This is the presentation made by Jaskaran Singh Narula for Null Monthly Meet @ Bhopal

1. Introduction to Tor
BY JASKARAN NARULA

2. About Me
Blogger
Security Enthusiast
Intern @Techilaw.com
Engineer

3. Agenda to Cover
1) Why do we need anonymity ?
2) Introduction to tor Network
2) What is Tor Browser(onion Browser )
3) How tor Works
4) Concept behind Tor
5) What is tor relay ? How to be safe with tor
6) How to be safe with tor
7) Deep Links on Tor
8) Deep Sources about Tor
9) Tor Services

4. Why Do we Need
Anonymity?

5. • To hide user identity from the website we
visit
• To hide our Internet usage from hacker
• To circumvent out Censorship
• To hide browsing pattern from Employer or
ISP
• To hide data packers even if they get
captured.

6. What is Onion Routing ??
Onion is a flexible communications infrastructure that is resistant to both
eavesdropping and traffic analysis.
Onion routing was a method developed where the transparency of
what is getting transferred was removed and messages and
communication was done in a encrypted form.
Onion routing was havinga lot of drawbacks due to which we need to
develop a lot of new and advance features so as we can't even get
tracked/monitored resulting we developed Tor Browser.

7. Onion/Tor Browser
 The Onion Router (Tor) is an open-source software
program that allows users to protect their privacy and
security against a common form of Internet surveillance
known as traffic analysis. Tor was originally developed
for the U.S. Navy in an effort to protect government
communications. The name of the software originated
as an acronym for the Onion Router, but Tor is now the
official name of the program.
 It is the most used software, due to the services it hosts,
in addition to its reliability over the years.

9. How Tor Works??
 Tor uses the same methodology and concepts which onion routing was
using in it but tor also handles problems like traffic analysis, which has
become a big issue. For which tor network sends the data packets by
distributing your data over server places on the internet.
 Now with this your connection is not directly established to any web server
along with you data packets do not take any common route to that
particular web server.
 When we make a tor network, the tor software make a network where
there a different servers and which have the information that from where
the data is coming and to which next node/relay it needs to transfer.
 No one individual server or the node knows the full path of the packet that
transfers through it.

10. Introduction to Tor Network
 Tor aims to conceal its users' identities and their
online activity from surveillance and traffic analysis
by separating identification and routing.
 This is done by passing the data through a circuit of
at least three different routers with packing the
message packets with multiple IPs.
 The data that passes through the network is encrypted,
but at the beginning and end node, there is no
encryption.

11. Tor Routing

12. What is Tor Relay?
In a normal language you can call tor relays as normal routers, but with some
differences as well.
In normal routing our path can be captured from where the request is generated
and till where it will be going. Messages over this path are not encrypted.
Messages over tor network are always encrypted from end-to-end, but there are
some places where our request is not encrypted
I.e the starting relay and (if possible in most cases) end relay.

13. DNS and DNS LEAK
DNSLEAK is a website through which you can keep a track that what DNS you are giving to
a web server and what is your actually DNS.
How to use DNSLEAK
• To to www.dnsleak.com from a normal web browser check your current ip and ISP's
dns
• Now go to tor browser and then go this website and check your ip and ISP's dns.
Both the results will have a huge change.

14. Alternatives to Tor Browser
 There are no. Of alternatives other than tor
which helps you to be anonymous over the web.
 I2P
 Trails
 Subgraph OS
 Freenet
 Freepto

15. Do Tor has Weakness?!

16. Weakness of Tor
 Autonomous System(AS)eavesdropping
 Exit node eavesdropping
 Traffic-analysis attack
 Tor exit node block
 Bad Apple attack
 Sniper attack
 Heartbleed bug

17. Autonomous System(AS)
Eavesdropping
If an Autonomous System (AS) exists on both path segments from a client
to entry relay and from exit relay to destination, such an AS can
statistically correlate traffic on the entry and exit segments of the path
and potentially infer the destination with which the client
communicated. In 2012, LAST or proposed a method to predict a set of
potential ASes on these two segments and then avoid choosing this
path during path selection algorithm on client side. In this paper, they
also improve latency by choosing shorter geographical paths between
client and destination.

18. Exit node eavesdropping
As Tor does not, and by design cannot, encrypt the traffic
between an exit node and the target server, any exit node is
in a position to capture any traffic passing through it that does
not use end-to-end encryption such as SSL or TLS. While this
may not inherently breach the anonymity of the source, traffic
intercepted in this way by self-selected third parties can
expose information about the source in either or both of
payload and protocol data

19. Bad Apple attack
This attack against Tor consists of two parts: (a) exploiting an insecure
application to reveal the source IP address of, or trace, a Tor user and (b)
exploiting Tor to associate the use of a secure application with the IP
address of a user (revealed by the insecure application). As it is not a
goal of Tor to protect against application-level attacks, Tor cannot be
held responsible for the first part of this attack. However, because Tor's
design makes it possible to associate streams originating from secure
application with traced users, the second part of this attack is indeed an
attack against Tor. The second part of this attack is called the bad apple
attack. (The name of this attack refers to the saying 'one bad apple spoils
the bunch.' This wording is used to illustrate that one insecure application
on Tor may allow to trace other applications.)

20. Heartbleed bug
 Heartbleed is a security bug in the OpenSSL cryptography
library, which is a widely used implementation of the Transport
Layer Security(TLS) protocol. The vulnerability is classified as a
buffer over-read, a situation where software allows more data
to be read than should be allowed.
 The Tor Project recommended that Tor relay operators and
hidden service operators revoke and generate fresh keys after
patching OpenSSL, but noted that Tor relays use two sets of
keys and that Tor's multi-hop design minimizes the impact of
exploiting a single relay.

21. How to be Safe with Tor
 Close your Camera/mic (Physical Awareness)
 Be aware of Fraud websites (Bitcoins), and many other
websites.
 Don't use Windows. Just don't.
 Do not use JavaScript over tor browser, Be very reluctant to
compromise on JavaScript, Flash and Java. Disable them all
by default.

22. • Do Encrypt your Data Storage
• Do delete Cookies and site’s Local Data
• Don’t use your Real Email
• Don’t use Tor Browser Bundle
• Do Update your System

23. Tor Services
 Shopping Sites(Silk Road)
 Search Engines
 Illegal Sites
 Forums
 Hacking Communities
 Bitcoin Mixers
 Anonymous mail services
 Tutorials Sites
 Defense sites
 Data dumps
 Fake documents, fake passports, fake visa
 Highly confidential documents

24. References :-
 https://www.eff.org/torchallenge/what-is-tor.html
 http://kpynyvym6xqi7wz2.onion/
 Youtube vedios
 Duck Duck go searches

25. Questions
&
Answers??!!

26. Thank you
Find me @
Mail me @ :- jaskaran@rootcrack.com
Twitter :- @JaskaranNarula
Linkedin :- https://www.linkedin.com/in/jaskaran-narula/