Tor project: Anonymity online
©www.sti-innsbruck.at
Copyright 2012 STI INNSBRUCK www.sti-innsbruck.at
Overview
• What is Tor?
• What is under the hood?
• Who is using Tor?
• Hands on
www.sti-innsbruck.at
2
What is Tor?
•
Tor was originally designed, implemented, and deployed as a thirdgeneration onion routing project of the U.S. Naval Research Laboratory
[1], for the primary purpose of protecting government communications.
•
Tor is a free tool that allows people to use the internet anonymously.
• Basically, Tor protects you by bouncing your communications around
a distributed network of relays run by volunteers all around the
world: it prevents somebody watching your Internet connection from
learning what sites you visit, it prevents the sites you visit from
learning your physical location, and it lets you access sites which
are blocked.
•
Tor anonymizes the origin of your traffic!
www.sti-innsbruck.at
3
What is Tor?
IP address that appears
via the Tor browser
IP address that appears
via other browsers at
the same time
www.sti-innsbruck.at
4
What is under the hood?
Basic knowledge from networks
•
Internet data packet consists of two kinds of data:
– control information (header): provides data the network needs to deliver the user data
(e.g. source and destination addresses, error detection codes like checksums, and
sequencing information);
– user data (also known as payload): whatever is being sent, whether that's an email
message, a web page, or an audio file.
•
Even if you encrypt the data payload of your communications, traffic
analysis still reveals a great deal about what you're doing and, possibly,
what you're saying. That's because it focuses on the header, which
discloses source, destination, size, timing, and so on.
Figure from http://www.totalsem.com/files/MMP_N_ch1.pdf
www.sti-innsbruck.at
5
What is under the hood? (cnt’d)
Tor is based on Onion Routing, a technique for anonymous communication
over a computer network.
Steps
• Messages are repeatedly encrypted and then
sent through several network nodes called
onion routers.
• Each onion router removes a layer of
encryption to uncover routing instructions, and
sends the message to the next router where
this is repeated. This prevents these
intermediary nodes from knowing the origin,
destination, and contents of the message.
Onions
http://en.wikipedia.org/wiki/Onion_routing
www.sti-innsbruck.at
6
What is under the hood? (cnt’d)
User's software or client
incrementally builds a circuit of
encrypted connections through
relays on the network.
www.sti-innsbruck.at
7
Who is using Tor?
•
Normal people (e.g. protect their browsing records)
•
Militaries (e.g. military field agents)
•
Journalists and their audiences
(e.g. citizen journalists encouraging social change)
•
Law enforcement officers
(e.g. for online “undercover” operations)
•
Activists and Whilstblowers
(e.g. avoid persecution while still raising a voice)
•
Bloggers
•
IT professionals (e.g. during development and operational testing, access internet
resources while leaving security policies in place)
www.sti-innsbruck.at
8
Tor project
Software and Services under the Tor project umbrella:
•
•
•
•
•
•
•
•
•
•
•
•
Torbutton
Tor Browser Bundle
Vidalia
Arm
Orbot
Tails
Onionoo
Metrics Portal
Tor Cloud
Obfsproxy
Shadow
Tor2web
https://www.torproject.org/projects/projects.html.en
www.sti-innsbruck.at
9
Hands on
•
•
Demo
Metrics: https://metrics.torproject.org/ http://tigerpa.ws/tor_metrics/
www.sti-innsbruck.at
10
References
1. Onion Routing http://www.onion-router.net/
2. Tor project: http://www.torproject.org
3. Roger Dingledine, Nick Mathewson, Paul SyversonTor: The Second-Generation Onion
Router
4. Len Sassaman: The Faithless Endpoint How Tor puts certain users at greater risk
www.sti-innsbruck.at
11