Describes the fundamentals of anonymous communication and how Tor provides effective anonymity.

1. Onion Routing and Tor:
Fundamentals and anonymity
Anurag Singh

2. Anonymity: Overview

3. What is Anonymity ?
 Anonymity is the state of being
unidentifiable within a set of subjects.
◦ Hide your activities among others’ similar
activities
◦ You cannot be anonymous by yourself!
 Unlinkability of action and identity
 Unobservability (hard to achieve)
 Observer cannot even tell whether a certain
action took place or not

4. You Are Not Anonymous
 Your IP address can be linked directly to
you
◦ ISPs store communications records
◦ Usually for several years (Data Retention
Laws)
◦ Law enforcement can subpoena these
records
 Your browser is being tracked
◦ Cookies, Flash cookies, E-Tags, HTML5
Storage
◦ Browser fingerprinting
 Your activities can be used to identify

5. Who Uses Anonymity
Systems ?
 “If you’re not doing anything wrong,
you shouldn’t have anything to hide.”
• Implies that anonymous communication is
for criminals
 The truth: who uses Tor?
• Journalists
• Business executives
• Law enforcement
• Military/intelligence
• Human rights activists
personnel
• Normal people
• Abuse victims
 Fact: Tor was/is developed by the Navy

6. Why Do We Need Anonymity
?
 To protect privacy
◦ Avoid tracking by advertising companies
◦ Viewing sensitive content
 Information on medical conditions
 Advice on bankruptcy
 Protection from prosecution
◦ Not every country guarantees free speech
 To prevent chilling-effects
◦ It’s easier to voice unpopular or
controversial opinions if you are
anonymous

7. Anonymity Layer
 Function:
◦ Hide the source,
destination, and content of
Internet flows from
eavesdroppers
 Key challenge:
◦ Defining and quantifying
anonymity
◦ Building systems that are
resilient to
deanonymization
◦ Maintaining performance
Applicatio
n
Anonymity
Presentatio
Sesnsion
Transport
Network
Data Link
Physical

8. Related Work
 Chaum’s Mix-Net design
◦ Correspondence hiding between sender &
receiver by wrapping messages in layers
and relaying through “mix” routers.
 Babel ‘s Mix master and Mixminion
◦ Try to maximize anonymity at the cost of high
latency.
 Anonymizer
◦ Single-hop proxy
 PipeNet
◦ Low-latency design giving user anonymity by
shutting down the network by not sending.

9. Related Work
 P2P Tarzan and MorphMix designs
◦ Rely and generate traffic for other participating
users and hide who originated or relayed a
request.
 Hordes/Crowds
◦ Hides the initiator of traffic thorough multicast
responses
 Freedom
◦ Supports session keys and address of the server
in a circuit.
 Rennhard’s Anonymity Network
◦ Builds circuits in stages which helps to obtain
perfect forward secrecy by extending them one
hop at a time.

10. Threats to Anonymity
 Traffic Analysis
◦ Passive traffic analysis
 Infer from network traffic who is talking to whom
 To hide your traffic, must carry other people’s traffic!
◦ Active traffic analysis
 Inject packets or put a timing signature on packet flow.
 Compromised network nodes (routers)
◦ It is not obvious which nodes have been
compromised
 Attacker may be passively logging traffic
◦ Better not to trust any individual node
 Assume that some fraction of nodes is good, don’t know
which

11. How Traffic Analysis Work ?
 Internet data packets have two parts:
◦ a data payload
 Generally Encrypted
 traffic analysis still reveals a great deal about what you're
doing and, possibly, what you're saying. because
◦ a header used for routing
 it focuses on the header, which discloses source,
destination, size, timing, and so on.
 simple traffic analysis
◦ sitting somewhere between sender and recipient on
the network, looking at headers.
 sophisticated traffic analysis
 Encryption does not help against these attackers,
since it only hides the content of Internet traffic,
not the headers.

12. Onion Routing (Original)
 A technique
for anonymous communication
over a computer network.
 Messages are repeatedly encrypted and
then sent through several network nodes
called onion routers.
 Like someone peeling an onion,each onion
router removes a layer of encryption to
uncover routing instructions, and sends the
message to the next router where this is
repeated.
 This prevents these intermediary nodes
from knowing the origin, destination, and
contents of the message.

13. Onion Router and Analogy

14. Tor
(The Second Generation Onion
Router)
 a distributed, anonymous network
 reduce the risks of both simple and
sophisticated traffic analysis by
distributing transactions over several
places on the Internet.
 data packets on the Tor network take
a random pathway through several
relays.
 no observer at any single point can tell
where the data came from or where
it's going.

15. Tor
(The Second Generation Onion
Router)
 Basic design: a mix network with
improvements
◦ Perfect forward secrecy
◦ Introduces guards to improve source
anonymity
◦ Takes bandwidth into account when
selecting relays
 Mixes in Tor are called relays
◦ Introduces hidden services
 Servers that are only accessible via the Tor
overlay

16. Deployment and Statistics
 Largest, most well deployed anonymity
preserving service on the Internet
◦ Publicly available since 2002
◦ Continues to be developed and improved
 Currently, ~5000 Tor relays around the
world
◦ All relays are run by volunteers
◦ It is suspected that some are controlled by
intelligence agencies
 500K – 900K daily users
◦ Numbers are likely larger now, thanks to
Snowden

17. How Tor Works ?
Courtesy:
https://www.torproject.org/about/overview.html.en

18. How Tor Works ?...Circuit
Setup
Courtesy:
https://www.torproject.org/about/overview.html.en

19. How Tor Works ?....new
connection
Courtesy:
https://www.torproject.org/about/overview.html.en

20. Tor Enhancements over
Previous
Onion Routing applications
 Tor uses telescoping path-built design
◦ Previous designs allowed hostiles to record traffic
and compromise successive nodes.
 Tor uses SOCKS proxy interface
◦ Previous designs required a separate application
proxy for each application protocol.
 Tor is able to share one circuit for many
TCP streams
◦ Previous designs required a separate circuit for
each application level request. Which is a threat to
anonymity.
 Leaky pipe circuit topology

21. Tor Enhancements over
Previous
Onion Routing applications  Directory servers
◦ Previous designs resorted to flooding info on
the network.
 Variable exit policies
 End-to-end integrity checks
◦ Previous designs had no integrity checks.
 Rendezvous points/hidden services
◦ Previous designs included replay onions.
 Congestion control: uses end-to-end
acks
◦ Previous designs didn’t address traffic
bottlenecks.

22. Hidden Services
 Tor is very good at hiding the source of traffic
◦ But the destination is often an exposed website
 What if we want to run an anonymous
service?
◦ i.e. a website, where nobody knows the IP
address?
 Tor supports Hidden Services
◦ Allows you to run a server and have people
connect
◦ … without disclosing the IP or DNS name
 Many hidden services
◦ Tor Mail, Tor Char
◦ DuckDuckGo
◦ Wikileaks
• The Pirate Bay
• Silk Road (2.0)

23. Hidden Services Example:
Creating a hidden Server
Server creates circuits
to “introduction points”
Server gives intro points’
descriptors and addresses
to service lookup directory
Client obtains service
descriptor and intro point
address from directory

24. Using a Location Hidden
Service
Client sends address of the
rendezvous point and any
authorization, if needed, to
server through intro point
If server chooses to talk to client,
connect to rendezvous point
If server chooses to talk
to client,
connect to rendezvous
point
Client creates a circuit
to a “rendezvous point”

25. Staying Anonymous
 Tor can't solve all anonymity problems.
 It focuses only on protecting the
transport of data
 to protect your anonymity, be smart.
 Tor does not provide protection against
end-to-end timing attacks:
◦ If your attacker can watch the traffic coming
out of your computer, and also the traffic
arriving at your chosen destination, he can
use statistical analysis to discover that they
are part of the same circuit.

26. The Future of Tor
 Providing a usable anonymizing
network on the Internet today is an
ongoing challenge.
 Recent activities like NSA snooping.
 More number of users attracted
towards Tor.
 Each new user and relay provides
additional diversity, enhancing Tor's
ability to put control over your security
and privacy back into your hands.

27. THANKYOU