DOCSLIB.ORG

Selfrando: Securing the Tor Browser Against De-Anonymization Exploits

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Selfrando: Securing the Tor Browser Against De-Anonymization Exploits Proceedings on Privacy Enhancing Technologies ; 2016 (4):454–469 Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Georg Koppen, Per Larsen, Christopher Liebchen, Mike Perry, and Ahmad-Reza Sadeghi Selfrando: Securing the Tor Browser against De-anonymization Exploits Abstract: Tor is a well-known anonymous communica- 1 Introduction tion system used by millions of users, including jour- nalists and civil rights activists all over the world. The The Tor Project provides a suite of free software and Tor Browser gives non-technical users an easy way to a worldwide network designed to facilitate anonymous access the Tor Network. However, many government or- information exchange and to prevent surveillance and ganizations are actively trying to compromise Tor not fingerprinting of these interactions. The Tor network only in regions with repressive regimes but also in the is open to anyone and widely used by civil rights ac- free world, as the recent FBI incidents clearly demon- tivists, whistleblowers, journalists, citizens of oppressive strate. Exploiting software vulnerabilities in general, regimes, etc. Many sensitive websites, including the late and browser vulnerabilities in particular, constitutes a Silk Road black market, are only accessible over Tor. clear and present threat to the Tor software. The Tor Consequently, the Tor Network is continually facing de- Browser shares a large part of its attack surface with the anonymization attacks by law enforcement, intelligence Firefox browser. Therefore, Firefox vulnerabilities (even agencies, and foreign nation states. A de-anonymization patched ones) are highly valuable to attackers trying to attack aims to disclose information, such as the identity monitor users of the Tor Browser. or the location, of an anonymous user. While many de- In this paper, we present selfrando—an enhanced and anonymization attacks rely on weaknesses in the net- practical load-time randomization technique for the Tor work protocol, they often require that adversaries con- Browser that defends against exploits, such as the one trol a large number of Tor nodes [26] or only work in a FBI allegedly used against Tor users. Our solution sig- lab environment [39]. nificantly improves security over standard address space An alternative and practical way to de-anonymize layout randomization (ASLR) techniques currently used Tor users is to exploit security vulnerabilities in the soft- by Firefox and other mainstream browsers. Moreover, ware used to access the Tor network. The most common we collaborated closely with the Tor Project to ensure way to access Tor is via the Tor Browser (TB) [73], that selfrando is fully compatible with AddressSanitizer which includes a pre-configured Tor client. Since TB is (ASan), a compiler feature to detect memory corrup- based on Mozilla’s Firefox browser, they share a large tion. ASan is used in a hardened version of Tor Browser part of their attack surfaces. In 2013, the Federal Bu- for test purposes. The Tor Project decided to include reau of Investigation (FBI) exploited a known software our solution in the hardened releases of the Tor Browser, vulnerability in Firefox [71] to de-anonymize Tor users which is currently undergoing field testing. that had not updated to the most recent version of Keywords: De-anonymization exploits, code- TB [27, 57, 74]. Due to the success of this operation, randomization, privacy-oriented software, Tor Browser. exploit brokers [79] (and, presumably, governments and criminals) are currently soliciting exploits for the TB. DOI 10.1515/popets-2016-0050 Received 2016-02-29; revised 2016-06-02; accepted 2016-06-02. In early 2016, it was confirmed that the FBI contin- ues to monitor the Tor network, this time using a de- Mauro Conti: Università degli Studi di Padova, E-mail: [email protected] Christopher Liebchen: CASED/Technische Stephen Crane: Immunant, Inc., E-mail: [email protected] Universität Darmstadt, Germany, Tommaso Frassetto: CASED/Technische Universität Darm- E-mail: [email protected] stadt, Germany, E-mail: [email protected] Mike Perry: The Tor Project, Andrei Homescu: Immunant, Inc., E-mail: [email protected] E-mail: [email protected] Ahmad-Reza Sadeghi: CASED/Technische Universität Georg Koppen: The Tor Project, E-mail: [email protected] Darmstadt, Germany, E-mail: [email protected] Per Larsen: Immunant, Inc., E-mail: [email protected] Unauthenticated Download Date | 10/23/16 6:41 PM Selfrando: Securing the Tor Browser against De-anonymization Exploits 455 anonymization attack devised by Carnegie Mellon Uni- avoids risky binary rewriting or the need to use a versity researchers [19]. custom compiler, and instead works with existing The Open Technology Fund commissioned a study build tools. Moreover, it is fully compatible with on current and future hardening efforts to reduce the ASan, which required additional implementation ef- attack surface of the TB [58]. One of the recommenda- fort since the randomization interferes with ASan. tions was to use compiler techniques to detect mem- – Increased Entropy and Leakage Resilience ory corruption (buffer overflow, use-after-free, unini- selfrando reduces the impact of information leak- tialized variables, etc.) such as the AddressSanitizer age vulnerabilities and increases entropy relative (ASan) feature [61]. Another key recommendation was to ASLR, making selfrando more effective against to use address space layout randomization (ASLR) to guessing attacks. Our use of load-time randomiza- prevent exploitation of memory corruption vulnerabili- tion mitigates threats from attackers observing bi- ties. While ASan imposes a high runtime overhead [61], naries during download or after the executable files ASLR is very efficient. However, ASLR was recom- have been stored on disk. mended because it is widely supported by compilers – Hardening the Tor Browser We demonstrate and operating systems, not for its security properties. In the practicality of selfrando by applying it to the en- fact, the shortcomings of ASLR are well documented in tire TB without requiring any code changes. Our de- the academic literature [8, 16, 33, 62, 64, 68]. ASLR can tailed and careful evaluation shows that the startup be made significantly stronger by randomizing not just and performance overheads of selfrando are negligi- the base address of modules but also the code inside each ble. module. Address space layout permutation (ASLP) [44], for instance, randomizes the location of each function individually, thwarting many of the techniques used to 2 Background bypass ASLR. Until now, however, the ASLR improve- ments suggested in the literature have suffered from one or more drawbacks that have prevented their use 2.1 Exploiting Memory Corruption in practice. Some techniques rely on binary rewriting, ++ which does not scale to complex programs such as web Unlike modern programming languages, C and C rely browsers [22, 38]; others randomize the code using a cus- on manual memory management, trading reliability for tomized compiler [35], or require each user to download flexibility and performance. Hence, memory manage- their own unique binary [42]. ment errors often create vulnerabilities that can be ex- Goals and Contributions The goal of this ploited to hijack control flow and perform other mali- paper is to demonstrate a load-time randomization cious operations that were never intended by the pro- technique—named selfrando—that improves security gram authors. over ASLR while preserving the features that enabled Traditionally, attackers used a buffer overflow to di- ASLR’s widespread adoption. While technically chal- rectly inject malicious code into a program and exe- lenging, our use of load-time function layout permuta- cute it [6]. However, the introduction of the W⊕X pol- tion ensures that the attack surface changes from one icy that requires memory pages to either be writable run to another. Load-time randomization also ensures or executable, but not both, made most code-injection compatibility with code signing and distribution mech- attacks [49] obsolete. As W⊕X became commonplace, anisms that use caching to efficiently serve millions of attackers changed their tactics from code injection to users. Finally, we worked in close collaboration with the code reuse. These attacks reuse existing, legitimate code TB developers to ensure that selfrando was fully com- for malicious purposes and have therefore proven far patible with ASan so that users can use both techniques harder to stop than code injection. Return-into-libc simultaneously. ASan is used in a hardened version of (RILC) attacks, for example, arrange the stack con- TB to detect and diagnose memory corruption errors. tents so the attacker can call dangerous functions inside Summing up, our main contributions are: the C library with attacker-controlled arguments [52]. – Practical Randomization Framework Unlike Researchers later demonstrated a more general class of other solutions that have only been tested on bench- code reuse attacks called return-oriented programming marks, selfrando can be applied to the TB with- (ROP) [63]. The insight behind ROP is that attackers out any changes to the source code. To the best of can build a malicious virtual machine out of short in- our knowledge, selfrando is the first approach that struction sequences—called gadgets in ROP parlance— Unauthenticated Download Date | 10/23/16 6:41 PM Selfrando: Securing the Tor Browser against De-anonymization Exploits 456 ending with a return (or some other indirect branch). 2.3 Trust in Privacy-preserving Software These gadgets are all located inside application code, so the attacker has no need to inject them into the pro- As we have previously mentioned, any tactic that al- gram. Over the last decade researchers have discovered lows de-anonymization of Tor network users is likely to many variants of code-reuse attacks [10, 11, 15, 59, 76], be attempted by law enforcement, intelligence agencies, most of which are not stopped by ASLR, W⊕X, or other and other resourceful adversaries. The ability to sur- widely deployed exploit mitigations. reptitiously insert backdoors into the TB would be a particularly powerful attack.
Load more

Recommended publications
  • Arxiv:1907.07120V1 [Cs.CY] 16 Jul 2019 1 Introduction That China Hindered Access to I2P by Poisoning DNS Resolu- Tions of the I2P Homepage and Three Reseed Servers
    Measuring I2P Censorship at a Global Scale Nguyen Phong Hoang Sadie Doreen Michalis Polychronakis Stony Brook University The Invisible Internet Project Stony Brook University Abstract required flexibility for conducting fine-grained measurements on demand. We demonstrate these benefits by conducting an The prevalence of Internet censorship has prompted the in-depth investigation of the extent to which the I2P (invis- creation of several measurement platforms for monitoring ible Internet project) anonymity network is blocked across filtering activities. An important challenge faced by these different countries. platforms revolves around the trade-off between depth of mea- Due to the prevalence of Internet censorship and online surement and breadth of coverage. In this paper, we present surveillance in recent years [7, 34, 62], many pro-privacy and an opportunistic censorship measurement infrastructure built censorship circumvention tools, such as proxy servers, virtual on top of a network of distributed VPN servers run by vol- private networks (VPN), and anonymity networks have been unteers, which we used to measure the extent to which the developed. Among these tools, Tor [23] (based on onion rout- I2P anonymity network is blocked around the world. This ing [39,71]) and I2P [85] (based on garlic routing [24,25,33]) infrastructure provides us with not only numerous and ge- are widely used by privacy-conscious and censored users, as ographically diverse vantage points, but also the ability to they provide a higher level of privacy and anonymity [42]. conduct in-depth measurements across all levels of the net- In response, censors often hinder access to these services work stack.
    [Show full text]
  • A Generic Data Exchange System for F2F Networks
    The Retroshare project The GXS system Decentralize your app! A Generic Data Exchange System for F2F Networks Cyril Soler C.Soler The GXS System 03 Feb. 2018 1 / 19 The Retroshare project The GXS system Decentralize your app! Outline I Overview of Retroshare I The GXS system I Decentralize your app! C.Soler The GXS System 03 Feb. 2018 2 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows, (+ Android). C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows.
    [Show full text]
  • Hacking the Web
    Hacking the Web (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa 1 Table of Contents } General Introduction } Authentication Attacks } Client-Side Attacks } Injection Attacks } Recent Attacks } Privacy Tools 2 (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa Why secure the Web? } The Web has evolved into an ubiquitous entity providing a rich and common platform for connecting people and doing business. } BUT, the Web also offers a cheap, effective, convenient and anonymous platform for crime. } To get an idea, the Web has been used for the following types of criminal activities (source: The Web Hacking Incidents Database (WHID) http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database) } Chaos (Attack on Russian nuclear power websites amid accident rumors (5Jan09) } Deceit (SAMY XSS Worm – Nov 2005) } Extortion (David Aireys domain hijacked due to a CSRF (cross site request forgery) flaw in Gmail – 30Dec2007) } Identity Theft (XSS on Yahoo! Hot jobs – Oct 2008) } Information Warfare (Israeli Gaza War - Jan 2009 / Balkan Wars – Apr 2008 ) } Monetary Loss (eBay fraud using XSS) } Physical Pain (Hackers post on epilepsy forum causes migraines and seizures – May 2008) } Political Defacements (Hacker changes news release on Sheriffs website – Jul 2008) (Obama, Oreilly and Britneys Twitter accounts hacked and malicious comments posted – Jan 09) } Chinese Gaming sites hacked (Dec. 2011) 3 Copyright(C) 2009 (c) -20092020- 2019Arun Arun Viswanathan Viswanathan Ellis HorowitzEllis Horowitz Marco Marco Papa Papa
    [Show full text]
  • Anonymous Rate Limiting with Direct Anonymous Attestation
    Anonymous rate limiting with Direct Anonymous Attestation Alex Catarineu Philipp Claßen Cliqz GmbH, Munich Konark Modi Josep M. Pujol 25.09.18 Crypto and Privacy Village 2018 Data is essential to build services 25.09.18 Crypto and Privacy Village 2018 Problems with Data Collection IP UA Timestamp Message Payload Cookie Type 195.202.XX.XX FF.. 2018-07-09 QueryLog [face, facebook.com] Cookie=966347bfd 14:01 1e550 195.202.XX.XX Chrome.. 2018-07-09 Page https://analytics.twitter.com/user/konark Cookie=966347bfd 14:06 modi 1e55040434abe… 195.202.XX.XX Chrome.. 2018-07-09 QueryLog [face, facebook.com] Cookie=966347bfd 14:10 1e55040434abe… 195.202.XX.XX Chrome.. 2018-07-09 Page https://booking.com/hotels/barcelona Cookie=966347bfd 16:15 1e55040434abe… 195.202.XX.XX Chrome.. 2018-07-09 QueryLog [face, facebook.com] Cookie=966347bfd 14:10 1e55040434abe… 195.202.XX.XX FF.. 2018-07-09 Page https://shop.flixbus.de/user/resetting/res Cookie=966347bfd 18:40 et/hi7KTb1Pxa4lXqKMcwLXC0XzN- 1e55040434abe… 47Tt0Q 25.09.18 Crypto and Privacy Village 2018 Anonymous data collection Timestamp Message Type Payload 2018-07-09 14 Querylog [face, facebook.com] 2018-07-09 14 Querylog [boo, booking.com] 2018-07-09 14 Page https://booking.com/hotels/barcelona 2018-07-09 14 Telemetry [‘engagement’: 0 page loads last week, 5023 page loads last month] More details: https://gist.github.com/solso/423a1104a9e3c1e3b8d7c9ca14e885e5 http://josepmpujol.net/public/papers/big_green_tracker.pdf 25.09.18 Crypto and Privacy Village 2018 Motivation: Preventing attacks on anonymous data collection Timestamp Message Type Payload 2018-07-09 14 querylog [book, booking.com] 2018-07-09 14 querylog [fac, facebook.com] … ….
    [Show full text]
  • Tor and Circumvention: Lessons Learned
    Tor and circumvention: Lessons learned Nick Mathewson The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, ... 2 The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy Not secretly evil. 3 Estimated ~250,000? daily Tor users 4 Anonymity in what sense? “Attacker can’t learn who is talking to whom.” Bob Alice Alice Anonymity network Bob Alice Bob 5 Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 6 Anonymity isn't cryptography: Cryptography just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 7 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 8 Anonymity serves different interests for different user groups. Anonymity “It's privacy!” Private citizens 9 Anonymity serves different interests for different user groups. Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 10 Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 11 Anonymity serves different interests for different user groups.
    [Show full text]
  • DARK WEB INVESTIGATION GUIDE Contents 1
    DARK WEB INVESTIGATION GUIDE Contents 1. Introduction 3 2. Setting up Chrome for Dark Web Access 5 3. Setting up Virtual Machines for Dark Web Access 9 4. Starting Points for Tor Investigations 20 5. Technical Clues for De-Anonymizing Hidden Services 22 5.1 Censys.io SSL Certificates 23 5.2 Searching Shodan for Hidden Services 24 5.3 Checking an IP Address for Tor Usage 24 5.4 Additional Resources 25 6. Conclusion 26 2 Dark Web Investigation Guide 1 1. Introduction 3 Introduction 1 There is a lot of confusion about what the dark web is vs. the deep web. The dark web is part of the Internet that is not accessible through traditional means. It requires that you use a technology like Tor (The Onion Router) or I2P (Invisible Internet Project) in order to access websites, email or other services. The deep web is slightly different. The deep web is made of all the webpages or entire websites that have not been crawled by a search engine. This could be because they are hidden behind paywalls or require a username and password to access. We are going to be setting up access to the dark web with a focus on the Tor network. We are going to accomplish this in two different ways. The first way is to use the Tor Browser to get Google Chrome connected to the the Tor network. This is the less private and secure option, but it is the easiest to set up and use and is sufficient for accessing material on the dark web.
    [Show full text]
  • Tor: the Second-Generation Onion Router (2014 DRAFT V1)
    Tor: The Second-Generation Onion Router (2014 DRAFT v1) Roger Dingledine Nick Mathewson Steven Murdoch The Free Haven Project The Free Haven Project Computer Laboratory [email protected] [email protected] University of Cambridge [email protected] Paul Syverson Naval Research Lab [email protected] Abstract Perfect forward secrecy: In the original Onion Routing We present Tor, a circuit-based low-latency anonymous com- design, a single hostile node could record traffic and later munication service. This Onion Routing system addresses compromise successive nodes in the circuit and force them limitations in the earlier design by adding perfect forward se- to decrypt it. Rather than using a single multiply encrypted crecy, congestion control, directory servers, integrity check- data structure (an onion) to lay each circuit, Tor now uses an ing, configurable exit policies, anticensorship features, guard incremental or telescoping path-building design, where the nodes, application- and user-selectable stream isolation, and a initiator negotiates session keys with each successive hop in practical design for location-hidden services via rendezvous the circuit. Once these keys are deleted, subsequently com- points. Tor is deployed on the real-world Internet, requires promised nodes cannot decrypt old traffic. As a side benefit, no special privileges or kernel modifications, requires little onion replay detection is no longer necessary, and the process synchronization or coordination between nodes, and provides of building circuits is more reliable, since the initiator knows a reasonable tradeoff between anonymity, usability, and ef- when a hop fails and can then try extending to a new node.
    [Show full text]
  • An Analysis of Private Browsing Modes in Modern Browsers
    An Analysis of Private Browsing Modes in Modern Browsers Gaurav Aggarwal Elie Bursztein Collin Jackson Dan Boneh Stanford University CMU Stanford University Abstract Even within a single browser there are inconsistencies. We study the security and privacy of private browsing For example, in Firefox 3.6, cookies set in public mode modes recently added to all major browsers. We first pro- are not available to the web site while the browser is in pose a clean definition of the goals of private browsing private mode. However, passwords and SSL client cer- and survey its implementation in different browsers. We tificates stored in public mode are available while in pri- conduct a measurement study to determine how often it is vate mode. Since web sites can use the password man- used and on what categories of sites. Our results suggest ager as a crude cookie mechanism, the password policy that private browsing is used differently from how it is is inconsistent with the cookie policy. marketed. We then describe an automated technique for Browser plug-ins and extensions add considerable testing the security of private browsing modes and report complexity to private browsing. Even if a browser ad- on a few weaknesses found in the Firefox browser. Fi- equately implements private browsing, an extension can nally, we show that many popular browser extensions and completely undermine its privacy guarantees. In Sec- plugins undermine the security of private browsing. We tion 6.1 we show that many widely used extensions un- propose and experiment with a workable policy that lets dermine the goals of private browsing.
    [Show full text]
  • Piracy Versus Privacy: an Analysis of Values Encoded in the Piratebrowser
    International Journal of Communication 9(2015), 818–838 1932–8036/20150005 Piracy Versus Privacy: An Analysis of Values Encoded in the PirateBrowser BALÁZS BODÓ University of Amsterdam, Institute for Information Law The Netherlands The PirateBrowser is a Web browser that uses Tor privacy-enhancing technology to circumvent nationally implemented Internet filters blocking access to The Pirate Bay. This article analyzes the possible consequences of a mass influx of copyright pirates into the privacy domain. The article addresses the effects of the uptake of strong privacy technologies by pirates on copyright enforcement and on free speech and privacy technology domains. Also discussed are the norms and values reflected in the specific design choices taken by the developers of the PirateBrowser. Keywords: piracy, privacy, Tor, privacy-enhancing technologies, policy Introduction Tor (The Onion Router), “endorsed by Egyptian activists, WikiLeaks, NSA, GCHQ, Chelsea Manning, Snowden” (Dingledine & Appelbaum, 2013), is a volunteer network of computers that relays Web traffic through itself to provide anonymous, unobserved, and uncensored access to the Internet. It has about 4,000 relays and about 1,000 exit nodes. Tor users connect to the network, and their Web traffic is channeled through the internal relays to reach its final destination through one of the exit nodes. This arrangement makes the identification and surveillance of Tor users difficult. Anonymity is promised by the difficulty of tracing the Web traffic that appears on the exit node back to the individual who initiated the traffic, as long as there is a sufficient number of internal hops in between. Protection from surveillance is granted by the fact that each link in the communication chain is encrypted.
    [Show full text]
  • Jacob Appelbaum, Wikileaks Activist and Tor Project Leader, Travels to Beijing to Work with Artist/Activist Ai We
    Breaking News: Jacob Appelbaum, Wikileaks activist and Tor Project leader, travels to Beijing to work with artist/activist Ai Weiwei for Rhizome's Seven on Seven conference at the New Museum. Laura Poitras documents the pair in her first film since Citizenfour, premiering excerpts at the event on May 2. On Saturday, April 19, Jacob Appelbaum—notable Wikileaks and Tor Project activist—traveled to Beijing for five days to take part in a collaboration with dissident artist Ai Weiwei, at the invitation of art- meets-tech organization Rhizome, on the occasion of the seventh Seven on Seven conference at the New Museum. Director Laura Poitras, whose portrait of Edward Snowden won the 2015 Academy Award for Documentary Feature, filmed the duo's work. Seven on Seven is an annual signature conference with a unique format that pairs artists and technologists together to make something new in 24 hours. The pair worked to create an artwork that underscores their mutual concerns with privacy, surveillance, and their state-restricted movement. Excerpts of the short film documenting this collaboration—Poitras' first since Citizenfour—will be premiered at the event, held at New Museum in New York on May 2, and the final film will be released online later in May. The Appelbaum/Ai collaboration was organized by Heather Corcoran, Executive Director of Rhizome, who said: “It was important to bring together these two courageous people who are disseminating their messages using art and technology, respectively, and facing similar levels of scrutiny and hardship as a result. It represents the best that Rhizome achieves with Seven on Seven, which brings the worlds of technology and art into closer proximity, to share strategies for thinking critically about digital culture and communicating those ideas.
    [Show full text]
  • Security Analysis of Instant Messenger Torchat
    TALLINN UNIVERSITY OF TECHNOLOGY Faculty of Information Technology Department of Informatics Chair of Software Engineering Security Analysis of Instant Messenger TorChat Master's Thesis Student: Rain Viigipuu Student code: 072125 Supervisor: Alexander Norta, PhD External Supervisor: Arnis Parˇsovs, MSc TALLINN 2015 Abstract TorChat is a peer-to-peer instant messenger built on top of the Tor network that not only provides authentication and end-to-end encryption, but also allows the communication parties to stay anonymous. In addition, it prevents third parties from even learning that communication is taking place. The aim of this thesis is to document the protocol used by TorChat and to analyze the security of TorChat and its reference implementation. The work shows that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation, communication confirmation and denial-of-service attacks. 2 Contents 1 Introduction 6 2 Tor and Hidden Services 8 2.1 Hidden Services . .9 2.1.1 Hidden service address . 11 3 TorChat 12 3.1 Managing Contacts and Conversations . 12 3.2 Configuration Options . 16 4 TorChat Protocol 17 4.1 Handshake . 17 4.2 File Transfers . 18 4.3 Protocol Messages . 19 4.3.1 not implemented . 19 4.3.2 ping . 20 4.3.3 pong . 21 4.3.4 client . 22 4.3.5 version . 22 4.3.6 status . 22 4.3.7 profile name . 23 4.3.8 profile text . 23 4.3.9 profile avatar alpha . 24 4.3.10 profile avatar . 24 4.3.11 add me.............................
    [Show full text]
  • The Potential Harms of the Tor Anonymity Network Cluster Disproportionately in Free Countries
    The potential harms of the Tor anonymity network cluster disproportionately in free countries Eric Jardinea,1,2, Andrew M. Lindnerb,1, and Gareth Owensonc,1 aDepartment of Political Science, Virginia Tech, Blacksburg, VA 24061; bDepartment of Sociology, Skidmore College, Saratoga Springs, NY 12866; and cCyber Espion Ltd, Portsmouth PO2 0TP, United Kingdom Edited by Douglas S. Massey, Princeton University, Princeton, NJ, and approved October 23, 2020 (received for review June 10, 2020) The Tor anonymity network allows users to protect their privacy However, substantial evidence has shown that the preponder- and circumvent censorship restrictions but also shields those ance of Onion/Hidden Services traffic connects to illicit sites (7). distributing child abuse content, selling or buying illicit drugs, or With this important caveat in mind, our data also show that the sharing malware online. Using data collected from Tor entry distribution of potentially harmful and beneficial uses is uneven, nodes, we provide an estimation of the proportion of Tor network clustering predominantly in politically free regimes. In particular, users that likely employ the network in putatively good or bad the average rate of likely malicious use of Tor in our data for ways. Overall, on an average country/day, ∼6.7% of Tor network countries coded by Freedom House as “not free” is just 4.8%. In users connect to Onion/Hidden Services that are disproportion- countries coded as “free,” the percentage of users visiting Onion/ ately used for illicit purposes. We also show that the likely balance Hidden Services as a proportion of total daily Tor use is nearly of beneficial and malicious use of Tor is unevenly spread globally twice as much or ∼7.8%.
    [Show full text]