The Tor Network

Jie @ TDOH Conf 2017

Disclaimer

This talk is given by me as an individual My employer is not involved in any way

Who is me IBM Security

Qualcomm

National Center for High-Performance Computing (NCHC)

!!!

:

...!!!

Reddit

201027

https://www.youtube.com/watch?v=6VMRAGxjOoA

, , , , !!!

Deep Web or Dark Web

Government

Wikileaks

Journals

Database

~ 30%

~ 70%

What is Tor ?

Developed in the mid-1990s by United States Naval Research Laboratory To protect U.S. intelligence communication online

How Tor works ?

Directory Server

Alice

Jane

Bob

Tor node Encrypted link Unencrypted link

Step1: Alices Tor client obtains a list of Tor node from directory server

Step2: Alices Tor client picks a random path to destination server

Step3: If later time, the user visits another site, the Tor browser will select a second random path

Tor Network

How I access it ?

Please download The Tor Browser Bundle

https://www.torproject.org/download/download.html.en

Some .onion list DuckDuckGo

https://3g2upl4pq6kufc4m.onion/

OnionList

http://jh32yv5zgayyyts3.onion/

Hidden Wiki

http://zqktlwi4fecvo6ri.onion/

USA Passport

http://xfnwyig7olypdq5r.onion/

Onion Identity Services

http://abbujjh5vqtq77wg.onion/

Rent-A-Hacker

http://2ogmrlfzdthnwkez.onion/

Hitman Network

http://ybp4oezfhk24hxmb.onion

http://www.tandfonline.com/doi/pdf/10.1080/00396338.2016.1142085?needAccess=true

https://3g2upl4pq6kufc4m.onion/http://abbujjh5vqtq77wg.onion/http://2ogmrlfzdthnwkez.onion/

Be part of it ?

How to /etc/apt/source.list

$ deb http://deb.torproject.org/torproject.org xenial main

$ deb-src http://deb.torproject.org/torproject.org xenial main

$ Prerequisite

sudo gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

$ sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

$ sudo apt-get update

$ sudo apt-get install tor deb.torproject.org-keyring

/etc/tor/torrc

Log notice file /var/log/tor/notices.log

Log debug file /var/log/tor/debug.log

ORPort 443

Exitpolicy reject *:*

Nickname torrentingrelay

ContactInfo tortest@example.com

RelayBandwidthRate 100 KBytes

RelayBandwidthBurst 200 KBytes

Restart Tor service

http://deb.torproject.orgmailto:tortest@example.com

Wanna provide Hidden Service ?

.onion URL abbujjh5vqtq77wg.onion

pseudo-top-level-domain (TLD)

Unable to be resolved by DNS

Unable to access it using normal web browser

Tor2web

Automatically generated based on a public key

16 characters name

IP1 IP2

IP3

Bob

Alice

Database

RP

Hidden Service Protocol

IP : Introduction PointsPK : Public Keycookie : One-Time SecretRP : Rendezvous Point

Step1: Bob picks some IP and builds circuits to them

IP#PK

Step2: Bob advertises his hidden service (XYZ.onion)

to the database

IP#PK

Step3: Alice hears that XYZ.onion exists, and requests more info from the database

and also sets up a RP

PKcookie

RP

Step4: Alice writes a message encrypted by PK to Bob

listing the RP and one-time secret, and also asks an IP to deliver

cookie

Step5: Bob connects to RP and provides his one-time secret

Step6: Bob and Alice proceed to use their Tor circuit like normal

How to Install a web server locally

/etc/lighttpd/lighttpd.conf

accesslog.filename = /var/log/lighttpd/access.log

server.port = 12345

Enable Tor hidden service

/etc/tor/torrc

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 80 127.0.0.1:12345

2 important files under /var/lib/tor/hidden_service

hostname

mqwxdgxme7u4j7wx.onion

private_key

$git clone https://github.com/jieliau/TorSetup.git

https://github.com/jieliau/TorSetup.git

Traceable ?

Weakness End-to-End correlation

Autonomous system (AS) eavesdropping

Exit node eavesdropping

Traffic-analysis attack

Tor exit node block

Bad apple attack

Some protocols expose IP addresses

Sniper attack

Heartbleed bug

Mouse fingerprinting

Circuit fingerprinting

https://exchange.xforce.ibmcloud.com/collection/Tor-Exits-2442016-fbfd2c3cfe4dfc72805be1fb1c9a18c4

https://torstatus.blutmagie.de

LASTor: A Low-Latency AS-Aware Tor Client

http://lastor.cs.ucr.edu/oakland12.pdf

Tor hack proposed to catch criminals

http://www.securityfocus.com/news/11447

Low-Cost Traffic Analysis of Tor

http://sec.cs.ucl.ac.uk/users/smurdoch/papers/oakland05torta.pdf

One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users

https://www.usenix.org/legacy/events/leet11/tech/full_papers/LeBlond.pdf

Compromising Tor Anonymity Exploiting P2P Information Leakage

https://hal.inria.fr/file/index/docid/471556/filename/TorBT.pdf

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

http://www.robgjansen.com/publications/sniper-ndss2014.pdf

Tor Users Can Be Tracked Based on Their Mouse Movements

http://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtml

Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services

https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-kwon.pdf

http://lastor.cs.ucr.edu/oakland12.pdfhttp://www.securityfocus.com/news/11447http://sec.cs.ucl.ac.uk/users/smurdoch/papers/oakland05torta.pdfhttps://www.usenix.org/legacy/events/leet11/tech/full_papers/LeBlond.pdfhttps://hal.inria.fr/file/index/docid/471556/filename/TorBT.pdfhttp://www.robgjansen.com/publications/sniper-ndss2014.pdfhttp://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtmlhttp://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtmlhttps://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-kwon.pdf

Reference Link Tor Project

https://www.torproject.org

Tor Wikipedia

https://en.wikipedia.org/wiki/Tor_(anonymity_network)

Deep Web

https://en.wikipedia.org/wiki/Deep_web

Dark Web

https://en.wikipedia.org/wiki/Dark_web

List of Tor hidden services

https://en.wikipedia.org/wiki/List_of_Tor_hidden_services

Hidden Wiki Tor .onion urls directories

https://thehiddenwiki.org

How to Access Dark Web and Deep Web Anonymously

https://www.theexplode.com/how-to-access-dark-web/

Freenet

https://en.wikipedia.org/wiki/Freenet

I2P https://en.wikipedia.org/wiki/I2P

https://www.torproject.orghttps://en.wikipedia.org/wiki/Tor_(anonymity_network)https://en.wikipedia.org/wiki/Deep_webhttps://en.wikipedia.org/wiki/Dark_webhttps://en.wikipedia.org/wiki/List_of_Tor_hidden_serviceshttps://thehiddenwiki.orghttps://www.theexplode.com/how-to-access-dark-web/https://en.wikipedia.org/wiki/Freenethttps://en.wikipedia.org/wiki/I2P

https://www.linkedin.com/in/jieliau

https://github.com/jieliau

https://www.facebook.com/jie.liau

https://twitter.com/JieLiau