Анонимность tor: миф и реальность

12th CENTRAL & EASTERN EUROPEAN SOFTWARE ENGINEERING CONFERENCE IN RUSSIA

October 28 - 29, Moscow

Aleksandr Lazarenko

Anonymity of Tor: myth and reality

NRU HSE

2

What is

Tor?

The Onion Router

Anonymous network

Volunteer servers

Free software

Browser &

Messenger 3

4

Features

5

Tor is distributed

6

Every server is VOLUNTEER

7

So what

8

The larger the network

9

The greaterthe anonymity

10

Bio

11

1998

The Onion Routing

DARPA*

Free Haven Project

MIT

* Defense Advanced Research Projects Agency

12

2002DECLASSIFIED

Launched

Open-source

13

2009Mozilla Firefox

Out-of-the box

Browser

Tor inside

14

Tor Messenger

2015Private chats

Anonymity

Messenger

Tor inside

15

16

2 000 000Users per day

17

NetherlandsJapanBrazil

ItalySpain

UKRussiaFrance

GermanyUSA

0 50000 100000 150000 200000 250000 300000 350000 400000 450000

Number of users per day

18

60K UniqueHidden Services

19

7K Tor Relays

20

Who are users?

21

Justpeople

22

Journalists &

Bloggers

Police&

friends23

Business

24

Military

25

IT pros

26

Crime

27

WHYDEEP WEB?

28

29

BecauseHIDDEN

Services!

30

Anonymousserver

2004

Only for Tor

.onion

Anonymity for Servers

31

InaccessibleOn theInternet

32

WikiLeaks:

http://suw74isz7wqzpmgu.onion

33

How does it work?

34

Tor Client

User

Connects with Tor

Has installed soft

Any PC

35

Entry guard

Relay

Speaks with Client

Encrypts data

Retranslates data

Entry

36

Middle

Relay

Speaks with Entry

Encrypts data

Speaks with Exit

Entry

Middle

Exit

37

Exit

Relay

Speaks with Middle

Encrypts data

Speaks with Endpoint

Exit

Middle

Endpoint

Default circuit

middle

exit

Endpoint

entry

Encrypted connection

Just connection

38

Tor Client

Client receives the list of all Tor nodes from directory server

Tor Client

Directory server

Endpoint #1

Endpoint #2

Encrypted connection

Just connection

39

Step #1

Client initializes the random path through the network

Endpoint 1

Endpoint 2

entry

middle

exit

40ы

Encrypted connection

Just connectionStep #2

Tor Client

Directory server

Client initializes another random path

Endpoint 1

Endpoint 2

entry

middle

exit

41

Tor Client

Directory server

Encrypted connection

Just connectionStep #3

42

MYTH #1

43

ONLYCRIMINALS

USETOR

Porn Drugs Politics Forgery Anonymity0

2

4

6

8

10

12

14

16

18

44

The most popular content

45

MYTH #2

46

TOR IS

ANONYMOUSCOMPLETELY

Gov.VSTor

47

48

Silk Road

Used to be the biggest Drug Store

Revenue: 9.5 mln BTC

Closed by FBI

Founder is life sentenced

Attacking

49

Tor

Attacker only observes traffic, without

modifying it

Attacks

Attacker observes and modifies traffic

Passive Active

50

51

Classification# Resources Attacks

1 Corrupted entry guard Website fingerprinting attack2 Corrupted entry and exit nodes Traffic analysis

Timing attack Circuit fingerprinting attack Tagging attack

3 Corrupted exit node Sniffing of intercepted traffic4 Corrupted entry and exit nodes,

external server Browser based timing attack with

JavaScript injection Browser based traffic analysis attack

with JavaScript injection

5 Autonomous system BGP hijacking BGP interception RAPTOR attack

6 Big number of various corrupted nodes

Packet spinning attack CellFlood DoS attack Other DoS and DDoS attacks

Website fingerprinting attack

52

The Idea:

Data mining Machine learning

53

Attackers strategy

Tor Client

Entry

Exit

DB

website

Data mining Classifier training

Website recognition

54

Feature extraction levels

55

Cell 1 Cell 2 Cell 3 Cell 4 Cell 5

Record 1 Record 2

Packet 1 Packet 2 Packet 3

Cells

TLS

TCP

Attack as a classification problem

Classes

Tracked websites Other

56

57

The Oracle problem!

Problem?

59

7Websites

5Men

1Relay

80Traffic

Instances

5Uploads

per website

0.71Accuracy

5Seconds

split

Aleksandr Lazarenkoavlazarenko@edu.hse.ru

60