Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Presented by
• Alessandro Granato
• Emilio Cruciani
• Giovanni Colonna
• Silvio Biagioni
Deanonymization
Web Security and ...
Presented by
• Alessandro Granato
Information
• http://www.slideshare.net/AlessandroGranato/deanonymization-in-tor-web
• l...
• What is Anonimity?
▫ Colloquial use – Web use
• What is Data Anonymization?
▫ Information Sanitization
▫ Security Privac...
• Tor is a free SW for anonymous communication
▫ Volunteer relays to conceal user’s location
Introduction – The Onion Rout...
• Monitoring to guarantee safety
• Tor abused by Cybercrime and Terrorists
• Monitoring capabilities over anonymizing netw...
• Tender for companies: “Perform research, code ‘TOR’ (Navy)”
• Develop technology to track Tor’s users
Russia vs Tor
Rewa...
• Counter-Attack to deanonymizers in Tor Network
• Philipp Winter
• Stefan Lindskog
• Karlstad University
Spoiled Onions: ...
• Tor circuits are encrypted tunnels
• Exit Relays -> Open internet -> Final destination
• Traffic usually lacks of end-to...
• Goal: find malicious exit relays
▫ Develop an exit relay scanner
▫ Design browser extension patch
 Fetch and compare su...
• Python based exit relay scanner
• Create custom circuits to exit relays
• Circuits probed by modules
▫ Estabilish decoy ...
• Fetch network to know online exit relays
• Get fed with set of exit relays
▫ Random permutation
• Initiate circuits over...
• HTTPS module
▫ Fetches decoy destination’s X.509 certificate -> extract fingerprint
▫ Compare to expected fingerprint (h...
• In 2014:
▫ N = 1000 exit relays
▫ M = 25 malicious exit relays
▫ 2 relays: DNS censorship
▫ 1 relay: misconfigurated
▫ A...
• Connection with decoy destination
• Change decoy’s certificate with their own self-signed version
• Certificate is not i...
• Subset of malicious relays run by same group of people
▫ Same self-signed certificate (Main Autority)
▫ Same country (Ru...
• ExitMap checks browser event DOMContentLoaded
▫ Whenever a document is loaded by the browser
• Check URI to find «about:...
• If Man in the Middle attack:
▫ Show a warning pop-up
▫ User can send info about the case
Spoiled Onions: Extension desig...
• In 2014 there were ~1000 Tor exit relays
• Researchers developed a scanner to monitor exit relays for 4
months
• M = 25 ...
• Slideshare:
▫ http://www.slideshare.net/AlessandroGranato/deanonymization
-in-tor-web
• Infosec:
▫ http://resources.info...
Thank you!
Deanonymization – The Onion Router
Web Security and Privacy course – 2015/2016 – «La Sapienza» University
Quest...
Prochain SlideShare
Chargement dans…5
×

Deanonymization in Tor web

258 vues

Publié le

This presentation introduces topics like Anonymity, Data Anonymization and De-Anonymization, then it focus the attention on possible security and privacy attacks in "The Onion Router" (Tor) web.
Lesson was made on 24/05/2016 for the "Web Security and Privacy 2015/16" course in "La Sapienza" University, Rome.

Publié dans : Internet
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Deanonymization in Tor web

  1. 1. Presented by • Alessandro Granato • Emilio Cruciani • Giovanni Colonna • Silvio Biagioni Deanonymization Web Security and Privacy course – 2015/2016 – «La Sapienza» University
  2. 2. Presented by • Alessandro Granato Information • http://www.slideshare.net/AlessandroGranato/deanonymization-in-tor-web • linkedin.com/in/alessandro-granato-40b03081 • a.granato.89@gmail.com Deanonymization – The Onion Router Web Security and Privacy course – 2015/2016 – «La Sapienza» University
  3. 3. • What is Anonimity? ▫ Colloquial use – Web use • What is Data Anonymization? ▫ Information Sanitization ▫ Security Privacy • What is De-Anonymization? ▫ Cross-reference Introduction
  4. 4. • Tor is a free SW for anonymous communication ▫ Volunteer relays to conceal user’s location Introduction – The Onion Router • Nested “Onion” encryption ▫ Encrypts Data, Sender IP, Receiver IP ▫ Through random circuits ▫ Last Relay!
  5. 5. • Monitoring to guarantee safety • Tor abused by Cybercrime and Terrorists • Monitoring capabilities over anonymizing networks Governments vs Tor People directly connected to Tor in 2014: 2.5 Mln Connected Users
  6. 6. • Tender for companies: “Perform research, code ‘TOR’ (Navy)” • Develop technology to track Tor’s users Russia vs Tor Rewards: 4 Mln rubles (~$ 111.000)
  7. 7. • Counter-Attack to deanonymizers in Tor Network • Philipp Winter • Stefan Lindskog • Karlstad University Spoiled Onions: Exposing Malicious Tor Exit Relays
  8. 8. • Tor circuits are encrypted tunnels • Exit Relays -> Open internet -> Final destination • Traffic usually lacks of end-to-end encryption • Man in the middle by design • Relays run by volunteers! ▫ Innocent ▫ Malicious Spoiled Onions
  9. 9. • Goal: find malicious exit relays ▫ Develop an exit relay scanner ▫ Design browser extension patch  Fetch and compare suspicious X.509 certificate  standard for a public key infrastructure (PKI) to manage digital certificates ▫ Probe exit relays for 4 months Spoiled Onions: The study
  10. 10. • Python based exit relay scanner • Create custom circuits to exit relays • Circuits probed by modules ▫ Estabilish decoy connections • Objective ▫ Provoke exit relays to tamper with these connections ▫ Reveal them! Spoiled Onions: ExitMap • Stem Library ▫ Implements Tor control port ▫ Inititiate/close circuits ▫ Attach streams to circuits
  11. 11. • Fetch network to know online exit relays • Get fed with set of exit relays ▫ Random permutation • Initiate circuits over exit relays • Invoke desired probing module that estabilish decoy connection ▫ __LeaveStreamsUnattached ▫ __DisablePredictedCircuits Spoiled Onions: Using ExitMap
  12. 12. • HTTPS module ▫ Fetches decoy destination’s X.509 certificate -> extract fingerprint ▫ Compare to expected fingerprint (hard-coded inside) ▫ If mismatch -> ALERT! • SSLSTRIP module ▫ Sslstrip attack: rewrite HTTPS answer as HTTP ▫ Silent attack: browsers don’t show alert  You must notice the absence of TLS indicator (green address bar) ▫ The module verifies if the expected HTTPS link was «downgraded» to HTTP Spoiled Onions: Probing modules
  13. 13. • In 2014: ▫ N = 1000 exit relays ▫ M = 25 malicious exit relays ▫ 2 relays: DNS censorship ▫ 1 relay: misconfigurated ▫ All the others: MitM attack Spoiled Onions: Enemies Found!
  14. 14. • Connection with decoy destination • Change decoy’s certificate with their own self-signed version • Certificate is not issued by trusted autority of Tor’s certificate store • Probable Man in the Middle attack! ▫ User redirected to the about:certerror warning page Spoiled Onions: Enemies Found! (cont’d)
  15. 15. • Subset of malicious relays run by same group of people ▫ Same self-signed certificate (Main Autority) ▫ Same country (Russia) ▫ Same VPS provider ▫ Same netblock (176.99.0.0/20) ▫ Same old version of Tor ▫ Same destination target: Facebook  Social Networks are often attacked using MitM Spoiled Onions: Enemies Found! (cont’d)
  16. 16. • ExitMap checks browser event DOMContentLoaded ▫ Whenever a document is loaded by the browser • Check URI to find «about:certerror» warning page • If found, there is self-signed certificate • It can be authentic, but not in tor certificate store • Refetch certificate with another circuit • Compares the two fingerprints ▫ If same = authentic ▫ If not same = MitM attack Spoiled Onions: Extension design
  17. 17. • If Man in the Middle attack: ▫ Show a warning pop-up ▫ User can send info about the case Spoiled Onions: Extension design (cont’d)
  18. 18. • In 2014 there were ~1000 Tor exit relays • Researchers developed a scanner to monitor exit relays for 4 months • M = 25 malicious exit relay discovered • The majority of MitM attacks were coordinated • To avoid user deanonymization ▫ Developed ExitMap ▫ Developed a set of patches for Tor browser which are capable to fetch self- signed certificates to evaluate their trust-worthiness and advise the user Spoiled Onions: Conclusion
  19. 19. • Slideshare: ▫ http://www.slideshare.net/AlessandroGranato/deanonymization -in-tor-web • Infosec: ▫ http://resources.infosecinstitute.com/hacking-tor-online- anonymity/ • Spoiled Onion paper: ▫ http://www.cs.kau.se/philwint/spoiled_onions/techreport.pdf Useful links
  20. 20. Thank you! Deanonymization – The Onion Router Web Security and Privacy course – 2015/2016 – «La Sapienza» University Questions?

×