CECS7130 – Advanced Computer Networks

TOR Pivoting Network - The Onion Routing

By: Ricardo Robles Robles Masters of Eng. Software Engineering (Candidate)

April 10, 2023

Profesor: Othoniel Rodriguez Ph.D.

Reference• TorProject.org• https://en.wikipedia.org/wiki/Java_Anon_Proxy• http://www.onion-router.net/• https://en.wikipedia.org/wiki/Tor_%28anonymity_net

work%29

• http://www.technologyreview.com/video/413186/how-tor-works/

• Tor Packet Analysis – Brent Muir

April 10, 2023

• Onion Routing• Tor Network• Tor Browser Bundle• Anonymous Surfing • Pivoting Networks• Anonymity – it is not cryptography, crypto just

protects content, but not the privacy of what you are doing.

April 10, 2014

General Terms & Keywords

Introduction• Beginning - Tor was originally designed,

implemented, and deployed as a third-generation Onion Routing Project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.

April 10, 2023

April 10, 2023

• Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

• It also enables software developers to create new communication tools with built-in privacy features.

• Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Overview

April 10, 2023

Overview• Individuals use Tor to keep websites from

tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers.

• Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

April 10, 2023

Overview• Journalists use Tor to communicate more safely

with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

April 10, 2023

Hidden Services 1

April 10, 2023

Hidden Services 2

April 10, 2023

Hidden Services 3

April 10, 2023

Hidden Services 4

April 10, 2023

Hidden Services 5

April 10, 2023

Hidden Services 6

April 10, 2023

Survey

April 10, 2023

Visual Video Representation

• http://www.technologyreview.com/video/413186/how-tor-works/

April 10, 2023

Tor Network Diagram

April 10, 2023

Why We Need Tor?• Using Tor protects you against a common form of Internet

surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests.

• This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are.

April 10, 2023

Why we Need Tor?

• For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.

April 10, 2023

The Onion Routing Solution• If we protect a communications channel against

both eavesdropping and traffic analysis, and remove identifying information from the data stream, then we have anonymous and private communication.

• Onion Routing provides socket connections that are strongly resistant to both eavesdropping and traffic analysis. The privacy of these socket connections is moved beneath the application layer and made application independent.

April 10, 2023

The Onion Routing Solution• Unmodified Internet applications may use these

anonymous socket connections by means of proxies. If the proxies anonymize the data stream, anonymity may be layered on top of anonymous socket connections. Onion Routing was originally implemented on Sun Solaris 2.4 including proxies for HTTP (WWW), RLOGIN, e-mail (SMTP), and FTP. Generation 2 Onion Routing implementation, Tor, runs on most common operating systems.

April 10, 2023

How Onion Routing Works:• An application, instead of making a (socket)

connection directly to a destination machine, makes a socket connection to an Onion Routing Proxy. That Onion Routing Proxy builds an anonymous connection through several other Onion Routers to the destination. Each Onion Router can only identify adjacent Onion Routers along the route. Before sending data over an anonymous connection, the first Onion Router adds a layer of encryption for each Onion Router in the route.

April 10, 2023

How Onion Routing Works:• As data moves through the anonymous

connection, each Onion Router removes one layer of encryption, so it finally arrives as plaintext. This layering occurs in the reverse order for data moving back to the initiator. Data passed along the anonymous connection appears different at each Onion Router, so data cannot be tracked en route and compromised Onion Routers cannot cooperate. When the connection is broken, all information about the connection is cleared at each Onion Router.

April 10, 2023

How Onion Routing Works:• Onion Routing – A message is cascaded

through several routers:• Sender defines whole path, choosing the

routers• The message is encrypted in succession,

first with the symmetric key of the last router, the result of that operation with the penultimate router, and so on

• The encrypted message is sent through the predefined path and each router only knows the previous router and the next router

April 10, 2023

Tor Model:

April 10, 2023

Tor Relay Graph as of 4/29/2014

April 10, 2023

Tor Relay Platforms

April 10, 2023

Tor’s Code

• Tor's code released in 2002

• Tor's design paper published in 2004

• The clock starts ticking...

April 10, 2023

Basic Tor Design

April 10, 2023

Basic Tor Design

April 10, 2023

Basic Tor Design

April 10, 2023

Attackers Trying to Block Tor users from connecting• 1) By blocking the directory authorities

• 2) By blocking all the relay IP addresses in the directory, or the addresses of other Tor services

• 3) By filtering based on Tor's network fingerprint

• 4) By preventing users from finding the Tor software (usually by blocking website)

April 10, 2023

April 10, 2023

April 10, 2023

Blocked Sites in U.S.

April 10, 2023

Blocked Sites in the U.S.• 2012christians.com• 2012coolhats.com• 23isking.com• angelsjerseysstore.com• authenticbullsshop.com• authenticheatshop.com• authenticlakersshop.com• authenticmagicshop.com• authenticmavericksshop.com• authenticthundershop.com• autoforms.info

April 10, 2023

April 10, 2023

Tor vs non-Tor Nerworks

April 10, 2023

Connections of Tor Users

April 10, 2023

Tor use in Blocked Countries

April 10, 2023

Two Circumvention Systems• Circumvention – To go around or bypass• UltraTurf-freeware to bypass censorship and

firewall censorship using HTTP Proxy, and employs encryption.• Distinguishable Behavior, Lots of

unnecessary data in logs, Evidence of unproxied traffic

• Tor• Looks like SSL Traffic• No extra details in logs

April 10, 2023

Use of Tor network in Blocked Countries

April 10, 2023

Tor use in Various Countries

April 10, 2023

Alternate to Tor

• Java Anon Proxy, JAP or JonDonym• I2P• HotSpot Shield• Tunnelbear• Vidalia• Orbot• FreeVPN.me

April 10, 2023

Tor Example Sites

• http://xmh57jrzrnw6insl.onion/ - Torch• http://torlinkbgs6aabns.onion/index.php -

TorLinks• http://2ogmrlfzdthnwkez.onion/ -

RentAHacker• http://ybp4oezfhk24hxmb.onion/ - Hitman

Network (Contract Killers)• http://en35tuzqmn4lofbk.onion/ -

USFakeIDs

April 10, 2023

April 10, 2023

April 10, 2023

April 10, 2023

Questions/Comments

April 10, 2023