Dr Gareth Owen: TOR - Attacks and Countermeasures
Show transcript [en]
hello everyone my name is gareth i'm going to talk to you about the tor network uh specifically i'm going to talk to you about vulnerabilities in the tor network uh how you can de-anonymize people and so on and so forth um a bit of background about me i'm not able to work in powerpoint there we go um i'm a career academic uh academics seem to get a rather bit of a bad press so hopefully i'm here to to change your mind uh when i volunteered for the talk i got i got an email through from the person organizing the talk saying you're not academics please don't talk about fluff so i was like so hopefully uh hopefully i'll i'll show
academics in a different light and uh i'm gonna talk about some of the technical details about tour but i'm gonna sort of sort of drop in out of the technical details so if you're not a technical person you can keep up and if you are hopefully i'll fill that need i currently run the digital forensics course at the university of portsmouth i teach everything as pretty much every lecturer does from forensics to cryptography but most academic staff i mean if you've been to university you see the academic staff teaching you the academic staff typically also spend quite a significant portion of their time doing research and this is doing publications and things like that my pacific interest is
in reverse engineering and memory forensics but about six or seven years ago i spent a good five years or so doing research into very large decentralized systems not that dissimilar to tall so um i'm going to talk to you today about how tour works i'll talk about how the actual infrastructure works how the network works i'm going to talk to you about how something called hidden services work and how you can de-anonymize not only visitors to hidden services but hidden services themselves i'll show you how you can de-anonymize users generally and then i'll also talk about finally the what's commonly known as the fbi exploit even if you've followed tour you'll know about about this and i'll show you the
actual exploit itself and some of the shell code from it as a show of hands how many of you have used tor so that's what about 80 keep your hand up if you run a relay keep your hand up if you run an exit oh you guys deserve a round of applause yes you really do oh and if you're not quite sure why we're clapping these guys and if in a few slides i'll explain to you why uh they deserve very much a clap um and why they may not be here next year so um i i i guess for a security uh conference uh most of you have been following the snowden leaks over the
last year i mean it's been a rather interesting year to be involved in um security in any sense of the word and there have been i think about three documents leaked on tour where gchq the nsa five eyes essentially had been working on trying to de-anonymize people from tour and exploit the tor network um i wanted to pick out one slide um with a rather notable point which says that they can de-anonymize a small fraction of users but can't de-anonymize everyone and that's essentially what i've talked to about today is how they can some of the techniques you can use to de-anonymize people without cheating essentially but also tell you how you can cheat although that's not
really what what the talk's about so just a primer for those of you who haven't used tor tor aims to essentially provide a couple of properties it's an anti-censorship tool which essentially means if you live in a country which firewalls the internet or filters internet traffic you can use tor to bypass that that internet filter and i'll talk to you a little bit later about some of the countries which have done that and and how we're trying to fix that um but in it but the sort of the two primary features really at the tour offers are anonymity and privacy a lot of people confuse these two terms and think they're actually the same thing they're
actually very different privacy essentially means that someone can't see what you're doing but they may know who you are an anonymity may is you know they don't know who you are but they might be able to see what you're doing now tour provides both of these but not necessarily at the same time right it depends very much where you are i want to give you an example before we specifically talk about tor perhaps the way initially that you may have wanted to to get these two things online before tour existed or if you didn't know about tour was via a proxy or a vpn you can go online and get cheap vpns that sort of
forward your traffic through australia or some country with different different laws to ads now the way a vpn typically works is you've got you on the left hand side here so here's all the users connecting into the vpn the vpn receives all of the traffic from the users and then spits out to the different destinations which they want to be going to now any observer looking from the outside can see oh that's what you're doing i was wondering what you were doing um i thought you were talking to someone in the audience right um so you can sorry so you could i thought he's talking to that guy for a long time what are you just gonna get
um right so you've got the all the users on the left hand side they may be doing something on the internet but typically the traffic from the user to the vpn of the proxy is encrypted in some way so even if you're sitting on this side of the vpn and you can observe all the traffic coming from the user you know who they are that you can't necessarily see what it is they're doing so that all that sort of stuff comes in through this vpn and if you can observe traffic coming out of the vpn you can see what the people are doing but not necessarily who they are you can see they're visiting twitter or wikileaks or
wikipedia and so on but you don't necessarily know who they are so nominativity provides privacy on the left-hand side so before the vpn so an attacker this side doesn't know what you're doing but provides a anonymity on the other side because necessarily traffic in many cases for example well i guess it is now to twitter but i think it's even wikipedia so these are pretty really bad examples um but lots of sites obviously that don't use https encrypted web traffic so you can see what they're doing and what they're visiting on these websites now of course there's one really fundamental problem with this and that is that if you own the vpn or you can in some way compromise the vpn
then all bets are off right you can see which user is coming in and exactly where they're going out to which site so the question is you know which vpns do you trust or which proxies do you trust a big question mark there's loads of them one's called hide my ass of all things you know which one do you trust they all put on their website we don't keep logs but there's many jurisdictions where you're required to keep logs um just because they say they don't keep logs why would you trust them so tour essentially attempts to solve this problem where you've got this sort of entity which is forwarding your traffic but you don't necessarily trust
that entity in some way so um tour is an open source project that means you can go online and get the code it means i can go online and get the code and change the code to do stuff to try and poison the tornado to do other stuff which is fun i'll talk to you about that a little bit later tor essentially provides these two properties the anonymity and the privacy but at slightly different points in the network so you think okay well these are two things that really you know say for example a nasty government doesn't want people to be able to do so who sponsors tour well one of the big sponsors of tour is actually the us
government even though tour itself is a real pain in the ass for some aspects of the us government so there's a bit of a bit of a a funny thing that's not to say that tour is compromised in any way because of its funding stream um that's not the case well as far as i know anyway and as far as many of us i guess probably probably suspect but who never really knows um isn't compromise necessary for because of its funding stream tour has a couple of different funding streams but one of the main ones is from from the us government and the us government want essentially there to be some sort of privacy and
anonymity tool because they want to promote human rights they want people in syria and iran and china and so on to be able to read websites which they shouldn't be able to do to try and sort of bring democracy as it were on the world as a whole now the idea behind tall is there's no single authority there's no single person in charge of it there's no single computer which is in charge with it the sort of the responsibility for the tor network is distributed over a large number of nodes there are some authorities which i'll talk about in a bit there's no single authorities is the main point that i'm trying to take now in the previous slide i showed you
that the proxy was that was that weeks was that weak spot right that was the thing which you know if you compromise the the the the proxy or the vpn server all bets were off so tor tries to sort of mitigate this risk so here we've got an alice called typical alice and user bob scenario we've got alex who's our user we've got a website or a person with whom alice wishes to communicate called bob and instead of just going through one hop to get to bob she goes through several hops in this case her messages her requests for web pages etc are going through three individual nodes across the tor network um the idea being that
you know it's a comp to sort of read bot uh alice and bob's traffic you know just controlling one of the nodes doesn't suffice just controlling one doesn't suffice you need to be able to control one or more than one node from the tor network to deanonymise people or to view what they're doing on on the internet now the way tor provides this is it um so here we've got again alice our user on the far left hand side we've got our three hops through that tour network now typically we call them the guard the relay and the exit the guard node is the first hop from the user so this is who the user talks
directly with that then goes through a second hop typically called just a relay in fact all of these are relays but you know a guard mode is just a relay that's in essence just the first hop in the network and then we've got the exit relay which is where alice's traffic exits from the network now the way the sort of the the the sort of resilience if you like to compromise if a single node is provided is through encryption several layers of encryption layers of an onion if you've ever seen the tour logo it's a picture of an onion it was originally called onion rooting or that's sort of deviated out from that a little bit now
so here we've got some data which the user wishes to send out to a web server all the way down this hand side what this user does is she encrypts it to the first node and then she takes that encryption to the first node and encrypts that so wraps it in another layer of encryption to the second node and then takes that and encrypts it and yet another layer of encryption to the final node so what's actually coming to the guard node here is the data encrypted three times this guard node can unwrap the outer layer because it's been encrypted to him as one of the layers so you can unwrap the outer layer and
work out where next the traffic is going to go to so in this case it can forward the traffic onto b but again b sees the traffic it's wrapped in two layers of encryption it can only unwrap one layer of the encryption and then one wraps that it tells you where it's going to next and so on and then it gets to to see can unwrap the last layer of encryption which actually gives you the data and then this final exit node sends it out to out to your destination now the idea here is that any individual node in this path or in this circuit only knows about the node before it and the node after it doesn't know about any
other nodes in the circuit so even if you built a very much much longer path you couldn't work out you know where those nodes were so you weren't even sure which one's necessary to compromise now let's talk about a couple of things so do you know what different harmonies so if i told you that the exchange of cryptographic keys was done with different harman what would that mean who's talking against somebody it's not no because it's sorry it is because it's authenticated different herman it's authenticated different helmet yeah um perfect forward secrecy is the thing that i'm looking for what that means is that if for example you're able to collect all traffic going through the tournament
i can store it you had a massive data center i don't know who does that obviously um you know store that over time right and then at some point in the future you're able to find out one of the keys for the tournament one of the tour nodes you wouldn't be able to decrypt traffic going back into the past and that's what you said quite correctly with perfect forward secrecy this is a property of the diffie-harmon key agreement protocol which is i guess comes under the umbrella of asymmetric cryptography along with rsa rsa doesn't provide this and that's why there's sort of a shift at the moment to try and push people to use um different helmet with our web servers
and so on because it provides us you know you can't decrypt stuff going back into the past it's a very nice property for for tour to have so um before i get on to actually doing the anonymized attacks and so on for those of you that may have had sort of a loose experience with tour you know so you might have visited the website you might have used it once and thought yours is really slow i'm not going to use this anymore anyway i'm not doing anything i'm not trying to bomb somewhere or anything like anything like that essentially there's a different there's sort of a whole range of different sort of code projects associated with tor the
core one really the most important one is the tor core program and this essentially does all the functionalities to be one of those nodes and to be one of the clients essentially connecting and using and using the network there are a couple of other tools if you've been on the tour website and you've downloaded something the tor browser bundle is probably what you've been directed to first this is a web browser packaged with the tor client so essentially it makes it almost point and click to use the tor browser and it provides loads of other safeguards against some of the sort of you know um easier attacks that we'll talk about in a few slides types
um if you use torla a couple of years ago so you know that's going back three or four years vidalia was a control mechanism to control the tour program and it gave a nice little gui interface to use it and so on torify and tour socks are really nice there are command line programs that allow you to root essentially any tcp application through tor so for example you can route ssh traffic through tor you could root rc traffic if any rc network didn't block tor which most of them do unfortunately you could root ifc traffic through tor and so on and so forth so you can essentially take any application that's really nice at the university
you've got a lab you can't ssh out of the lab because the firewall people are a bit crazy and they think it's dangerous so you can go into the lab and you can run tor and you can tell a tour we've got a fascist firewall that only allows certain types of ports out and it will try and root the traffic via report which is allowed and all of a sudden you can ssh out out of things who's used tor recently is tour slow who's used tour 10 years ago was tour slow yeah so if you used tor 10 years ago it was really really slow all right now it's not so bad you actually you could probably get used to
it using it every day if you chose to we'll talk about why you might want to see a little bit later arm is just a command line version of the dahlia so sort of a an administration tool for relays and so on um orbot is a an android client for tour so you can download that off the android marketplace you can make all of your traffic anonymous uh coming from your android phone you can browse the webinars anonymously and so on those who run the exit relay what's exonerator if you don't know what exonerator is you probably should do so if you run a tor exit relay which means you're this very last hop in the chain anything
a user does on the internet through your through essentially through your relay appears to come from your ip address right so you're running this i'm running an exit relay someone you know publishes a terrorist manual or something on those lines you know the fbi sees the website lo and behold my ip address is in the in the logs showing that it was me that uploaded the uploaded the terrorist manual to the website right um exonerator essentially is a database of all tour nodes which ever run and whether they're running whether they're allowing exit traffic from their nodes so if you're ever to get arrested you know now keep in mind those of you running an
exit relay i commend you for running an exit relay right i really do commend you for running an exit really um however has a real potential to screw up your day right i mean you may sit there thinking in your chair you know what you know if the police come to my door yeah they're gonna be you know they think it might be me but you know i'm just going to tell them that you i'm using tor and they're going to go away it's not going to happen right they're going to come to your house they're going to take all your equipment you know you're going to be under investigation for six months because it
gets put in a draw no one looks at it for six months and for that six months you're going to think am i going to go to jail or not you know it's really a really life-changing sort of consequence and i know a couple of people who have run towards this have actually essentially been through that situation so you know think very carefully before you run an exit relay you don't have to run an exit relay right you can run any other relay and be completely safe but if you do run an exit relay you really are you know well done but oh my god um not something i would do right and i'll talk if we get some time at the end
i'll explain some precautions you could take and maybe you guys can contribute some good proportions you can take on trying to minimize the risk from running an exit relay so exonerate if you ever get arrested you can point the police at exonerator and they can look it up and if they knew what tor was which they don't they could tell you that you're on an exit relay and then they just send you home and give you all your computers back which they won't um so in in terms of the tour program so as i said the tour program is the core thing it runs on the android it runs on uh linux windows etcetera etcetera
essentially the same code base just with some minor changes for the different platforms the tour program itself depending on the configuration opens up four ports which you can use um if you're using it as a client essentially you're going to use the sox port which is just a socks proxy it's just a standard type of proxy you can configure a web browser don't uh to use it you should use the tor browser bundle if you want to browse the web because your web browser will leak information we'll talk about that a second um and the two other ports tour port and the directory port uh directory report we'll talk about in a sec um the tour port is essentially for all
of the tour traffic which is going across across the network and then there's this final port called the control port um who knows smtp and pop you know who if i gave you a telnet terminal can you type in smtp commands right so if i told you the control port was essentially an smtp like protocol you know essentially what i meant right you can type commands and in text you press enter it tells you okay or no right very very simple protocol and you can control tor you can tell it to establish different routes to the tor network you can change all the settings of torque and so on and so so forth so really nice
port to use if you want to fiddle around with tour and get to do some interesting things and do some research for tour and so on um so i took one of the uh the the slides out from some of the gchq nsa leaks from tor um i actually think um i don't work for gchq nsa so i don't really have an insider view on this i think actually gchq and nsa are actually behind the state of the art in in terms of where academics are in terms of the state of the art for deanonymizing toys they're using you know they've essentially got taps on you know big pipes coming into and out of countries all across the world
you know they can see all the traffic they can inject traffic they can do essentially stuff which is cheating in my view um you know to to anonymize people so i said earlier if you want to browse the web with tor don't configure your web browser google chrome to use tor use the tor browser bundle now one reason for this is if you're using tor right you want to be anonymous right you don't want anyone to know who you are now you might use google chrome to browse the web and then a little bit later you change the google chrome settings to go through tour so you'll be anonymous but then your browser starts fetching
the ads in the title bars of pages you know double click ads for example they have a unique tracking cookie which identifies you and some of the nsa slides showed you know there's a list of nodes you know here they are using tor and here they aren't using tor and here's a double click tracking idea it's the same thing well we know it's the same person we know exactly what they're doing every time they go on go on the web so the tour browser bundle tries to protect you against these sorts of things so that's a very simple way on how you can sort of de-anonymize people if you've got that sort of super access to the network which really
most people don't don't have um i i put this in quote marks i should have put this in quick marks dumb users or naive users really i should probably say so you know users going onto forums and calling themselves gareth owen for example you know as their username and doing it through torah i mean that's really dumb and stupid but i'm going to give you an example of someone a little bit later who essentially essentially did that um we know the nsa from from the leaks is actively involved in exploitation um so we're going to talk about one of the exploits which they developed for tour a little bit later but you know essentially targeting either hidden
service websites you know just because you run a hidden website which i'll talk about in a sec you know it doesn't mean it's not it doesn't mean it's invulnerable to sort of traditional exploits and so on what primarily we're going to talk about is what called traffic confirmation and correlation attacks these are essentially what i would call fundamental weaknesses in tour rather than you know sort of round the edges types attacks side channel attacks against tour you know which are essentially cheating you know trying to exploit firefox or things like that i kind of consider those cheating although you know i mean they're very effective and if you're if you're the nsa or gchq then of course you know
they work so why wouldn't why wouldn't they use them um so looking at the sort of the nsa gch site at gchq slides it suggests they've had some success at doing something called traffic correlation academia has had a much much greater deal of success and sort of trying to de-anonymize people without doing any kind of exploitation or any kind of cheating or cheating on types of types of things so i'll explain precisely what that is in a second but first of all let me explain to you how you build routes through the tor network how do you figure out what your hops are going to be through that tour network well essentially if you run a tour relay
when you first turn it on it has to publish its information with the directory authority there's essentially 10 authoritative directory authorities you know they're essentially the the gatekeepers if you like to the tor network and they vote on relays that register with them so if a relay you set up a relay you register with one of the director authorities and then they all vote on that relay so they observe over a period of time some of them will try and establish circuits through them and so on and so forth and you know as they do this they'll vote on the reliability of that relay for certain uh certain types of properties um now these directory authorities vote on
this information and this voted on information is called something mythical called the consensus which is just essentially a list of relays in the tornado which have been voted upon by these directory authorities so they're kind of like the trusted in inverted commas relays if you if you like um so the director authorities vote on all of these relays and the properties which they've been assigned to them and then they each of them signs the the consensus with a cryptographic key and the public key component of this is embedded inside the talk client so anyone can verify if you've got a genuine copy of the tor client you can verify that the consensus is correct and what's in there
is correct now if you run a relay each relay am i talking too fast for you let me slow down a little bit okay so when you run a relay a relay is just you know it's just something which relays traffic right a guard node is a relay an exit node is a relay a relay there's a relay and so on and so forth but what the directory authorities do is give each of the relays flags so certain things which they should be able to do or certain properties which they've exhibited and so on and so forth so if you run a tour relay and you run for eight days and you offer a certain amount of bandwidth
after some time after eight days the director authorities say you're now eligible to be a guard node you're now eligible to be that very first hop in the chain and then over time over the next couple of weeks or so you know people start using as that using it as their very first hop in the chain right um likewise if you're on a tour relay and you set a tour up so that you can allow traffic to come out onto the internet from your don't uh it can run allow traffic to come out of your your things onto the internet right uh the the directory authorities will vote you as an exit node and say you know these nodes are
eligible to be exit nodes so when tor clients select their paths that's okay well i'm going to select my first hot from this got a set of guard nodes i'm going to select my exit node from the set of exit exit nodes and i'm just going to pick one randomly from from the remainder that that are there um so um as i say the direction authorities vote on these they give them certain types of flags and if you've been running for eight days you get the guard flag if you allow exit you get an exit flag when would you get a bad exit flag yeah so if you're running an exit relay right you can see all the traffic coming
out onto the internet from your node if you start trying to man in the middle ssl traffic there's a script which runs runs through the exit nodes periodically trying to establish ssl connections out of the uh the tour exit nodes and picks up essentially you know fake ssl certificates coming back for the different things so at the moment or in fact as of sunday there were exactly seven bad exit nodes nodes which have been flagged does bad exit because they're doing these ssl man in the middle attacks in fact a couple of weeks ago there were 25 so this sort of fluctuates up and down as time as time goes on but in in theory your
torque line should never select a bad exit node as an exit node right it's because they've been flagged already that doesn't mean there might not be an exit node which hasn't yet been flagged as one you know there's a bit of a lag time with much of this so let's talk about some obvious attacks in terms of de-anonymizing people and i'm not talking about you know doing exploitation or you know stealing cookies or anything on those lines i'm talking about fundamental weaknesses in tall so if we look at the tour the tour diagram for a typical typical circuit if if you could control all three of the relays then rather obvious right you can de-anonymize
people you can see what they're doing but what's slightly worse than that is if you control just the exit and the guard node node you can with high probability still de-anonymize people what we're essentially doing is looking for traffic patterns we're looking for packets coming in here that have say you know for example you know five packets with these particular delays between them for example coming in the guard node and then if we also control the draw the exit node we're also looking for that sequence of packets coming out the exit node and then we're correlating them now the the longer you establish a connection through the tour node the higher that probability becomes that
in fact you are the same person uh essentially doing that traffic so it's very much a probabilistic attack it's not saying it's definitely this person but over time it becomes much much much closer to certain that it is in fact uh that person
so really these are sort of traffic caused traffic correlation attacks we're trying to match the traffic coming in and the traffic going out up essentially can be used by a very powerful adversary i couldn't imagine one of those that has you know could have taps everywhere but essentially could be used by a very powerful adversary now it's slightly worse in the case of the nsa and gchq because if you've got taps and lots of pipes in fact you don't even need to run relays you can just watch traffic going into an existing guard node and watch the traffic coming out of an existing exit relay and in fact you can set traffic here as well which pushes
the probability up even higher that in fact it's the same person so when you've got a very powerful adversary you know i don't want to say all bets are off it's still the best thing we've got but it's certainly not guaranteed now the really interesting thing to note is here we've got three hops right if you edit the tor source code you can change the number of hops that your tour client builds and sort of the night sort of the natural way to think about it is well okay well if three hops isn't enough maybe i'll make it four or make it five or six or seven or eight i'll have as many hops as i like in my
particular circuit but it turns out in fact actually that doesn't increase or decrease very much your chances of being de-anonymized because to say we're still doing correlation attacks we're just doing them at the exit and the guard relay it doesn't really matter how many tops how many hops are in the middle it just changes the delays essentially between the garden the exit node so the time it's taking the traffic to travel between the two nodes uh through the tour network so it makes it a little bit harder but not really significantly harder so the default case is to run three relays through a circuit and that's generally considered to be sufficient provided all of them haven't been
no more than two no more than one of them has been compromised so the question is how do you get to be a tour node in someone's circuit if you want to de-anonymize them like say we're not a powerful adversary i'm just me and i want to start de-anonymizing one of you how do i go about de-anonymizing one of you i need to control the guard node and i need to control the exit node to do this traffic correlation and anonymize you so the question is how do i get to be your guard node and how do i get to be your exit node right i can't tell you which route to take through the tour node
to a network but essentially i can just run a large number of guard nodes and a large number of exit nodes and just hope that by chance you happen to pick my guard node and my exit node right just by just by chance and then we can do the correlation attack and work out in fact if it is you so tor tries to make this a little bit harder and tries to make it really a lot harder as i said if you control the guard node and the exit relay we can de-anonymize you right so what tor does is it says when you first start up tour you will pick three guard notes and you'll keep them for a really long
time and we're talking between one to three months typically you'll keep these three guard notes as your guard knows for between one and three months that means that either on day one you're screwed because someone's got your guard node or you're not right so with high probability you're not going to be screwed right on day one and for those three months you're gonna you're essentially gonna be safe now the reason why they kept for three months is because if i ran loads of guard nodes and every time we established a new circuit through the network with different guard nodes you know at some point you're going to pick my guard node i can't de-anonymize all of your traffic but i can
de-anonymize the traffic you've particular you know you sent through my guard node um at that particular point in time so it's kind of like an all or nothing you know we're either going to get you on day one or we're not going to get you at all and this the guard knows tries to sort of provide this scenario really um is there any sort of way of fixing this traffic correlation um there is something called high latency networks where you know you might go onto www.google.com but you've got to wait until tomorrow to get the home page right and that gives a much much longer period before you know you're going to get the home page
and makes these traffic correlation attacks really quite impossible works fine with mail and those sorts of things well it depends how urgent your mails are i guess but it works works sort of okay with mail but not with real-time traffic where we want real-time traffic sort of web traffic and so on and so forth so high latency networks are essentially um a partial solution to this but not not particularly practical the alternative is we can start injecting traffic into the tor network at different places we can start putting padding in so rather than just sending the sort of the the raw traffic between you know this node and this node this mode mode might choose at random to
inject padding traffic into the connection this node might choose at random to inject padding traffic and so on and so on and so forth it's just dummy traffic it gets dropped to the next zone makes this traffic correlation much much harder a present tour doesn't do this primarily because it overloads the network with traffic and traffic on the tor network is really constrained don't have a huge amount of traffic uh traffic capability or bandwidth rather um so at the moment it's not done but it could provide some resistance but not not really foolproof so everything i've talked about so far is okay yeah okay you can do the traffic correlation it's some probabilistic and so on and so forth
now i'm going to talk to you about something called no i'm not going to talk to you about this first and then i'm going to talk about hidden services it's much easier to anonymize people with hidden services when they when they use hidden services i'm going to talk about censorship firstly so i i said uh tour can be used to bypass censorship so if i'm sat in china and i want to read about a particular website which is blocked by the great fallout firewall of china you know i could use tor for example i can route my traffic through tour china can't see what i'm doing because my traffic is encrypted through tour and as long as i exit out onto the
internet in a different country to china it should in theory be okay so there are lots of countries which are trying to block tor because of this because it can be used to bypass the censorship china is one of them they are in fact three or four others this is a graph showing the traffic out of a certain type of nodes out of the tor network coming from china and you can see there's a rather big drop at this point and never really quite recovers china have been actively trying to block tor and they've tried a different a set of different types of techniques one very easy way to block tourists to just download this consensus of all of
the routers and say okay well i've got a list of all of the routers i can just ipv you know ip firewall them so that no one can contact them right very very simple way to to firewall all of the nodes out of china and of course we can download this consensus once an hour and just update the firewall rules very very easy to to to to to stop people accessing tor that way so tours try to counter this by introducing something called bridges bridges are nodes which don't appear in the consensus they're essentially guard nodes they're not but essentially guard nodes which you can use to connect into the tor network but they're not inside the consensus and
they're not widely publicized so what you do is you go on to the tour website and you have to enter a capture and you get given one or two i think there's three actually i think you get given a list of three bridges which you could use to connect to the tornado now you've got to go through a capture to get that list so it's very difficult to automate it you can't well there's a guy actually just a minute ago i wasn't there showing you how to break captures that's a bad example right i mean it's harder right harder harder with captures um so the idea is you know it's not publicly available so or not
easy to get the full list it's very very hard to get the full list so in theory you can't block all bridges and in fact you know i could ask a friend in the uk to run a bridge not tell anyone else about it and i'd go to china and i could use his computer to connect to the tour node it's not public anywhere so it kind of allows me in so uh china's got a bit a little bit cleverer so china has this thing called the great fire well as i say it's called the great firewall of china i don't think it's actually called the great four waterfall of china but everyone calls it the great
firewall of china so i'm going to call it a great firewall of china so the great firewall china citizens like round china sees all of the traffic coming out of china and they do deep packet inspection which means they look at the content of packets the content of the protocols going across the net and do things based on the content of this traffic a really sort of resource intensive thing so initially china started just inspecting the initial connection into the tour network the initial connection into the tor network is done over ssl and then sort of look for sort of triggers inside that initial connection it turns out that tor initially had certain characteristics about the
initial connection which were fairly unique to tor so china would use those as sort of an initial trigger and then it would actually connect to that node so say i'm in china i connect to a node and i connect over ssl and i send these sort of unique triggers these are saying oh that sort of like almost identifies it as tour traffic but not quite and then i you know start sending my tour traffic to it the great firewall of china records that connection and then about 15 minutes later another computer in china will connect to it and try and start talking tor and if the computer comes back and says yeah i'm tall or what traffic do you want to root
then the great fall why wall of china blocks it right this was spotted by some researchers a couple of years ago this is a little graph showing um how long after the initial connection to a bridge the great wall of china came in and actually scanned the node and tried to talk tried to talk to tortor and it was typically on 15 minute intervals throughout the following hour depending on the load of you know depending on the time of day and if china was particularly busy you know let's see traffic coming out they might add it add this node to a queue and say you need to check this later on and then i'll have some computers
somewhere else that would connect to a later date uh you know within the next hour or so and try and talk tour and if it was they'd they'd block it and they just these researchers did some really interesting things um you know they they sort of recorded all the ip address which tor was connecting to all these bridges and there was a large number of ip addresses so and it's definitely right it's definitely a nation state type thing they also tried a couple other things they fragmented the packets if any of you are doing sort of low-level networking stuff you can break a packet down into smaller chunks by a process called fragmentation it turns out that if you fragmented the
packets the great wall of firewall of china didn't do fragment reassembly to reassemble the packets and actually check the content of it just ignored it um so you know i mean that's expensive right for a firewall where you're you're doing like a whole country um so they found you could fragment the traffic and that would let it through um there's also something if you look through the tour specs tour have a couple of rfcs type documentaries they write great stuff to send you off to sleep but if you if you're sort of paying attention and you're spotting there there's actually a section on there something called authenticate which means that when you first connect to a bridge if you configure this option
the bridge will sit there and it won't do anything until you send essentially the correct password you can send it anything you like and it will just ignore you until you send the correct passes that means now the great four wire firewall of china needs to know about the bridge in advance and needs to know the password for it to scan it and see in fact if it is a a tour original um but you know you can kind of see this is kind of end up going to be a cat and mouse game you know where you know tour's going to change something china's going to catch up tour's going to change something it's
going to just keep going like this forever so tour projects are implementing something called plugable transports where essentially you could have you know a thousand different modules that implement tor perhaps over a custom protocol over an existing protocol et cetera et cetera and users can just plug in them in to tour and use a particular type of protocol to talk out of china so it can't get picked up by the firewall so let's get on to hidden services because this is really the thing i want to talk to you about um who's who's been to a hidden service okay about five or six of you right i mean that's there's some de-anonymization for you there
busted right um so here we've got alice alice is our typical users you who wants to browse the web and so on and so forth and here we've got bob bob might live in china and wants to run a political ball a political blog opposing the government right i mean you don't want to run that on your own home ip address because the chinese government is going to come and get you so you want to run it in a way which no one can find out where you are but if no one can find out how where you are how are people that want to talk to you going to find out where you are
well this is essentially what hidden services they try to solve this problem in the case of hidden services we have a user visiting a website called bob and both are anonymous to each other so bob doesn't know who or where alice is and alice doesn't know who or where bob is and you think well how can that possibly work i mean it's actually quite simple so bob when he first sets up his web server he establishes circuits to something called introduction points so three nodes which he picks randomly from the available tor relays and he picks three of them called introduction points and he builds a circuit to them so a typical three hop circuit
to that introduction point so none of the introduction points know who bob is and then bob publishes the list of introduction points to a database which we're going to talk about in a second and then it's available in this database now when alice wants to talk to bob she goes to the database she gets a list of introduction points so she builds a circuit to the introduction points and then essentially says meet me at a rendezvous point and then a rendezvous point is essentially another node in the network and both alice and bob build a three-hop circuit to this rendezvous point the rendezvous point doesn't know who alice is they're on every point sorry the rendezvous point is chosen by alice
but the rendezvous point doesn't know who bob is because bob's built a three-hop circuit to the rendezvous point and you know even if you could compromise the wrong movement point it makes it a bit difficult to to find those sorts of things out later now what we're going to focus on is this database right at the very top what is it that gets published in this database and what can we do with it because this is one of the techniques we can use to de-anonymize people is actually this this database itself now this database is not stored in one place it is distributed across the tor network and there are thousands of nodes upon which this database is distributed
there's no single place where the entire database is is stored now i'm going to digress a very little bit and explain something called distributed hash tables put your hand if you know what distributed hash table is okay so i'm not preaching to those who already know okay so imagine the scenario right you have a list of files and you've got 12 computers you want to be able to distribute these 12 files across those 12 computers just for sort of load balancing in essence right you know you might have each computer's got you know 20 gigabytes of 20 terabytes of storage and so on and so forth right so a list of files you want to distribute them across 12
computers now the question is how do you distribute them across 12 computers without having a single computer who's essentially in charge of allocating where it goes and we don't want that in talk as tor as a decentralized network we don't want a single computer in charge so the idea with a distributed hash table is we want to dis distribute these files across those 12 computers but in a particular way now one way it might be circle we take the file name and we take the very first letter from the file name and the very first letter from the file name dictates which computer the file gets stored on and then if someone wants to retrieve
the file at a later date they generate the file name they pick the first letter out and that tells them which computer it's going to be stored on there's a fundamental problem with that you know how many files do you have beginning with zed i mean i don't know probably not very many right i'll probably have a lot more beginning with g than i do with z for example so it doesn't evenly distribute the files across those computers which you know if it's used for load balancing that's essentially what you want so the idea with a distributed hash table is instead of taking the file name and using the first letter we first hash the file name and then
that dictates which computer of those 12 computers is going to be stored on now hash function is what we call a pseudorandom function the output from the hash function is random in essence is randomly distributed so even if i have gareth 1 and gareth 2 if i hash both of them you get completely different hashes right so in essence it essentially evenly distributes the files then across the computer now tor uses this for storing the descriptors for these for these hidden services so this is a tour hidden service website address all of the tour hidden service website addresses are dot onion who knows what the bit is before the dot they're like oh i can think i can almost
remember the bit before the dot is essentially just a hash of the the tour nodes public key that's why it doesn't look like anything particularly particularly useful what we're going to do is we're going to store that somewhere on a large set of computers now we want to try and do it in a way which we can allow computers to join the distributed hash table and to leave the distributed hashtag because that's what's going to work with a very large network like this so what we do is we draw a circle and this circle represents the hash space as it were so you can imagine the circle goes from zero all the way around to
ffffff right zero all the way around to ffff and what we're going to do is we're going to map hidden services onto this circle and then we're going to map nodes in the network onto this circle and that will tell us which nodes are going to store particular types of stuff so we take that hidden service address we map it onto the circle why you know it's between zero and fff essentially and then we take our relays in the network we map them onto the circle and the way tor works it says okay well the hidden service is going to be stored on the three nodes to the right in the circle so we plot the circle
which you can do because you've got a list of all the relays and you pick out the three nodes to the right and you're going to publish your descriptor to those three nodes to the right and then you're also going to store it in a different part of the circle as well just by changing the hash a little bit so there's a little bit of redundancy and that essentially means now nodes can leave and join the circle without essentially causing this hidden service to go completely unavailable so uh i'm going to skip over this because i think we're short on short on time uh we did a bit of an experiment earlier this year um we had a bit of spare time
so we thought what would be an interesting thing to do so we thought we'd look at tor hidden services with a big question here is tor hidden so our tour hidden service is evil for example you know as is the content on them really bad so we thought well it'd be really great to look at tor hidden services and find out just exactly what is on tour hidden services so my initial thought was well we take some of the directory sites we'll point a web call at it and we'll collect all the results but i thought well you know the nature of tor hidden services some of them aren't going to be in directories we're not really going to collect the
full list so we thought okay we need to collect the full list of all of the all of the nodes we know it's stored in this distributed hash table so in theory if we put ourselves on the distributed hashtag at different points what actually happens is you know i've said the tour hidden service appears here that actually changes day by day so every 24 hours the position on the circle changes so in theory if i just sat one position in a circle given an infinite amount of time i'd collect all of the hidden service addresses and i could start looking at them and seeing what's contained on them so actually what we did was we ran 40 nodes
we distributed them around this circle at different points and we just sat and waited and we just sat and waited for hidden services to register with us we store them in a database but what we're also able to collect if you think about it hidden services are publishing to us but also people are coming to us to ask for the hidden service descriptor so not only can i register the publication of the dot onion address but i can work out how many people are visiting it as well so i can lock up the number of hits as well i can't view if you view all the details and who it is because because they're um
it's encrypted but um essentially i can register hits and i can register all the onion addresses what do you think i found
so um we've got a database there's around about 50 000 onion addresses which have been published to our servers over the last sort of three months i think there's probably about 10 000 more which we haven't yet collected it just takes a little bit of time to collect all of these things does anyone know what cephenit or skynet are botnets essentially the botnets there was a presentation at blackhat a couple of years ago on using tor hidden services to run botnet command and control servers thinking well you know you can't trace the website so you can't shut it down so it'd be a really good place to run button botnet commander control servers and ever since
then loads of people started writing botnet botnets that use tor essentially to host these hosts these things it turns out the top 40 results are essentially botnet command and control service and you can see uh you know the top one there had 1.4 million hits a day a day right that's a day right and this particular botnet uh cephenit doesn't just have one toy hidden service address it's got loads right so it's not just 1.4 million hits a day it's actually much much larger it's pretty close to five or six million hits a day and we picked up a couple of others skynet is a rather notable one uh the the botnet master who runs skynet
did something called an ama which i've never heard of on on reddit which is uh i don't know what it stands for ask me anything right so you can go on this reddit site and ask people anything so the guy that ran the skynet tour as skynet botnet went on on this reddit thing and asked them you know you can ask me anything right you know i mean he's a really foolish kind of guy anyway it turns anyway he got locked up in december this year december last year i'm not really sure why um but um you know and he was on twitter as well i mean who runs a bot there and it's on twitter
seriously so we've also sort of ranked the other other sets of sites as well if you've been involved in tour you'll know that some of the tour content is really not very nice stuff unfortunately straight after botnet stuff or a particular class of abuse sites we ran a crawler which didn't fetch any images just fetched html content and this sort of stuff was easily identical using keyword searches through the images unfortunately this is the second most popular stuff that we collected by in terms of hits so the number of people visiting these sites straight after botnets and then straight after that came essentially directories linking to other tour hidden sites some forums some sort of like i guess
what are classed as hacktivist type websites those sorts of things um and there's a couple of search engines in there as well if anyone's interested look at the full database i'm quite happy to show it to you later and you can see you know if you've got a particular onion address you want to look at and how many hits it got for example per day i'm quite happy to show you that so how about de-anonymizing tor hidden service users people visiting tour hidden sites right i mean in many ways you think this is the holy grail right we've got really dodgy sites and really dodgy people visiting the really dodgy sites right so if we can work out who they are
then hey right win win it turns out it's actually really easy to de-anonymize people visiting tour hidden services really really easy so let's look at how a tour hidden service connects to a tour hidden service so a user connects to a tour hidden service a user has a guard node we've got the hidden service directory which is that distributed hash table spread out throughout the tour network and then we've got the tor hidden service itself which again is separated from the network by the tour network so when i want to visit this website i go into the tournament through my guard node and i connect up to the hidden service directory and say can i
have the descriptor for that tour hidden service the list of those introduction points where it's available and the in the service directory sends it back to me now think about this just for a second right i can position myself on that distributed hash table so that i'm the node responsible for a particular website right i can position myself wherever i want to be so that i know i'm going to i'm going to be receiving requests for a particular type of website so i now control one end of this connection right the user is talking to me right and i know that are looking for a particular type of site and you can think of these as kind of
like these requests for these descriptors uh perhaps very similar to dns requests and in in respect you know if i get a request for one of these sites you know they're doing it at the initial point of wanting to visit the website just like you would do with a dns request so i can send the user or whatever i want right i should probably send them the the hidden service to ship to which they ask for which i'm going to right but i can shape the traffic in a particular type of way right so i could send them you know just 20 packets for example or i could put it in 30 packets and so on and so forth
so if i control just the hidden service director node and the guard node stay with me on the guard node point right i can send traffic back down this pipe with a particular characteristic and i can spot that characteristic on the garden and i can de-anonymize someone that's visiting a particular website i can't tell what they're doing on that website but i know who they who they are in essence now the question is how do i control the guard node well think back to that gchq slide i slowed you on the very first thing where i said we can de-anonymize some people some of the time but it's very difficult to de-anonymize someone specifically right so if i want to deal
on wise you you know it's very hard for me to do that but if you're all visiting a tour hidden website the chances are that some of you are going to be going through my guard note and i can de-anonymize all of you yep know exactly who you are now some of you are sitting there thinking really i've been using tor i thought it was foolproof right here's a google map of everyone visiting uh a particular website a particular tour in service right this is all their original ip addresses run through a geoip database and plot it on a map right i mean it's that easy right really that easy if you control the guard node and
just by the rules of probability at some point you're going to control the guard node for some of the users right so um this was actually for a botnet this uh this wasn't me this was someone else that de-anonymized them but it was essentially for a botnet and and the guy guy theorized that you know at the time silk road was quite popular so you could de-anonymize everyone visiting silk road and you could say well you know people selling drugs and people buying drugs are going to have different behaviors really we want to go after the sellers and they're probably going to log in what once a day and twice a day three times a day but it's going to be fairly
regular every day type thing so just by on the frequency they visit their websites and how often it was you could probably figure out whether a buyer or seller and then selectively raid just the buyers rather than the sellers so how about de-anonymizing the tor hidden service itself can we use the same technique to de-anonymize the tool hidden service so again right the user can send data to the tor hidden service right so we control one end of the connection right the torrent service is talking to me and i can connect as many times as i like right so if if i'm the user and i control one of the guard nodes the hidden service happens
to use then i can send a signature of packets down through the network and i can watch from the guard node and if i see them that tells me that's probably the hidden service running that particular hidden server running that particular hidden service and think okay well what are the chances of your have you ever been in the guard node for the hidden service you know the hidden services keep them for three months typically between one and three months it's quite hard um some guys have shown that in fact you know even with moderate resources like five or six thousand pounds in server capacity on average you can de-anonymize a hidden service in eight months and actually work out
who they are right it's really not that difficult so let me just uh just just backtrack very very quickly right the signature we actually send is so that here the hidden service node or whatever it is sends a particular sequence of packets to the user now the guard node can't decrypt that traffic but what we found is that if you send for example just 50 packets so you send exactly 50 packets you can you can pick up the number of packets going down a particular circuit at the guard node and you think okay well what are the chances of there being another connection with exactly 50 packets coming through you might think it's pretty high well some
researchers in luxembourg essentially set up 300 000 connections that didn't do this and found none of them had exactly 50 packets right so it's not a it's still a probabilistic attack but it's a very high level of probability that it is in fact the right site or the right person doing and you can imagine doing it over a couple of months you see the person coming back and coming back and coming back you know it gives you a high degree of probability big question mark over whether that'll be sufficient to get a warrant and see someone's computer i don't know whether it would or not i'm not certain not seen any test cases on this
i don't think the police are even doing this i don't think gchq are doing it at the moment um but it's certainly possible this is a fundamental weakness in tour you know i mean this is a problem that's also very difficult to fix very very difficult to fix padding is one way to try and mitigate the risk but it doesn't really solve the problem completely so just the final thing i wanted to get on to is was silk road i thought i'd talk to you about the fbi exploit itself silk road was essentially ebay for drugs right the sellers were selling drugs and the buyers were buying drugs and it was a toy hidden service which
was essentially facilitating this and the guy running silk road was essentially you know taking a bit of profit from um from each transaction you know much like paypal might do right you know really a real business entrepreneur just with the wrong business really um to sort of to sort of make money so uh it it sort of estimated that silk road over its lifetime had around just over a billion pounds in revenue and uh that this chat that ran it had about eight million dollars in profit all in bitcoins though and if anyone knows how to cash in exactly 80 million dollars of bitcoins please come and tell me without causing a crash in the price of bitcoins i don't know
how you do that but he had 18 million pounds worth of bitcoins and he lived in a dinky little flat in san francisco somewhere um the police actually the fbi actually tracked him down not by weakness and tour um but actually just by sort of traditional detective work it turns out he'd been on a forum advertising his website and he'd signed it ross albrecht or all bricks whatever his name is on the forum and that sort of time just sort of collected this information correlated it all and identified him that sort of identified where he was going to that also managed to pick up a few other things which gave him a high degree of
confidence that in fact was him um that was doing it and they actually arrested him in a in a library in san francisco essentially caught by his own foolishness and in fact one of the fbi agents at the time posed as an assassin because he was trying to get someone assassinated uh you know no honor amongst thieves really so i don't know if you can see that yeah so so the fbi uh we know in fact no it was the fbi because the court papers have been released the fbi took advantage of this silk road was run on a set of servers called um run by an organization called freedom hosting which ran a whole range of
hidden hidden websites so the fbi in their ingenuity thought you know we've got opportunity here we've got freedom hosts and servers you know they host actually some really viral content as well so we could de-anonymize people from you know actually visiting these websites so it's a bit unclear as to who exactly developed the exploit itself it's either gchq or an sa or a combination of the two and then they have the fbi deploy it but essentially they took the freedom hosting websites and they put a zero day in the web page and then anyone that visited the website running the tour browser bundle a particular type of version would like firefox would run that exploit and it would
feed back that details back to the fbi server and essentially anonymise them essentially a couple of guys caught it a few days after a few days after um and there was a javascript exploit in the in the thing it's actually essentially exploiting a very complex bug in the way firefox works i'm going to talk to you more briefly about the sort of about the shower code itself because that's the really really the thing that's interesting the big question of course is is this legal is it is it legal to exploit a large number of people on a large scale some of whom are doing something quite innocent freedom hosting hosted some innocent websites incidentally and if you're sat home
right and the fbi exploit your computer and you haven't done anything wrong is that legal does anyone go to jail for that if they do that i mean probably should right i mean i don't think they don't think they will this is the reason we know that gchq and sa were evolved involved one of the leaks from from snowden actually referred to it was called egotistical giraffe the actual exploit presumably because tour uses egotistical and presumably because it's got a high head which shows where it is i presume um so i just wanted to show you the shell code very briefly i've also put on this this this web link here is a copy of the shower code
an annotated copy of the child code and a sort of a walkthrough in text if you're not familiar with reverse engineering on exactly how it works if you look at the javascript code here you can see a long list of hex characters in a string i mean that's characteristic of shell code for these types of exploits and if you take that code out just as a guess that that is in fact the shell code and disassemble it it does turn out to be shell code so when you run it through a disassembler this is what you get so this is running through a disassembler called indisazum and if you ever disassemble shell code and you're
not really that familiar with this assembly you'll be like what the hell i have no idea what's going on right no strings no exes to load up no dlls being loaded or anything like that you just see like a blob of instructions you're like what the what the what the hell what the hell is going on so i'm just going to very briefly talk to talk you through how you reverse engineer it and then and then we'll finish up so um the thing with shellcode is shellcode's injected into another program right so normally when you've got an exe file the exe headers say you know bring in this dll and that dll so you know where all the dlls are in
memory so you can run you know and call the windows api and so on and so forth shellcode doesn't have that luxury it's injected into a process it doesn't know precisely where all the dlls are so it's very common to have something called an api resolver embedded in the shell code and you call this api resolver to find out where different windows api functions or where the dlls are loaded so you can actually call them and it's fairly common to see this sort of this sort of pattern where you push a series of hex digits typically eight hex digits and then make a call to a register that pattern is quite common in shell code the register ebp
points to the shell code resolver and the hash or rather this number here actually describes which api function we're calling us actually calling so the process of reverse engineering the shell code is essentially saying okay well find out which api resolve is being used and then look up these hash functions and go through and comment them and say this is this api that's that api and so on and so forth and then you end up with something like this so this is the same shell code the only difference is i've added some comments to the right hand side on exactly what's going on so there's that hash there's that call to the api resolver and this hash
essentially maps to winsock which is the sort of internet connection dll and the connect function so we know at that point that it's establishing a connection out onto the internet somewhere the question is where is it establishing a connection to if you've ever written any c code you know when you do a connect you have to set up that horrible sin address structure and as and it's not prettiest thing in the world is it but that of course is going to be where the ip address is stored so typically when you see a call the parameters are pushed onto the stack just before it and one of these things which is pushed on is just that syn address structure
so we find it in memory there's the syn address structure it looks like a series of bytes but when you know what the synodress structure is you can comment the shell code and say okay well this is the ip address that's the port and this was the ip address it was registered somewhere in vancouver i think not vancouver va what's the va of the state code virginia that's it which is not that far from um one of the contractors for um uh for the f for the fbi incidentally um but we're not quite sure who was running it right i mean you look at the who is stuff you know who's who's running it but the interesting
thing is what the shell code did right i mean most shower code is going to try and get some sort of persistence install some malware on the computer that's the typical pattern for shell code this shellcode doesn't do any of that right it literally phones home so it contacts the fbi server or whoever service was and it sends them your mac address your computer's host name and a unique reference number aka everything that could be used to identify you right and then it stops right that's not how malware typically works right i mean that's you know if you're running a business right you're not going to make out of money by collecting people's mac addresses
it's not going to be particularly profitable so um i can't remember whether i put this on the website but it's fairly easy to patch this code if you look here there's the offsets for the data and you can just patch the ip address by just for changing the bytes you can patch the port you can run netcat and then you can execute the shell code and the shutter code will send just a http request so here was a get request made to the fbi server this appears to be some sort of unique reference number possibly which links you up with a particular visit to the tour hidden service so they could identify which toy hidden
service it was you went to at what time et cetera et cetera and then in in the header you've got this cookie id equals this is actually your mac address and uh the host is set to your computer's host name everything which ties you up essentially right the fbi now have your ip address they have your mac address they have your computer's host name and if they can't trace you by your ip address they might have to trace your mac address through the supply chain et cetera et cetera et cetera um you're done for right essentially so the website there the full source code there and everything if you want to have a play with it and have a look
around it how to help with the tour project i put the first one as use tor right most you're sitting there thinking why the hell do i need to use tor i'm not some terrorist or doing anything dodgy right well actually there are people that really need tour people in iran china syria etc you know who really depend upon tor if you use tor right it makes the noise bigger right they're in amongst the noise if only bad people use tor then you know simply by looking at tor you catch all the bad people right i mean it's like a honey trap type thing but obviously if genuine people use tor who aren't doing anything wrong it sort
of mixes them against the noise and makes them essentially more anonymous consider running a tour relay you don't need a huge amount of bandwidth most people can run it quite comfortably on their home broadband without any ill effects in terms of you know reducing their bandwidth availability you can easily run a couple of hundred kilobytes or 100 kilobits about you know relay at home without it really impacting you don't run an exit unless you really are do like pain or law enforcement visiting you at six o'clock in the morning personally i don't like early mornings so that would really peeve me off um along with the investigation as well obviously consider developing for tour tour is an
open source project so you can contribute to it and you know really sort of contribute to or you can develop alternative product projects like you know there's the tour browser bundle there's vidalia et cetera et cetera these are sort of like accessory tour projects which you can contribute to or build or build other types of things consider donating you get a free t-shirt if you donate 60 dollars there's nothing that's great value for money but incidentally if you want to talk if you want a t-shirt you can run a tour relay for two months and you get a free tv shirt that way that's the way i've chosen to go um promote it right come and give talks
about tour it's a really great thing for people in countries where you know actually really is a matter of life or death for them to be able to use tor or consider doing research on tour making it better right i mean i don't want to de-anonymize people from tour for fun right i want to make tour better and the only way you make tour better is by breaking it and then fixing it right you know unfortunately just don't know how to fix it very well so you know here we go any questions then i'll just say if you want any code right here's the link to my github on there is the modified talk light which collects
all of those hidden service addresses there's loads of scripts a crore et cetera for going through all the hidden services and then there's a link for the fbi tour thing any questions sorry i've broken into your break a little bit there's another software taser
so there is a there is a like a live cd version of a live cd version of talk or tails which is a debian distribution with tour built into it such that traffic can only go via tour or not at all right so that means that if for example the fbi had written an exploit which worked against firefox linux and you would have been invulnerable to it because that sort of phone at home would also have gone through tour as well so yeah a very good very good point is that is the tails thing as well so you know if you re i know of course tails doesn't log anything as well so you know if you
don't want to get caught after the fact when you have a computer season you can use tails as well and any other questions then you run an exit relay back why would you want to do that
i don't see the value i don't see why it would be useful sorry there's another question no uh get yep have you seen the response no because by the time i got to it the server had gone down so you know i mean that would have been a bit more useful you know could you exploit the fbi no that's not a good idea is it um i don't know what i don't know if there would be no value there was no response process in the shell code so it wouldn't there would be no value in the response itself no but that would be an interesting thing so you know tour don't just leave your tour is a really great project please
support it right it really does help people that are really in really nasty countries there's also a tool for us right if you really care about anonymity and privacy right is really the only real solution we have at the moment that really that really you're not very good works fixing it but do you have any ideas for playing with it as to how you might fix the entry exit issue so i mean the only the only way that i know there's two ways you can fit there's two ways essentially you can fix it one is by adding padding but that overloads the tor network and you know there's very constrained capacity available on the tournament it
doesn't really fix it completely it just makes it much much harder you know and the other one was um on a high latency network which again you know who's going to use tor if it takes a day to get a web page you know so can you use uh yet on the exit node so you can protect yourself when when you're in yep you can do you can route all tcp traffic through tor so you know a standard vpn well a tcp based vpn you could easily root through the exit node then you know do you trust your vpn provider you know we have to compromise the endnote and the yeah i guess i i guess from my point of view kind of
assume that you've got a very powerful adversary you know and that if you're going to use a vpn through tour if you see what i mean you're just kind of moving the goal post a bit you're not really fixing the fundamental problem yeah if you say whatever i mean yeah sort of there's a quick solution maybe yeah i mean i don't really trust vpn providers personally but
hey what was shown before was that a lot of the capturing was drawn on an international is there any value in your location you get the opportunity to geo located so that's a very good point so when you when you went to the tour client picks a circuit two no any two nodes in the tour circuit aren't allowed to be in the same 16 subnet so you know you could say it's probably not true nowadays but at the slash 16 subnet has maybe one ipa one isp a couple of isps so tor tries to minimize the risk by separating across you know much much you know make sure that two nodes aren't in the same subnets
they're much less likely to be controlled by the same adversary you can configure tor to pick entry nodes in a particular country and exit nodes in a particular country which would you know might be useful in some circumstances you know there's lots of configuration you can do with torch do interesting things how do you see things like the technology initiative working in conjunction with the what sorry
okay there is an alternative to tour called ipp i think it's ipp or i2p something like that
i mean i mean any solution any solution which helps these two aims you know the privacy and anonymity has got to be a good thing you know tour i think is the state of the art at the moment in terms of in terms of technical solution and certainly my in my view may be wrong on that yeah
of course well i mean well i don't know i mean maybe right i mean generally it's a generally it's a bad idea to mix your traffic with other people's traffic you know if you run an exit relay and you also browse the web via that same address you know when they come after you for doing bad stuff you can say well i'm running an exit reload but do you browse the net through your address as well yeah so you know they're still yes it's done yeah i see your point um maybe question i'll think about it more any other questions for the hidden services when we compromised and distributed couldn't we use like uh consensus to so the users will
trust that the information didn't come from compromise so for the distributed hash table the way it works is if you've been running for 25 hours and you offer more than i think 50 kilobits of bandwidth you're eligible to participate in the distributed hash table so the idea is that by requiring 50 kilobits of bandwidth and requiring you to be on for 25 hours it kind of increases the amount of resources an attacker needs to be needs if they want to you know put a large number of nodes on the distributed hash table clearly doesn't stop it because we've got 40 nodes but you know we've only got 40 nodes because a student runs a hosting company i had loads of
spare capacity and was like here you go have that you know stuff you know but it makes it much more difficult there was an attack from the university of luxembourg which showed that you could actually fake nodes onto the distributed hash table without using very much resources at all but they they told the tour project about it and they fixed it so you know it's at the moment quite expensive to run a large number of no's on the discrete hash table so yeah that's my point because it's expensive and we are using consensus to respond to the user uh an attacker will have to compromise lots of machines to be able to get depends on how much
faults are tolerating the consensus
yeah i think there's all there's lots of things we can do to make it a lot more difficult and tour does do quite a lot of things to make it you know generally i guess over the overtow it more difficult but it's you know it is a process of making it more difficult rather than impossible if you see what i mean you know so okay thank you very much
Related talks
28:37
47:15
33:48
49:41
34:45
10:48