SlideShare une entreprise Scribd logo

Tor

Télécharger en tant que PPTX, PDF
A
antitree

Presentation given in 2010 about Tor, attack vectors, and advanced usage.

Technologie
1  sur  25
Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors
Anonymity Systems  JAP  I2P  Freenet  Xerobank  Botnets
Freenet  Storage network p2p based  Shares files on your system to other nodes  Plausabile Deniability
I2P  Opposing design of Tor  UDP based  Darknet design  Java, Python, and C API’s  Mixed routing based on packets  Splits tunneling between upstream and downstream  “Garlic Routing” – mix streams together to prevent traffic analysis  Variable latency design
Tor  Tor(not TOR) – previously stood for The Onion Router  Provides a method of anonymity by passing data between proxies
Tor Network
Terminology  Cell – your message  Circuit – tunnel made up of relays  Entry Node: first hop into the Tor network  Exit Node: last hop before destination  Relay Node: middle hop  Bridge Node: nodes not listed in the Tor directory to evade filtering
Who’s Using Tor?  Whistleblowers  Wikileaks – runs hidden service  Militaries  field ops  command and control using hidden services  Chinese journalists and dissidents
Tor Project  501(c)(3) NFP  Freely available  Full spec and full documentation
Project Finances https://www.torproject.org/about/financials.html
Current Project Sponsors  Federal Grant:  International Program to Support Democracy Human Rights and Labor  $632,189  International Broadcasting Bureau  Voice of America, Radio Free Europe/Radio Liberty, Radio and TV Martí, Radio Free Asia, Radio Sawa/Alhurra TV  $270,000  Stichting.Net  Association of NFP’s in the Netherlands  $38,279  Google: $29,083  ITT: $27,000  Other: $9,997 https://www.torproject.org/about/sponsors.html.en
Past Funders  DARPA and Naval Research Labratory 2001-2006  EFF – 2004-2005
Tor Performance
Number of Relays
Number of Users
Tor Tools  Torbutton  Tor Browser Bundle  Vidalia  TorCheck  Arm  Tor-ramdisk  Anthony G. Basile from Buffalo
Tor Control Port  Telnet to the control port authenticate "“  Create custom circuits (long or short) extendcircuit 0 a,b,c,… extendcircuit 0 a,b  Show live circuit information setevents circ  Change configuration on the fly setconf confitem  Map a site to an exit node Mapaddress google.com=a.b  Reload a configuration Getconf confitem
Attacks
Tor Passive Attack Vectors  Traffic profiling – entry and exit analysis  Cleartext exit node transmission  Fingerprinting - OS, browser, configuration, activity  Timing correlation  Network partitioning  End to end Size correlation
Tor Active Attack Vectors  Compromised keys  Malicious web servers  Malicious Exit/Relay nodes  DoS non-controlled nodes  Timestamping and tagging  Injecting or replacing unencrypted info  Malicious Tor client
Tor Client Side Attacks  DNS rebinding  Disbanding attack – javascript, java, flash  History disclosure  Timezone information (partitioning)
Social Engineering Attacks  Getting more traffic  “Use my relay. I have huge tubes!”  “Nick’s relay sucks”  “I’ve added a feature to my node.”  Replacement  687474703a2f2f7777772e726f63686573746572323 630302e636f6d2f6861782f  Partitioning  “Don’t use servers from this country”  “These servers are amazing!”
More Info  www.torproject.org  Metrics.torproject.org  Blog.torproject.org  Check.torproject.org  @torproject

Recommandé

Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
antitree
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
n|u - The Open Security Community
 
Tor Presentation
Tor PresentationTor Presentation
Tor Presentation
Hassan Faraz
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)
Saprative Jana
 
Tor
TorTor
Tor
Georgino Abboud
 
Tor browser
Tor browserTor browser
Tor browser
Akshit Arora
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to Tor
Jaskaran Narula
 
Onion protocol
Onion protocolOnion protocol
Onion protocol
Anshu Raj
 

Recommandé

Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
antitree
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
n|u - The Open Security Community
 
Tor Presentation
Tor PresentationTor Presentation
Tor Presentation
Hassan Faraz
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)
Saprative Jana
 
Tor
TorTor
Tor
Georgino Abboud
 
Tor browser
Tor browserTor browser
Tor browser
Akshit Arora
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to Tor
Jaskaran Narula
 
Onion protocol
Onion protocolOnion protocol
Onion protocol
Anshu Raj
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
Jack Maynard
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
Ahmed Mater
 
The Onion Routing (TOR)
The Onion Routing (TOR)The Onion Routing (TOR)
The Onion Routing (TOR)
Amrit Khandelwal
 
Tor
TorTor
Tor
anjalika sinha
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network tor
Khaled Mosharraf
 
TOR: The Onion Router
TOR: The Onion RouterTOR: The Onion Router
TOR: The Onion Router
Volodymyr Ostapiv
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
Mohammed Bharmal
 
Tor Pivoting Networks Share
Tor Pivoting Networks Share Tor Pivoting Networks Share
Tor Pivoting Networks Share
Ricardo Robles, M.Eng.
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
anurag singh
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
Prashant Rana
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
OWASP Delhi
 
Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion Routing
Ali Habeeb
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
 
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Thoughtworks
 
TOR NETWORK
TOR NETWORKTOR NETWORK
TOR NETWORK
Rishikese MR
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
Ashly Liza
 
Encryption and decryption in TOR
Encryption and decryption in TOREncryption and decryption in TOR
Encryption and decryption in TOR
anjalika sinha
 
Tor Network
Tor NetworkTor Network
Tor Network
Muhammad Jabir A C K
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
Brent Muir
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
INSIGHT FORENSIC
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
T. J. Saotome
 
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014
IceQUICK
 

Contenu connexe

Tendances

Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion Routing
Ali Habeeb
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
Ashly Liza
 

Tendances (19)

Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
The Onion Routing (TOR)
The Onion Routing (TOR)The Onion Routing (TOR)
The Onion Routing (TOR)
 
Tor
TorTor
Tor
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network tor
 
TOR: The Onion Router
TOR: The Onion RouterTOR: The Onion Router
TOR: The Onion Router
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
 
Tor Pivoting Networks Share
Tor Pivoting Networks Share Tor Pivoting Networks Share
Tor Pivoting Networks Share
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
 
Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion Routing
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
 
TOR NETWORK
TOR NETWORKTOR NETWORK
TOR NETWORK
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
Encryption and decryption in TOR
Encryption and decryption in TOREncryption and decryption in TOR
Encryption and decryption in TOR
 
Tor Network
Tor NetworkTor Network
Tor Network
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 

Similaire à Tor

Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
Akshay Bansal
 
Serverless (Distributed computing)
Serverless (Distributed computing)Serverless (Distributed computing)
Serverless (Distributed computing)
Sri Prasanna
 
Mr201304 open flow_security_eng
Mr201304 open flow_security_engMr201304 open flow_security_eng
Mr201304 open flow_security_eng
FFRI, Inc.
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
UltraUploader
 
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
ericsuboy
 
從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進
Gemini Reich
 

Similaire à Tor (20)

(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014
 
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong numberDEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
 
Peer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and StreamingPeer-to-Peer Networking Systems and Streaming
Peer-to-Peer Networking Systems and Streaming
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2p
 
Serverless (Distributed computing)
Serverless (Distributed computing)Serverless (Distributed computing)
Serverless (Distributed computing)
 
File000140
File000140File000140
File000140
 
Mr201304 open flow_security_eng
Mr201304 open flow_security_engMr201304 open flow_security_eng
Mr201304 open flow_security_eng
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
 
Scratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariScratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit Maheshwari
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
Mesh IoT Networks Explained
Mesh IoT Networks ExplainedMesh IoT Networks Explained
Mesh IoT Networks Explained
 
tor
tortor
tor
 
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
 
從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進
 
Setiri : Advances in trojan technology
Setiri : Advances in trojan technologySetiri : Advances in trojan technology
Setiri : Advances in trojan technology
 

Plus de antitree

Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
antitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
antitree
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
antitree
 

Plus de antitree (20)

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurations
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
0x20 hack
0x20 hack0x20 hack
0x20 hack
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcamp
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheep
 
Image based automation
Image based automationImage based automation
Image based automation
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Dernier (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Tor

  • 1.
  • 2. Overview  Anonymity systems  Review of how Tor works  Tor Project Inc.  Helper tools and accessories  Advanced Tor control  Attack Vectors
  • 3. Anonymity Systems  JAP  I2P  Freenet  Xerobank  Botnets
  • 4. Freenet  Storage network p2p based  Shares files on your system to other nodes  Plausabile Deniability
  • 5. I2P  Opposing design of Tor  UDP based  Darknet design  Java, Python, and C API’s  Mixed routing based on packets  Splits tunneling between upstream and downstream  “Garlic Routing” – mix streams together to prevent traffic analysis  Variable latency design
  • 6. Tor  Tor(not TOR) – previously stood for The Onion Router  Provides a method of anonymity by passing data between proxies
  • 8. Terminology  Cell – your message  Circuit – tunnel made up of relays  Entry Node: first hop into the Tor network  Exit Node: last hop before destination  Relay Node: middle hop  Bridge Node: nodes not listed in the Tor directory to evade filtering
  • 9. Who’s Using Tor?  Whistleblowers  Wikileaks – runs hidden service  Militaries  field ops  command and control using hidden services  Chinese journalists and dissidents
  • 10. Tor Project  501(c)(3) NFP  Freely available  Full spec and full documentation
  • 11. Project Finances https://www.torproject.org/about/financials.html
  • 12. Current Project Sponsors  Federal Grant:  International Program to Support Democracy Human Rights and Labor  $632,189  International Broadcasting Bureau  Voice of America, Radio Free Europe/Radio Liberty, Radio and TV Martí, Radio Free Asia, Radio Sawa/Alhurra TV  $270,000  Stichting.Net  Association of NFP’s in the Netherlands  $38,279  Google: $29,083  ITT: $27,000  Other: $9,997 https://www.torproject.org/about/sponsors.html.en
  • 13. Past Funders  DARPA and Naval Research Labratory 2001-2006  EFF – 2004-2005
  • 17. Tor Tools  Torbutton  Tor Browser Bundle  Vidalia  TorCheck  Arm  Tor-ramdisk  Anthony G. Basile from Buffalo
  • 18.
  • 19. Tor Control Port  Telnet to the control port authenticate "“  Create custom circuits (long or short) extendcircuit 0 a,b,c,… extendcircuit 0 a,b  Show live circuit information setevents circ  Change configuration on the fly setconf confitem  Map a site to an exit node Mapaddress google.com=a.b  Reload a configuration Getconf confitem
  • 21. Tor Passive Attack Vectors  Traffic profiling – entry and exit analysis  Cleartext exit node transmission  Fingerprinting - OS, browser, configuration, activity  Timing correlation  Network partitioning  End to end Size correlation
  • 22. Tor Active Attack Vectors  Compromised keys  Malicious web servers  Malicious Exit/Relay nodes  DoS non-controlled nodes  Timestamping and tagging  Injecting or replacing unencrypted info  Malicious Tor client
  • 23. Tor Client Side Attacks  DNS rebinding  Disbanding attack – javascript, java, flash  History disclosure  Timezone information (partitioning)
  • 24. Social Engineering Attacks  Getting more traffic  “Use my relay. I have huge tubes!”  “Nick’s relay sucks”  “I’ve added a feature to my node.”  Replacement  687474703a2f2f7777772e726f63686573746572323 630302e636f6d2f6861782f  Partitioning  “Don’t use servers from this country”  “These servers are amazing!”
  • 25. More Info  www.torproject.org  Metrics.torproject.org  Blog.torproject.org  Check.torproject.org  @torproject