MTAT.07.017 Applied Cryptography

MTAT.07.017
Applied Cryptography
Tor
University of Tartu
Spring 2015
1 / 16
Tor
“Tor is a software for enabling online anonymity and
censorship resistance. Tor directs Internet traffic
through a free, worldwide, volunteer network
consisting of more than six thousand relays to
conceal a user’s location or usage from anyone
conducting network surveillance or traffic analysis.”
https://en.wikipedia.org/wiki/Tor_(anonymity_network)
2 / 16
Tor
• Privacy against who?
• No single node knows the entire path!
3 / 16
Onion Routing
• Data received by router A:
• Ea (b, Eb (c, Ec (dest, m)))
• Data received by router B:
• Eb (c, Ec (dest, m))
• Data received by router C:
• Ec (dest, m)
4 / 16
Tor Nodes
5 / 16
Attacks: Correlation Attack
• End-to-end correlation
• Malicious relays
6 / 16
Attacks: Malicious Exit Node
•
Sniffing
•
WikiLeaks
Man-in-the-middle attacks
•
•
Spoiled Onions
7 / 16
Attacks: Malicious Exit Node
8 / 16
Attacks: Deanonymization
•
Browser fingerprinting
•
IP leakage through DNS requests
•
Malicious Java applets
•
Client-side exploits
•
Tor Browser Bundle
9 / 16
Tor Bridges
•
Tor detection/blocking
•
•
•
Bridges - relays not published in the main
directory
Distribution of bridge relays
•
•
•
http://torstatus.blutmagie.de/
HTTPS distribution point
[email protected]
Obfuscated bridges
10 / 16
Tor Hidden Services
Reachable using .onion address (e.g., duskgytldkxiuqc6.onion)
11 / 16
Tor Hidden Services (setup)
# apt-get install tor
# cat /etc/tor/torrc | grep HiddenService
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
# /etc/init.d/tor restart
# cat /var/lib/tor/hidden_service/private_key
-----BEGIN RSA PRIVATE KEY----MIICXAIBAAKBgQC1+cMw5yIBE6AqBVaQdQZwoLOedUqxT
+xvJ8i+HPSYHqWJYHtSP816zvoVeIHLrVk8GBMJEXv346
...
# cat /var/lib/tor/hidden_service/hostname
c357h6fa4m5zmj4f.onion
12 / 16
TorChat (Instant Messenger)
$ sudo apt-get install torchat
$ torchat
13 / 16
TorChat Protocol
1. ping nwtuvtf4sidu6mlf 87656434567876
4. pong 4566885558874
Tor network
nwtuvtf4sidu6mlf.onion
2. ping c357h6fa4m5zmj4f 4566885558874
3. pong 87656434567876
c357h6fa4m5zmj4f.onion
• Two connections:
• Outgoing connection to send data
• Incomming connection to receive data
• Handshake process authenticates incomming connections
• Commands (command separator – newline character):
• message – UTF-8 encoded message.
• status – available, away or xa
• add me – request addition to buddy list
• profile name – name in the buddy list
14 / 16
Task
Implement TorChat client compatible with official TorChat client:
$ python torchat.py --myself c357h6fa4m5zmj4f --peer j2ko25d2vxxbvz6p
[+] Connecting to peer j2ko25d2vxxbvz6p
[+] Sending: ping c357h6fa4m5zmj4f 851513207851584792331050
[+] Listening...
[+] Client 127.0.0.1:49774
[+] Received: ping j2ko25d2vxxbvz6p 4276199285361339873144421300330966910603239
[+] Received: pong 851513207851584792331050
[+] Sending: pong 4276199285361339873144421300330966910603239202743241912335184
[+] Received: client TorChat
[+] Received: version 0.9.9.553
[+] Received: profile_name Bob
[+] Received: status available
[+] Sending: add_me
[+] Sending: status available
[+] Sending: profile_name Alice
[+] Received: status available
[+] Received: message Who are you, Alice?
[?] Enter message: I am your friend.
[+] Sending: message I am your friend.
[+] Received: status available
[+] Received: status available
[+] Received: status available
15 / 16
Task
•
Setup Tor hidden service for port 11009 (redirected to
127.0.0.1:8888)
•
Connect to peer’s .onion address on port 11009 and send
ping command with random cookie
•
Listen on 127.0.0.1:8888 for peer’s connect-back
• Check if the cookie in peer’s pong command match the cookie
you sent
•
Send pong command with peer’s cookie over outgoing
connection
•
Send add me, status and profile name commands
•
After every message received read and send response
message
16 / 16