[tor-commits] r25935: {} tonight's presentation for northeastern grad students (in projects/presentations: . images)

Andrew Lewman andrew at torproject.org
Thu Dec 6 05:21:37 UTC 2012


Author: phobos
Date: 2012-12-06 05:21:37 +0000 (Thu, 06 Dec 2012)
New Revision: 25935

Added:
   projects/presentations/2012-12-05-NEU-AnonComms-outline.txt
   projects/presentations/2012-12-05-NEU-AnonComms.pdf
   projects/presentations/images/envelopes.jpg
   projects/presentations/images/iograph-torproject-website.png
   projects/presentations/images/obfsproxy_diagram.png
   projects/presentations/images/wwwhatranorg.jpg
Log:
tonight's presentation for northeastern grad students


Added: projects/presentations/2012-12-05-NEU-AnonComms-outline.txt
===================================================================
--- projects/presentations/2012-12-05-NEU-AnonComms-outline.txt	                        (rev 0)
+++ projects/presentations/2012-12-05-NEU-AnonComms-outline.txt	2012-12-06 05:21:37 UTC (rev 25935)
@@ -0,0 +1,288 @@
+% Anonymous Communications
+% Andrew Lewman andrew at torproject.org
+% December 05, 2012
+
+# Who is this guy?
+
+501(c)(3) non-profit organization dedicated to the research and development of technologies for online anonymity and privacy
+
+[https://www.torproject.org](https://www.torproject.org)
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/2009-oval_sticker_new}
+\end{center}
+
+# Three hours of this guy talking?
+
+Let's hope not.
+
+Ask questions; early and often.
+
+# Agenda
+ - Definitions and Concepts of Anonymity
+ - What data?
+ - Attacks against anonymity
+ - Deployed Systems (Centralized and Decentralized)
+
+# What is Anonymity?
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/2llg3ts.jpg}
+\end{center}
+
+# Definitions: Anonymity
+
+  - a set of all possible subjects
+  - state of not being identifiable within anonymity set
+
+# Definitions: Unlinkability
+
+  - unlinkability of two or more items of interest from the adversary's perspective
+    - items can be messages, people, events, actions, etc
+
+# Definitions: Unobservability
+
+  - state of items of interest being indistinguishable from any items of interest
+
+# Definitions: Pseudonymity
+
+  - identifiers of sets of subjects
+
+# Definitions: Traffic Analysis
+
+  - The who, what, when of traffic
+  - Think of the post office
+
+# Definitions: Steganography
+
+  - the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. -- [Wikipedia](https://en.wikipedia.org/wiki/Steganography)
+  - alice or bob are talking, but to whom?
+
+# Definitions: Cryptography
+  - protecting content in transit
+  - does nothing to hide the traffic of items of interest
+
+# What data to protect?
+
+ - bits of info which put together deanonymize you
+  - Names of individuals
+  - location address (street, IP address, zipcode, etc)
+  - operating system info
+  - language info
+  - amount of data sent
+  - amount of data received
+  - traffic timing (heartbeats)
+
+# Anonymity Loves Company
+  - make the set of users as large and coherent as possible to create a large anonymity set
+
+# Attacking Anonymity: Timing Analysis
+  - An attack used to analyze the time properties of data transfer between items of interest.
+    - When was data sent?
+    - How much was data sent?
+    - How long did it take to send the data?
+    - When was data received?
+  - wireshark demo
+
+# Attacking Anonymity: Timing Analysis
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/iograph-torproject-website.png}
+\end{center}
+
+# Attacking Anonymity: Statistical Disclosure
+
+  - Also called an intersection attack
+  - trying to identify mutually disjoint sets of recipients
+  - exponential time involved per number of messages to be analyzed
+
+# Attacking Anonymity: Tagging
+
+  - tagging (make one item of interest unique)
+
+# Attacking Anonymity: Traffic Confirmation
+
+  - who sends, how often, and when
+  - etherape demo
+
+# Centralized Systems
+
+ - cheap, easy, ubiquitous
+ - PPTP, IPSec, SSL, SSH, XMPP common protocols
+
+# Proxy and VPN Servers
+  - proxy server works on your behalf
+  - VPN is virtual private network
+    - proxy for the network layers (layers 2 or 3 of OSI model)
+
+# Proxy and VPN Servers
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/single_hop_relay.jpg}
+\end{center}
+
+# Trusting the provider
+
+  - trusting the provider
+  - promises, contracts, mistakes
+  - some may filter or clean data before passing on to destination
+
+# Trusting the provider
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/evil_single_hop_relay.jpg}
+\end{center}
+
+# Irrelevant provider
+
+  - Single machine, or cluster of machines, are connected to a network
+  - If the proxy provider won't cooperate, use the network around it.
+
+# Irrelevant provider
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/data_snooping_single_hop_relay.jpg}
+\end{center}
+
+# Decentralized Systems
+
+## Mix Networks
+ - cascades (JonDos/JonDonym)
+ - routes (tor)
+
+## Similar Routing networks
+ - I2P - Garlic routing, closed network, anonymity and reputation
+ - Freenet - closed network, anonymity, distributed file storage and sharing
+ - GNUnet - closed network, anonymity, distributed file storage and sharing
+
+# Break?
+
+Anyone need a bio-break for 10 minutes?
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/wwwhatranorg}
+\end{center}
+
+# What is Tor?
+
+ - online anonymity software and network
+ - open source, freely available (3-clause BSD license)
+ - active research environment:
+
+Drexel, Univ of Waterloo, Georgia Tech, Princeton, Boston University, University College London, Univ of Minnesota, National Science Foundation, Naval Research Labs, Cambridge UK, Bamberg Germany, MIT...
+
+ - increasingly diverse toolset:
+
+Tor, Tor Browser Bundle, Tails Live System, Orbot/OrWeb, Tor Weather, Tor auto-responder, Secure Updater, Arm, Tor2Web, and so on.
+
+# Who uses Tor?
+
+\parbox{8cm}{\sloppy \setbeamercolor{background}[\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/anonymousman}}
+\parbox{3cm}{\sloppy
+\begin{flushleft}
+\begin{itemize}
+\begin{small}
+\item Normal people
+\item Journalists
+\item Law Enforcement
+\item Human Rights Activists
+\item Business Execs
+\item Militaries
+\item Abuse Victims
+\end{small}
+\end{itemize}
+\end{flushleft}
+}
+
+# How many people use Tor?
+
+estimated 500k to 900k daily users
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/huge-crowd}
+\end{center}
+
+# How does Tor work?
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/tor-network}
+\end{center}
+
+# How does Tor work?
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/tor-safe-selection}
+\end{center}
+
+# How does Tor work?
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/tor-safe-path}
+\end{center}
+
+# How does Tor work?
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/tor-keys1}
+\end{center}
+
+# Attacks on Tor
+
+ - First hop can learn your IP address.
+ - Last hop can watch your traffic.
+
+# Attacks on Tor
+
+ - Adversary can block all Tor nodes by IP address and TCP port
+    - our answer is to use non-public relays called Bridges
+ - Adversary can legally harass last hop; DMCA, Child Abuse Materials, Threats, etc
+ - Adversary can run relays, use network to restrict access to other relays
+
+# Attacks on Tor
+
+ - Deep Packet Inspection
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/procera-evolved-dpi}
+\end{center}
+
+# Attacks on Tor
+
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/iran-ssl-dpi-26-seconds-to-death}
+
+# The Future: Usability
+
+ Who are our users?  What do they understand about anonymity, Tor, and privacy online?
+ Can we guide them to make smarter decisions?
+ How do we educate them before they start?
+
+# The Future: Obfsproxy & Pluggable Transports
+
+ Obfuscating proxy for network traffic
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/obfsproxy_diagram.png}
+\end{center}
+
+# The Future: Scaling
+
+  Why not 10,000 relays? Why not 1 million? 10 million?
+  Need privacy-preserving Scalable Distributed Hash Table designs
+
+# The Future: IPv6
+
+  Basic support for IPv6 clients and relays works now.
+  Need support for IPv6 destinations and pure IPv6 relays
+
+# The Future: UDP
+
+  Tor only transports TCP packets now.
+  This limits usable applications
+  Need to support real-time video and audio chats over Tor.
+
+# Thanks!
+
+\begin{center}
+\includegraphics[keepaspectratio,width=\textwidth, height=.8\textheight]{images/thankyou_img}
+\end{center}
+
+Visit [https://www.torproject.org](https://www.torproject.org) for more information, links, and ideas.


Property changes on: projects/presentations/2012-12-05-NEU-AnonComms-outline.txt
___________________________________________________________________
Added: svn:mime-type
   + text/plain
Added: svn:eol-style
   + native

Added: projects/presentations/2012-12-05-NEU-AnonComms.pdf
===================================================================
(Binary files differ)


Property changes on: projects/presentations/2012-12-05-NEU-AnonComms.pdf
___________________________________________________________________
Added: svn:mime-type
   + application/octet-stream

Added: projects/presentations/images/envelopes.jpg
===================================================================
(Binary files differ)


Property changes on: projects/presentations/images/envelopes.jpg
___________________________________________________________________
Added: svn:mime-type
   + image/jpeg

Added: projects/presentations/images/iograph-torproject-website.png
===================================================================
(Binary files differ)


Property changes on: projects/presentations/images/iograph-torproject-website.png
___________________________________________________________________
Added: svn:mime-type
   + image/png

Added: projects/presentations/images/obfsproxy_diagram.png
===================================================================
(Binary files differ)


Property changes on: projects/presentations/images/obfsproxy_diagram.png
___________________________________________________________________
Added: svn:mime-type
   + image/png

Added: projects/presentations/images/wwwhatranorg.jpg
===================================================================
(Binary files differ)


Property changes on: projects/presentations/images/wwwhatranorg.jpg
___________________________________________________________________
Added: svn:mime-type
   + image/jpeg



More information about the tor-commits mailing list