DOCSLIB.ORG

BRKSEC-2011.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
BRKSEC-2011.Pdf #CLUS About Garlic and Onions A little journey… Tobias Mayer, Technical Solutions Architect BRKSEC-2011 #CLUS Me… CCIE Security #14390, CISSP & Motorboat driving license… Working in Content Security & TLS Security tmayer{at}cisco.com Writing stuff at “blogs.cisco.com” #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Agenda • Why anonymization? • Using Tor (Onion Routing) • How Tor works • Introduction to Onion Routing • Obfuscation within Tor • Domain Fronting • Detect Tor • I2P – Invisible Internet Project • Introduction to Garlic Routing • Conclusion #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Cisco Webex Teams Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space Webex Teams will be moderated cs.co/ciscolivebot#BRKSEC-2011 by the speaker until June 18, 2018. #CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Different Intentions Hide me from Government! Hide me from ISP! Hide me from tracking! Bypass Corporate Bypass Country Access Hidden policies restrictions (Videos…) Services #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Browser Identity Tracking does not require a “Name” Tracking is done by examining parameters your browser reveals https://panopticlick.eff.org #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Proxies EPIC Browser #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Firepower App Detector for Proxy Traffic Traffic to external Proxy detected #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 VPN VPN Combine VPN Service with Proxies Provides additional anonymization Layer You have to have trust in the VPN Provider that they do not log… https://thatoneprivacysite.net/vpn-section/ #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Trust your VPN / Proxy? • Statement from “Hide- my-Ass” • “If you do illegal things, we cooperate with Law Enforcement” • They track the User… #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Trust your VPN / Proxy? https://thebestvpn.com/chrome-extension-vpn-dns-leaks/ • Chrome Browser leaking real IP because of DNS Prefetching • Despite using a VPN Service… #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Deep Web / Dark Web The Deep Web / The Dark Web #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 The (partial) Reality https://gizmodo.com/the-deep-web-is-mostly-full-of-garbage-1786857267 #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 About Tor The Onion router Open source SW / public design specs Data is constantly encrypted at multiple layers Sent through multiple routers. Each router decrypts the outer layer and finds routing instructions Sends the data to the next router Result is a completely encrypted path using random routers #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 How is the Tor Network built? • The Tor network consists of relays • Relays are just nodes where the Tor software is installed • They build encrypted connections to other relays, forming an overlay network • Everyone can run a Tor relay and contribute to the network… #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 The Tor Browser – Connecting to the Tor Network • Goal: Provide anonymity and access to censored and/or hidden resources • Special browser based on mozilla firefox to establish a circuit through the Tor network • Can connect directly or through proxies • Often used in combination with VPNs #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Tor Relay OR1 OR2 OR3 PK OR1 PK OR2 PK OR3 Tor Client selects 3 random Routers out of all Tor Relays and get their public keys #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Tor Relay OR1 OR2 OR3 PK OR1 PK OR2 PK OR3 Tor Client sends DH Handshake to OR1, encrypted with public key of OR1, called “relay_create” #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Tor Relay OR1 OR2 OR3 PK OR1 SK1 PK OR2 PK OR3 OR1 completes handshake, symmetric key is created #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Tor Relay OR1 OR2 OR3 PK OR1 SK1 PK OR2 PK OR3 Tor Client sends “relay_extend” to OR1, requesting to extend the circuit to OR2. Keyshare for OR2 is protected by the public key of OR2 #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Tor Relay OR1 OR2 OR3 PK OR1 SK1 PK OR2 SK2 PK OR3 OR1 send “relay_create” to OR2, OR2 responds and circuit with symmetric key is created to OR2 #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Tor Relay OR1 OR2 OR3 PK OR1 SK1 PK OR2 SK2 PK OR3 SK3 “relay_extend” to OR3, create a circuit #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Tor Relay OR1 OR2 OR3 PK OR1 SK1 PK OR2 SK2 PK OR3 SK3 Web Request follow the circuits #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Tor Directory Authorities https://atlas.torproject.org/#search/flag:authority Every hour all Authorities calculate a common status document called the “consensus” #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Tor Directory Authorities Very trusted servers that hold the list of all active Tor relays Tor client comes with this predefined list and the corresponding public keys Every hour they agree on the most recent list of relays (“voting”) They create a document called “consensus”. Each DirAuth publishes and signs its own relay list to all other DirAuth Tor client downloads the consenus at first start Client receives consenus plus hashes of the consenus of all other authorities. Will only trust the consensus if more than half of the hashes match. Tor relays can be “Directory caches” where clients can get an updated version of the consensus without the directory authorities #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 List of all Tor Relays https://torstatus.blutmagie.de/ Flags #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Tor Relay EXIT_NODE: if you OR1 request HTTP, your traffic is visible to the EXIT_NODE OR2 OR3 #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Tor Browser - Don’t leak information! #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Tor Exit Relay List https://check.torproject.org/cgi-bin/TorBulkExitList.py #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Customizing Tor “torrc” = config file #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Customizing Tor (2) Also use IPv6 relays Define Geolocation of your ExitNodes #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Customizing Tor (3) ExitNode from Germany #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Customizing Tor (4) – some settings for torrc ClientOnly 1 #never, ever act as an exitNode ExcludeNodes #avoid the nodes / countries listed StrictNodes #if set to 1, Tor will strictly avoid #ExcludeNodes settings EnforceDistinctSubnets #Don‘t select two nodes that are close FascistFirewall 1 #only 80/443 entry & exit nodes EntryNodes # only use those entry node ExitNodes # only use those exit nodes ExcludeExitNodes #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 DNS for access to well known websites OR1 DNS Server OR2 OR3 Tor Exit Relay is responsible for the DNS Resolution #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 DNS Leaking for access to cleartext websites https://nymity.ch/tor-dns/ • ISP Resolver • Traversing the least amount of AS • Own Resolver • QNAME Minimization #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Bridges Bridges are relays that are not announced in the directory servers You can request bridges but will not get the full list 3 bridges are provided #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Custom Bridges Fingerprint IP & Port #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Custom Bridges #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Hidden Websites - ”.onion” links FIRST 80 bits of the SHA1 of the 1024 bit Public Key http://xmh57jrzrnw6insl.onion/ #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 DEMO: Some websites in the Darknet…. Some links • Tor Mailbox http://torbox3uiot6wchz.onion/ • Torch http://xmh57jrzrnw6insl.onion/ • The Hidden Wiki http://zqktlwi4fecvo6ri.onion/wiki/Main_Page • Imperial Library of Trantor http://xfmro77i3lixucja.onion/ • DuckDuckGoGo https://3g2upl4pq6kufc4m.onion/ • The Federalist Paper (Onion v3 Service) http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/ #CLUS BRKSEC-2011 © 2018 Cisco and/or its affiliates. All rights reserved.
Load more

Recommended publications
  • Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses
    Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate.
    [Show full text]
  • A Generic Data Exchange System for F2F Networks
    The Retroshare project The GXS system Decentralize your app! A Generic Data Exchange System for F2F Networks Cyril Soler C.Soler The GXS System 03 Feb. 2018 1 / 19 The Retroshare project The GXS system Decentralize your app! Outline I Overview of Retroshare I The GXS system I Decentralize your app! C.Soler The GXS System 03 Feb. 2018 2 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows, (+ Android). C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows.
    [Show full text]
  • The Autonomous Surfer
    Renée Ridgway The Autonomous Surfer CAIS Report Fellowship Mai bis Oktober 2018 GEFÖRDERT DURCH RIDGWAY The Autonomous Surfer Research Questions The Autonomous Surfer endeavoured to discover the unknown unknowns of alternative search through the following research questions: What are the alternatives to Google search? What are their hidden revenue models, even if they do not collect user data? How do they deliver divergent (and qualitative) results or knowledge? What are the criteria that determine ranking and relevance? How do p2p search engines such as YaCy work? Does it deliver alternative results compared to other search engines? Is there still a movement for a larger, public index? Can there be serendipitous search, which is the ability to come across books, articles, images, information, objects, and so forth, by chance? Aims and Projected Results My PhD research investigates Google search – its early development, its technological innovation, its business model of the past 20 years and how it works now. Furthermore, I have experimented with Tor (The Onion Router) in order to find out if I could be anonymous online, and if so, would I receive diver- gent results from Google with the same keywords. For my fellowship at CAIS I decided to first research search engines that were incorporated into the Tor browser as default (Startpage, Disconnect) or are the default browser now (DuckDuckGo). I then researched search engines in my original CAIS proposal that I had come across in my PhD but hadn’t had the time to research; some are from the Society of the Query Reader (2014) and others I found en route or on colleagues’ suggestions.
    [Show full text]
  • About Garlic and Onions a Little Journey…
    About Garlic and Onions A little journey… Tobias Mayer, Technical Solutions Architect BRKSEC-2011 Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space BRKSEC-2011 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 About Garlic and Onions We are all looking for privacy on the internet, for one or the other reason. This Session is about some technologies you can use to anonymise your network traffic, such as Tor (The Onion Router). The first part will give an introduction and explain the underlaying technology of Tor. We will take look at how you can not only use the Tor browser for access but also how the Tor network is working. We will learn how you can establish a Tor session and how we can find hidden websites and give examples of some websites...So we will enter the Darknet together. Beside Tor, we will also take a quick look at other techniques like I2P (Garlic Routing). In the last section we will make a quick sanity check what security technologies we can use to (maybe) detect such traffic in the network. This presentation is aimed at everyone who likes to learn about anonymization techniques and have a little bit of fun in the Darknet. BRKSEC-2011 © 2020 Cisco and/or its affiliates. All rights reserved.
    [Show full text]
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • Zeronet Presentation
    ZeroNet Decentralized web platform using Bitcoin cryptography and BitTorrent network. ABOUT ZERONET Why? Current features We believe in open, free, and ◦ Real-time updated sites uncensored network and communication. ◦ Namecoin .bit domain support ◦ No hosting costs ◦ Multi-user sites Sites are served by visitors. ◦ Password less, Bitcoin's BIP32- ◦ Impossible to shut down based authorization It's nowhere because it's ◦ Built-in SQL server with P2P data everywhere. synchronization ◦ No single point of failure ◦ Tor network support Site remains online so long as at least 1 peer serving it. ◦ Works in any browser/OS ◦ Fast and works offline You can access the site even if your internet is unavailable. HOW DOES IT WORK? THE BASICS OF ASYMMETRIC CRYPTOGRAPHY When you create a new site you get two keys: Private key Public key 5JNiiGspzqt8sC8FM54FMr53U9XvLVh8Waz6YYDK69gG6hso9xu 16YsjZK9nweXyy3vNQQPKT8tfjCNjEX9JM ◦ Only you have it ◦ This is your site address ◦ Allows you to sign new content for ◦ Using this anyone can verify if the your site. file is created by the site owner. ◦ No central registry ◦ Every downloaded file is verified, It never leaves your computer. makes it safe from malicious code inserts or any modifications. ◦ Impossible to modify your site without it. MORE INFO ABOUT CRYPTOGRAPHY OF ZERONET ◦ ZeroNet uses the same elliptic curve based encryption as in your Bitcoin wallet. ◦ You can accept payments directly to your site address. ◦ Using the current fastest supercomputer, it would take around 1 billion years to "hack" a private key. WHAT HAPPENS WHEN YOU VISIT A ZERONET SITE? WHAT HAPPENS WHEN YOU VISIT A ZERONET SITE? (1/2) 1 Gathering visitors IP addresses: Please send some IP addresses for site 1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr OK, Here are some: 12.34.56.78:13433, 42.42.42.42:13411, ..
    [Show full text]
  • Recognition and Investigation of Listening in Anonymous Communication Systems 1 K
    AEGAEUM JOURNAL ISSN NO: 0776-3808 Recognition and investigation of listening in anonymous communication systems 1 K. Balasubramanian, 2 Dr. S. Kannan, 3 S. Sharmila 1Associate Professor, Department of CSE, E.G.S Pillay Engineering College, Nagapattinam, Tamil Nadu, India. Email: [email protected] 2, Professor, Department of CSE, E.G.S Pillay Engineering College, Nagapattinam, Tamil Nadu, India. 3, P.G Student, Department of CSE, E.G.S Pillay Engineering College, Nagapattinam, Tamil Nadu, India. Abstract components through which client activity is steered can Mysterious correspondence systems similar to listen in and get delicate information, for example, user Tor, mostly secure the secrecy of client activity by verification qualifications. This circumstance can scrambling all interchanges inside the overlay system. conceivably decline when clients utilize intermediary based frameworks to get to similar administrations However, when the transferred activity achieves the without utilizing end-to-end encryption, as the quantity limits of the system, toward its end, the first client of hosts or hubs that can listen stealthily on their activity is definitely presented to the last node on the movement increments. Different open and private path. Accordingly, users sending sensitive information, systems may square access to interpersonal interaction similar to verification accreditations, over such and other prominent online administrations for systems, risk having their information between different reasons. Under these conditions, users accepted and uncovered, unless end-to-end encryption regularly depend on utilizing disseminated proxying frameworks to prevent their activity from being is utilized. Listening can be performed by malicious or filtered. They fall back on such mechanisms so as to compromised relay nodes, and additionally any rebel evade system activity filtering in light of source, goal, arrange substance on the way toward the actual end.
    [Show full text]
  • People's Tech Movement to Kick Big Tech out of Africa Could Form a Critical Part of the Global Protests Against the Enduring Legacy of Racism and Colonialism
    CONTENTS Acronyms ................................................................................................................................................ 1 1 Introduction: The Rise of Digital Colonialism and Surveillance Capitalism ..................... 2 2 Threat Modeling .......................................................................................................................... 8 3 The Basics of Information Security and Software ............................................................... 10 4 Mobile Phones: Talking and Texting ...................................................................................... 14 5 Web Browsing ............................................................................................................................ 18 6 Searching the Web .................................................................................................................... 23 7 Sharing Data Safely ................................................................................................................... 25 8 Email Encryption ....................................................................................................................... 28 9 Video Chat ................................................................................................................................... 31 10 Online Document Collaboration ............................................................................................ 34 11 Protecting Your Data ................................................................................................................
    [Show full text]
  • Timing Attack on I2P Web Servers
    Timing attack on I2P web servers Degree programme : BSc in Computer Science | Specialisation : IT Security Thesis advisor : Prof. Dr. Emmanuel Benoist Expert : Thomas Jäggi (GIBB Gewerblich Industrielle Berufsschule Bern) The Invisible Internet Protocol I2P is an anonymous peer to peer network. It promises discretion to its participants, both in hosting and browsing the I2P-websites called Eepsites. The goal of this thesis is to prove the feasibi- lity of a timing attack on the I2P-network, which allows deanonymizing the hosts of certain Eepsites. Invisible Internet Protocol - I2P Timing Attack The I2P-network creates connections between two The attack consists of two parts. Collecting data and nodes using so-called tunnels. Each node has various analysing that data. inbound- and outbound-tunnels. Every tunnel consists By checking for a response every hour, we monitored of multiple nodes. A er con guring the system, a cli- the up- and downtime of a considerable amount of ent can access an Eepsite over the browser, by simply Eepsites and nodes, over a few months. We saved the entering the domain name of the desired Eepsite (e.g. results to a database for later analysis. mud.i2p). The I2P-Protocol will then look for a match- ing entry inside the netDB. The netDB is a distributed For every pair of Eepsite and node, we compare the database containing the domain and corresponding up- and downtime and repeat this for all timestamps. tunnel gateways. We then calculate the ratio between matching times- Janek Bobst By connecting an outbound tunnel of the client with tamps vs total timestamps.
    [Show full text]
  • Blocking-Resistant Communication Through Domain Fronting
    Proceedings on Privacy Enhancing Technologies 2015; 2015 (2):46–64 David Fifield*, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson Blocking-resistant communication through domain fronting Abstract: We describe “domain fronting,” a versatile 1 Introduction censorship circumvention technique that hides the re- mote endpoint of a communication. Domain fronting Censorship is a daily reality for many Internet users. works at the application layer, using HTTPS, to com- Workplaces, schools, and governments use technical and municate with a forbidden host while appearing to com- social means to prevent access to information by the net- municate with some other host, permitted by the cen- work users under their control. In response, those users sor. The key idea is the use of different domain names at employ technical and social means to gain access to the different layers of communication. One domain appears forbidden information. We have seen an ongoing conflict on the “outside” of an HTTPS request—in the DNS re- between censor and censored, with advances on both quest and TLS Server Name Indication—while another sides, more subtle evasion countered by more powerful domain appears on the “inside”—in the HTTP Host detection. header, invisible to the censor under HTTPS encryp- Circumventors, at a natural disadvantage because tion. A censor, unable to distinguish fronted and non- the censor controls the network, have a point working fronted traffic to a domain, must choose between allow- in their favor: the censor’s distaste for “collateral dam- ing circumvention traffic and blocking the domain en- age,” incidental overblocking committed in the course of tirely, which results in expensive collateral damage.
    [Show full text]
  • Unveiling the I2P Web Structure: a Connectivity Analysis
    Unveiling the I2P web structure: a connectivity analysis Roberto Magan-Carri´ on,´ Alberto Abellan-Galera,´ Gabriel Macia-Fern´ andez´ and Pedro Garc´ıa-Teodoro Network Engineering & Security Group Dpt. of Signal Theory, Telematics and Communications - CITIC University of Granada - Spain Email: [email protected], [email protected], [email protected], [email protected] Abstract—Web is a primary and essential service to share the literature have analyzed the content and services offered information among users and organizations at present all over through this kind of technologies [6], [7], [2], as well as the world. Despite the current significance of such a kind of other relevant aspects like site popularity [8], topology and traffic on the Internet, the so-called Surface Web traffic has been estimated in just about 5% of the total. The rest of the dimensions [9], or classifying network traffic and darknet volume of this type of traffic corresponds to the portion of applications [10], [11], [12], [13], [14]. Web known as Deep Web. These contents are not accessible Two of the most popular darknets at present are The Onion by search engines because they are authentication protected Router (TOR; https://www.torproject.org/) and The Invisible contents or pages that are only reachable through the well Internet Project (I2P;https://geti2p.net/en/). This paper is fo- known as darknets. To browse through darknets websites special authorization or specific software and configurations are needed. cused on exploring and investigating the contents and structure Despite TOR is the most used darknet nowadays, there are of the websites in I2P, the so-called eepsites.
    [Show full text]
  • Guide to Retroshare Tor Or I2P Routing Update Some Quick Notes To
    A Guide to Retroshare Tor or I2P routing Update Some quick notes to supplement the existing Help Guides for setting up Retroshare Regular and Hidden Nodes routed via Tor and/or I2P. Snapshot in this update 1) Point out the torrc exit node command is not needed for Regular and Hidden Node Retroshare Tor routing with torrc examples. 2) Steps, guides for setting up multiple Tor binary folders each using a different Socks Port for concurrent TorS applications to enable different specific listening ports, Tor proxys. 3) Guide for setting up a I2P 4/4a/5 client tunnel and need to turn off unused I2P default tunnels. Retroshare Regular nodes using the optional Tor proxy client does not need nor use any Tor Exit Nodes. Unless you are using the same Tor binary for applications which require a Exit Node to clearnet such as with a FeedReader RSS server or website, do not include Exit Node commands in your Tor torrc file. Retroshare Regular Node using the optional Tor Proxy client Working Torrc Example (adjust the file paths for your needs, system) # This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamedm to torrc.orig.1 or similar, and Tor will ignore it DataDirectory /usr/local/etc/tor GeoIPFile /usr/local/etc/tor/geoip GeoIPv6File /usr/local/etc/tor/geoip6 SocksPort 9050 Retroshare Hidden nodes routed solely to and inside the Tor Network should not have any Exit Node commands in your Tor torrc file. Working example of a Retroshare Hidden node operating as a Tor Hidden Service torrc file # This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it DataDirectory /usr/local/etc/tor GeoIPFile /usr/local/etc/tor/geoip GeoIPv6File /usr/local/etc/tor/geoip6i HiddenServiceDir /home/name/hideserv HiddenServicePort 11040 127.0.0.1:13080 SocksPort 9050 Running Multiple concurrentt applications routing each through the tor network as a Tor proxy client or as a Tor hidden service.
    [Show full text]