available (3-clause BSD license) +\pause \item Active research environment: \ +Rice, UMN, NSF, NRL, Drexel, Waterloo, Cambridge UK, Bamberg Germany, Boston Univ, Harvard, MIT, RPI, Georgia Tech +\pause \item Funding from US DoD, EFF, Voice of America, Google, NLNet, +Human Rights Watch \ +\pause \item Increasingly diverse toolset: \ +Tor, Torbutton, Tor Browser Bundle, TAILS Anonymous Operating System, +Tor Weather, GetTor, Thandy, Orbot, Tor Check, Arm, Torouter, Tor Cloud +and more +\end{itemize} +\end{frame} + +% And what makes Tor different? +\begin{frame} +\frametitle{How is Tor different from other systems?} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../../website/images/htw1}} +\only<2>{\includegraphics[height=7cm]{../../website/images/htw2}} +\only<3>{\includegraphics[height=7cm]{../../website/images/htw3}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Tor uses a simple centralized directory protocol} +\begin{itemize} +\item Relays publish self-signed descriptors to directory authorities +\item Authorities publish a consensus list of all relay descriptors +\item Clients download latest consensus from a directory authority or a directory cache +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Bridges versus relays} +\begin{itemize} +\item A step forward in the blocking resistance race +\item Bridge relays (or "bridges" for short) are Tor relays that aren't listed in the main Tor directory +\item To use a bridge, you will need to locate one first (can be done using bridges.torproject.org, email, social media etc) +\item A bridge will act as the first hop in the circuit +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Hidden services} +\begin{itemize} +\item Tor makes it possible for users to hide their locations while offering various kinds of services, such a website or an im server +\item Using Tor "rendezvous points," other Tor users can connect to these hidden services, each without knowing the other's network identity +\item A hidden service will have an address that ends in .onion, e.g. http://duskgytldkxiuqc6.onion/ +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Encryption} +\begin{itemize} +\item Tor uses the 128-bit AES cipher in counter mode to generate a cipher stream +\item And the signing keys are 1024-bit RSA +\item We used to use a 1024-bit safe prime from RFC 2409, section 6.2 as the DH parameter... +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{} +\includegraphics[scale=0.5]{../images/direct-users-2010-12-01-off-300-2011-01-15-ir} +\end{frame} + +\begin{frame} +\frametitle{} +\includegraphics[scale=0.5]{../images/bridge-users-2010-11-01-300-2011-01-14-ir} +\end{frame} + +\begin{frame} +\frametitle{Encryption} +\begin{itemize} +\item But then we made the DH parameter we use for TLS match the one from Apache's mod_ssl... +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{} +\includegraphics[scale=0.5]{../images/direct-users-2011-01-01-off-300-2011-03-01-ir.png} +\end{frame} + +\begin{frame} +\frametitle{} +\includegraphics[scale=0.5]{../images/bridge-users-2011-01-01-300-2011-03-01-ir.png} +\end{frame} + +\begin{frame} +\frametitle{Keys} +\begin{itemize} +\item Each relay maintains a long-term identity key and a short term onion key: +\begin{itemize} +\item The identity key is used to sign relay descriptors +\item The directory authorities also use the identity key to sign the consensus +\item The onion key is used to decrypt requests from clients to set up a circuit and negotiate ephemeral keys +\item The TLS protocol also establishes a short-term link key when communicating between relays +\end{itemize} +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Cells} +\includegraphics[width=10cm]{../images/cell-struct.png} +\begin{itemize} +\item Traffic passes along circuits in the Tor network in fixed-size +cells (512 bytes): +\begin{itemize} +\item The header includes a circuit identifier that specifies which +circuit the cell refers to +\item The command describes what to do with the cells payload +\item The entire contents of the header and payload is +encrypted/decrypted together as the relay cell moves along the circuit +\end{itemize} +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Tor on the wire} +\includegraphics[width=12cm]{../images/tor-keys3} +\end{frame} + +\begin{frame} +\frametitle{How many people use Tor daily?} +\includegraphics[scale=0.5]{../images/direct-users-2010-09-11-off-300-2011-09-11-all} +\end{frame} + +% Tor and circumvention +\begin{frame} +\frametitle{Attackers can block access to the network} +\begin{itemize} +\item By blocking access to the directory authorities +\item By blocking access to all the relays in the network +\item By blocking access to all known bridges in the network +\item By preventing users from finding the software +\end{itemize} +\end{frame} + +% China +\begin{frame} +\frametitle{Tor and circumvention in China} +\includegraphics[scale=0.5]{../images/direct-users-2010-09-11-off-300-2011-09-11-cn} +\end{frame} + +\begin{frame} +\frametitle{Tor and circumvention in China} +\includegraphics[scale=0.5]{../images/bridge-users-2010-09-11-300-2011-09-11-cn} +\end{frame} + +% Egypt +\begin{frame} +\frametitle{Tor and circumvention in Egypt} +\includegraphics[scale=0.5]{../images/direct-users-2010-09-11-off-300-2011-09-11-eg} +\end{frame} + +\begin{frame} +\frametitle{Tor and circumvention in Egypt} +\includegraphics[scale=0.5]{../images/bridge-users-2010-09-11-300-2011-09-11-eg} +\end{frame} + +% Libya +\begin{frame} +\frametitle{Tor and circumvention in Libya} +\includegraphics[scale=0.5]{../images/direct-users-2010-09-11-off-300-2011-09-11-ly} +\end{frame} + +\begin{frame} +\frametitle{Tor and circumvention in Libya} +\includegraphics[scale=0.5]{../images/bridge-users-2010-09-11-300-2011-09-11-ly} +\end{frame} + +% Future work +\begin{frame} +\frametitle{Future work, part 1} +\begin{itemize} +\item The Torouter project: hardware project to provide an easy to setup Tor bridge or relay +\item The Tor Cloud project: provides bridge-by-default and relay-by-default images for Amazon EC2 +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Future work, part 2} +\begin{itemize} +\item Pluggable transports: a plug-in system that can evade many censorship systems by disguising Tor traffic as, for example, standard HTTP traffic +\item Obfuscated proxy: protocol obfuscation for TCP protocols prevent third party from identifying protocol based on message contents +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Future work, part 3} +\begin{itemize} +\item Censorship resistance research: reachability testing of the Tor network from within certain countries +\item IPv6: goal for Tor 0.2.3.x is for bridges to handle IPv6-only clients and exits can handle IPv6 addresses +\end{itemize} +\end{frame} + +% Demonstration of TBB +\begin{frame} +\frametitle{Time for a demo} +Demonstration of Tor Browser Bundle +\end{frame} + +\begin{frame} +\frametitle{} +\begin{center} +\large Questions? \ +\vspace{10 mm} +runa@torproject.org \ +https://www.torproject.org/ +\end{center} +\end{frame} + +\end{document}