DOCSLIB.ORG

Cloudless Wide Area Friend-To-Friend Networking Middleware for Smartphones

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cloudless Wide Area Friend-to-Friend Networking Middleware for Smartphones Jo Inge Arnes and Randi Karlsen Department of Computer Science, UiT The Arctic University of Norway, Tromsø, Norway Keywords: Cloudless Peer-to-peer Mobile Communication, Friend-to-friend Networking, Unreachable IP Address. Abstract: Swirlwave is a middleware that enables peer-to-peer and distributed computing for Internet-connected de- vices that lack publicly reachable Internet Protocol (IP) addresses, that can be expected to disconnect from the network for periods of time, and that frequently change network locations. This is the typical case for smartphones. The middleware fits into the friend-to-friend subcategory of peer-to-peer systems, meaning that the overlay network is built on top of already existing trust relationships among its users. It is independent of clouds and application servers, it supports encryption for confidentiality and authentication, and it aims to be easily extensible for new applications. The solution described in this paper is implemented for smartphones running the Android operating system, but its principles are not limited to this. 1 INTRODUCTION cerning the app are managed there. The provider of the app usually gathers metadata about user activities, Smartphones and their Internet features are used in a such as whom they communicate with, when, where, wide range of areas in people’s lives. Examples are how often and about what. online banking, keeping up with news, education, ca- The extensive use of cloud services also raises reer, looking up health information, sharing pictures concerns with respect to waste of computing re- and videos, social networking, navigating in traffic, sources. Smartphones today have as much process- just to mention a few. In the U.S. 77 % use their phone ing power, memory, and storage capacity as a typical to share pictures, videos, or comments about events desktop PC a decade ago. With the increasing popu- happening in their community, and nearly one-in- larity of smartphones (Myers, 2016), it seems sensible three smartphone owners frequently use their phone to explore ways to harness more of these hardware re- for navigation (Smith, 2015). sources. The way a user accesses such services is generally An alternative to the cloud-based solutions is to through apps supported by an online service, where enable smartphones to communicate directly in a data is stored in the service provider’s data centers peer-to-peer fashion over the Internet. However, this or cloud services. This makes it possible to access is not a trivial solution, since smartphones usually data from multiple devices, and share with others, lack publicly reachable IP addresses and often change for example by sending a picture to friends through networks, which makes it difficult to keep track of the Snapchat1. In this case, the picture is uploaded to devices’ addresses. Most smartphone apps of today, Snapchat’s servers, the recipient friends are notified therefore, depend on clouds or application servers and can see the picture in their Snapchat app, which as middlemen to enable communication between de- downloads the picture from the Snapchat data center. vices. Smartphone apps that let users share and commu- In this work, we describe a novel approach to nicate with others over the Internet are commonly mobile peer-to-peer communication in wide area net- supported by cloud services, where communication works, which allows direct communication between passes through the cloud data centers. This can be a devices that frequently change networks and lack source of privacy concerns. In addition to storing data public IP addresses. We introduce Swirlware, a mid- that the user uploads, many other types of data con- dleware that enables wide area peer-to-peer commu- nication for smartphones, without the need for clouds 1https://www.snapchat.com or application servers for storing, processing, or shar- 255 Arnes, J. and Karlsen, R. Cloudless Wide Area Friend-to-Friend Networking Middleware for Smartphones. DOI: 10.5220/0006830102550264 In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications (ICETE 2018) - Volume 1: DCNET, ICE-B, OPTICS, SIGMAP and WINSYS, pages 255-264 ISBN: 978-989-758-319-3 Copyright © 2018 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved WINSYS 2018 - International Conference on Wireless Networks and Mobile Systems ing data. Our approach also supports incorporating form for building peer web. It is described as an open- smartphones as nodes in a peer-to-peer or distributed source software platform for creating apps that exploit system, so that storage and processing capacities of the power of personal devices and put people in con- the smartphones can be utilized as part of a bigger trol of their data. Thali planned to use the Tor Onion whole. Service protocol4 (called hidden services at the time), Experiments show that Swirlwave handles cloud- the same protocol as Swirlwave builds on, but aban- less, mobile peer-to-peer communication well. It en- doned the idea, since onion services were designed for ables smartphones to be directly reached and sup- stationary services, not mobile ones.5 It is clear from ports continued communication when devices move the project’s homepage that Thali instead communi- between networks. cates over Bluetooth Low Energy (BLE), Bluetooth, In the following, we first compare Swirlwave to and Wi-Fi direct, none of which are wide area com- related work. We then give an overview of the pro- munications. In contrast to Thali, Swirlwave provides posed system, describing the architecture and under- functionality that enables the use of the Tor Onion lying communication. Section 4 describes the Swirl- Service protocol on mobile devices, can thus support wave middleware. Experiments and results are pre- wide area mobile communication. sented in Section 5, while the last sections present discussions and conclusion. 3 MOBILE PEER-TO-PEER COMMUNICATION WITHOUT 2 RELATED WORK PUBLIC IP ADDRESS The Swirlwave middleware provides a novel solution to peer-to-peer mobile communication, where obsta- This section describes the architecture for Swirlwave cles, such as unreachable IP addresses, disconnec- and how it builds on Tor and the Tor Onion Service tions and frequently changing network locations, are protocol6. We also describe the problem of unreach- handled. We here describe how Swirlwave relates to able IP addresses. previous work on mobile communication. Popescu et al. (Popescu et al., 2006) describe a 3.1 Unreachable Addresses friend-to-friend (F2F) architecture, called Turtle, for safe sharing of sensitive data. As Swirlwave, it builds Usually, when a personal computer is connected to the an overlay network from pre-existing trust relation- Internet, other computers cannot directly contact it. ships. Turtle differs from Swirlwave by being a the- This is because of network address translation (NAT). oretical description of a file sharing network archi- The computer can initiate contact with a server, but tecture, where search queries are flooded through the it cannot act as a server itself. The same is true for network. Swirlwave, on the other hand, is a mid- smartphones. The reason is that computers are not dleware enabling friend-to-friend networking without directly connected to the Internet, but are part of a being tied to specific applications. local area network (LAN) that communicates with the A variety of apps for using smartphones as servers outside world through a router. exist, for example, web servers for Android, but they Devices on a LAN are assigned IP addresses that only work as part of a local area network. To connect, are only valid inside the LAN. In the most common clients must be on the same local area network as the configuration, IPs are assigned by a DHCP-server. A server. This is a serious restriction when using mo- device is given an address when it connects to a LAN, bile devices. Swirlwave enables smartphone server but this address can be different the next time the de- apps to be available outside local area networks and vice connects to the same network. continue communicating with clients despite network When a computer connects to a server on the Inter- changes. net, the server will see the IP of the router. The server Orbot2 allows smartphones to be reached outside sends its replies to the router, which performs network local area networks, but it has no mechanism for address translation and routes the traffic to the correct changing addresses when the smartphone changes lo- computer (Comer, 2014). IPs of computers inside the cation. This problem is solved in Swirlwave, which LAN are not reachable from the Internet. This is also handles address changes. 4 Thali3 is a Microsoft sponsored experimental plat- https://www.torproject.org/docs/onion- services.html.en 2https://guardianproject.info/apps/orbot 5http://thaliproject.org/ThaliAndTorHiddenServices 3http://thaliproject.org 6https://www.torproject.org 256 Cloudless Wide Area Friend-to-Friend Networking Middleware for Smartphones the case for smartphones connected to the Internet via by other peers. To contact a server, the client appli- local Wi-Fi or cellular data such as 4G. cation need not know the address of the server peer. Neither does it need to know how to connect to the 3.2 Architecture underlying communication service Tor. A system based on Swirlwave has a shared-nothing architecture with independent and self-sufficient nodes that do not
Recommended publications
  • Pairing-Based Onion Routing with Improved Forward Secrecy ∗

    Pairing-Based Onion Routing with Improved Forward Secrecy ∗

    Pairing-Based Onion Routing with Improved Forward Secrecy ∗ Aniket Kate Greg M. Zaverucha Ian Goldberg David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, Canada N2L 3G1 {akate,gzaveruc,iang}@cs.uwaterloo.ca Abstract This paper presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to forge new onion routing circuit constructions. These constructions, based on a user’s selection, offer immediate or eventual forward secrecy at each node in a circuit and require significantly less computation and communication than the telescoping mechanism used by Tor. Further, the use of the identity-based infrastructure also leads to a reduction in the required amount of authenticated directory information. Therefore, our constructions provide practical ways to allow onion routing anonymity networks to scale gracefully. Keywords: onion routing, Tor, pairing-based cryptography, anonymous key agreement, forward secrecy 1 Introduction Over the years, a large number of anonymity networks have been proposed and some have been implemented. Common to many of them is onion routing [RSG98], a technique whereby a message is wrapped in multiple layers of encryption, forming an onion. As the message is delivered via a number of intermediate onion routers (ORs), or nodes, each node decrypts one of the layers, and forwards the message to the next node. This idea goes back to Chaum [Cha81] and has been used to build both low- and high-latency communication networks. A common realization of an onion routing system is to arrange a collection of nodes that will relay traffic for users of the system.
  • Into the Reverie: Exploration of the Dream Market

    Into the Reverie: Exploration of the Dream Market

    Into the Reverie: Exploration of the Dream Market Theo Carr1, Jun Zhuang2, Dwight Sablan3, Emma LaRue4, Yubao Wu5, Mohammad Al Hasan2, and George Mohler2 1Department of Mathematics, Northeastern University, Boston, MA 2Department of Computer & Information Science, Indiana University - Purdue University, Indianapolis, IN 3Department of Mathematics and Computer Science, University of Guam, Guam 4Department of Mathematics and Statistics, University of Arkansas at Little Rock, AK 5Department of Computer Science, Georgia State University, Atlanta, GA [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Since the emergence of the Silk Road market in Onymous" in 2014, a worldwide action taken by law enforce- the early 2010s, dark web ‘cryptomarkets’ have proliferated and ment and judicial agencies aimed to put a kibosh on these offered people an online platform to buy and sell illicit drugs, illicit behaviors [5]. Law enforcement interventions such as relying on cryptocurrencies such as Bitcoin for anonymous trans- actions. However, recent studies have highlighted the potential for Onymous, along with exit scams and hacks, have successfully de-anonymization of bitcoin transactions, bringing into question shut down numerous cryptomarkets, including AlphaBay, Silk the level of anonymity afforded by cryptomarkets. We examine a Road, Dream, and more recently, Wall Street [6]. Despite these set of over 100,000 product reviews from several cryptomarkets interruptions, new markets have continued to proliferate. The collected in 2018 and 2019 and conduct a comprehensive analysis authors of [7] note that there appears to be a consistent daily of the markets, including an examination of the distribution of drug sales and revenue among vendors, and a comparison demand of about $500,000 for illicit products on the dark web, of incidences of opioid sales to overdose deaths in a US city.
  • Improving Signal's Sealed Sender

    Improving Signal's Sealed Sender

    Improving Signal’s Sealed Sender Ian Martiny∗, Gabriel Kaptchuky, Adam Avivz, Dan Rochex, Eric Wustrow∗ ∗University of Colorado Boulder, fian.martiny, [email protected] yBoston University, [email protected] zGeorge Washington University, [email protected] xU.S. Naval Avademy, [email protected] Abstract—The Signal messaging service recently deployed a confidential support [25]. In these cases, merely knowing to sealed sender feature that provides sender anonymity by crypto- whom Alice is communicating combined with other contextual graphically hiding a message’s sender from the service provider. information is often enough to infer conversation content with- We demonstrate, both theoretically and empirically, that this out reading the messages themselves. Former NSA and CIA one-sided anonymity is broken when two parties send multiple director Michael Hayden succinctly illustrated this importance messages back and forth; that is, the promise of sealed sender of metadata when he said the US government “kill[s] people does not compose over a conversation of messages. Our attack is in the family of Statistical Disclosure Attacks (SDAs), and is made based on metadata” [29]. particularly effective by delivery receipts that inform the sender Signal’s recent sealed sender feature aims to conceal this that a message has been successfully delivered, which are enabled metadata by hiding the message sender’s identity. Instead of by default on Signal. We show using theoretical and simulation- based models that Signal could link sealed sender users in as seeing a message from Alice to Bob, Signal instead observes few as 5 messages. Our attack goes beyond tracking users via a message to Bob from an anonymous sender.
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.
  • Improving Signal's Sealed Sender

    Improving Signal's Sealed Sender

    Improving Signal’s Sealed Sender Ian Martiny∗, Gabriel Kaptchuky, Adam Avivz, Dan Rochex, Eric Wustrow∗ ∗University of Colorado Boulder, fian.martiny, [email protected] yBoston University, [email protected] zGeorge Washington University, [email protected] xU.S. Naval Avademy, [email protected] Abstract—The Signal messaging service recently deployed a confidential support [25]. In these cases, merely knowing to sealed sender feature that provides sender anonymity by crypto- whom Alice is communicating combined with other contextual graphically hiding a message’s sender from the service provider. information is often enough to infer conversation content with- We demonstrate, both theoretically and empirically, that this out reading the messages themselves. Former NSA and CIA one-sided anonymity is broken when two parties send multiple director Michael Hayden succinctly illustrated this importance messages back and forth; that is, the promise of sealed sender of metadata when he said the US government “kill[s] people does not compose over a conversation of messages. Our attack is in the family of Statistical Disclosure Attacks (SDAs), and is made based on metadata” [29]. particularly effective by delivery receipts that inform the sender Signal’s recent sealed sender feature aims to conceal this that a message has been successfully delivered, which are enabled metadata by hiding the message sender’s identity. Instead of by default on Signal. We show using theoretical and simulation- based models that Signal could link sealed sender users in as seeing a message from Alice to Bob, Signal instead observes few as 5 messages. Our attack goes beyond tracking users via a message to Bob from an anonymous sender.
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations

    A Framework for Identifying Host-Based Artifacts in Dark Web Investigations

    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
  • 20141228-Spiegel-Overview on Internet Anonymization Services On

    20141228-Spiegel-Overview on Internet Anonymization Services On

    (C//REL) Internet Anonymity 2011 TOP SECRET//COMINT REL TO USA,FVEY Jt * (C//REL) What is Internet Anonymity? (U) Many Possible Meanings/Interpretations (S//REL) Simply Not Using Real Name for Email (S//REL) Private Forum with Unadvertised Existence (S//REL) Unbeatable Endpoint on Internet (S//REL) This Talk Concerns Endpoint Location (S//REL) The Network Address (IP Address) is Crucial (S//REL) It is Not Always Sufficient, However • (S//REL) Dynamic IP Address • (S//REL) Mobile Device TOP SECRET//COMINT REL TO USA,FVEY FT ^I^hHHPPI^^B äim f (C//REL) What is Internet Anonymity? (S//REL) Anonymity Is Not Simply Encryption (S//REL) Encryption Can Simply Hide Content (S//REL) Anonymity Masks the MetaData and hence association with user (S//SI//REL) Importance of MetaData to SIGINT post-2001 can not be overstated (S//REL) There is also anonymity specifically for publishing information (S//REL) Beyond the Scope of this Talk! (U) Anonymity is the antithesis of most business transactions (but encryption may be crucial) (U) Authentication for monetary exchange (U) Marketing wants to know customer well (U) The same goes for Taxing Authorities :-) TOP SECRET//COMINT REL TO USA,FVEY 3 A j. • " * (C//REL) Who Wants Internet ity2 Vm k m j®- * k (U) All Technology is Dual-Use - (U) Nuclear Weapon to Plug Oil Well - (U) Homicide by Hammer (U) Internet Anonymity for Good T - (U) Anonymous Surveys (Ex: Diseases) - (U) Human Rights Bloggers - (U) HUMINT Sources TOP SECRET//COMINT REL TO USA,FVEY 4 , A - Jt (C//REL) Who Wants Internet m •A w (U) Internet
  • Torward: DISCOVERY, BLOCKING, and TRACEBACK of MALICIOUS TRAFFIC OVER Tor 2517

    Torward: DISCOVERY, BLOCKING, and TRACEBACK of MALICIOUS TRAFFIC OVER Tor 2517

    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 10, NO. 12, DECEMBER 2015 2515 TorWard: Discovery, Blocking, and Traceback of Malicious Traffic Over Tor Zhen Ling, Junzhou Luo, Member, IEEE,KuiWu,Senior Member, IEEE, Wei Yu, and Xinwen Fu Abstract— Tor is a popular low-latency anonymous communi- I. INTRODUCTION cation system. It is, however, currently abused in various ways. OR IS a popular overlay network that provides Tor exit routers are frequently troubled by administrative and legal complaints. To gain an insight into such abuse, we designed Tanonymous communication over the Internet for and implemented a novel system, TorWard, for the discovery and TCP applications and helps fight against various Internet the systematic study of malicious traffic over Tor. The system censorship [1]. It serves hundreds of thousands of users and can avoid legal and administrative complaints, and allows the carries terabyte of traffic daily. Unfortunately, Tor has been investigation to be performed in a sensitive environment such abused in various ways. Copyrighted materials are shared as a university campus. An intrusion detection system (IDS) is used to discover and classify malicious traffic. We performed through Tor. The black markets (e.g., Silk Road [2], an comprehensive analysis and extensive real-world experiments to online market selling goods such as pornography, narcotics validate the feasibility and the effectiveness of TorWard. Our or weapons1) can be deployed through Tor hidden service. results show that around 10% Tor traffic can trigger IDS alerts. Attackers also run botnet Command and Control (C&C) Malicious traffic includes P2P traffic, malware traffic (e.g., botnet servers and send spam over Tor.
  • Optical Onion Routing

    Optical Onion Routing

    Optical Onion Routing Anna Engelmann and Admela Jukan Technische Universitat¨ Carolo-Wilhelmina zu Braunschweig, Germany Email: fa.engelmann, [email protected] Abstract—As more and more data is transmitted in the depend on number and dependability of volunteer systems, configurable optical layer, – whereby all optical switches forward the privacy features in optical network need to be approached packets without electronic layers involved, we envision privacy as differently: for instance, it is a telecom operator that should the intrinsic property of future optical networks. In this paper, we be able offer a private optical communication service as a propose Optical Onion Routing (OOR) routing and forwarding value added feature. For instance, for some client networks techniques, inspired by the onion routing in the Internet layer, - an optical network can grant anonymous access to third-party the best known realization of anonymous communication today, – but designed with specific features innate to optical networks. servers in the cloud, whereby the traffic contents and the origin We propose to design the optical anonymization network system of requests can remain secret for both the attacker as well as with a new optical anonymization node architecture, including the cloud provider. In designing an anonymous optical network the optical components and their electronic counterparts to akin to Tor, however, several obstacles need to be overcome, realize layered encryption. We propose modification to the secret since the main features need to be primarily implemented in key generation using Linear Feedback Shift Register (LFSR), – photonics, i.e., without intervention of electronics, such as able to utilize different primitive irreducible polynomials, and encryption, traffic routing, and session key distribution.
  • Walking Onions: Scaling Anonymity Networks While Protecting Users

    Walking Onions: Scaling Anonymity Networks While Protecting Users

    Walking Onions: Scaling Anonymity Networks while Protecting Users Chelsea H. Komlo Nick Mathewson Ian Goldberg University of Waterloo The Tor Project University of Waterloo Abstract Anonymity networks in practice [13] have prevented these Scaling anonymity networks offers unique security chal- attacks by requiring all participants to share a globally consis- lenges, as attackers can exploit differing views of the net- tent view of the entire state of the network, and giving clients work’s topology to perform epistemic and route capture at- complete control over selecting relays for their paths. While tacks. Anonymity networks in practice, such as Tor, have this approach prevents the described attacks, requiring a glob- opted for security over scalability by requiring participants ally consistent view results in quadratic bandwidth growth as to share a globally consistent view of all relays to prevent the number of clients increases [26], because the number of these kinds of attacks. Such an approach requires each user relays must also increase to provide more capacity, and all to maintain up-to-date information about every relay, causing parties must download information about all relays. While the total amount of data each user must download every epoch today’s Tor network requires only approximately half a per- to scale linearly with the number of relays. As the number cent of its total bandwidth to serve network state [39, 41], of clients increases, more relays must be added to provide increasing the number of clients and relays by one order of bandwidth, further exacerbating the total load on the network. magnitude would result in the consumption of roughly five In this work, we present Walking Onions, a set of proto- percent of the network’s (ten times larger) total bandwidth cols improving scalability for anonymity networks.
  • Co-Pilot Learnings

    Co-Pilot Learnings

    DECEMBER 1, 2014 - JUNE 30, 2015 SUBMITTED TO: The Knight Foundation Knight Prototype Fund Grant PROJECT CONTACTS: Seamus Tuohy, Sr. Technologist and Risk Advisor Email: [email protected] Megan DeBlois, Program Coordinator Email: [email protected] 1 Table of Contents 1. Acknowledgements 2. About Internews 3. Executive Summary 3.0.1. Findings 3.0.2. Limitations 3.0.3. Recommendations 4. Research Approach 5. Major Findings 5.1. Adoption: Making Co-Pilot valuable to the trainer community 5.2. Adaptation: Ensuring the growth and long-term stability of Co-Pilot 6. Limitations 6.1. Duty of Care: Simulating hostile environments without causing trauma 7. Recommendations 7.1. Simulations: The creation and sharing of accurate reproductions of regional censorship 7.2. Context Appropriate: Supporting the diversity of training environments 7.3. Documentation: Removing trainer uncertainty 8. Conclusion 2 1. ACKNOWLEDGEMENTS The Co-Pilot project was made possible through funding from the Knight Foundation, and continuous support and cooperation of Chris Barr and Nina Zenni. Co-Pilot is a product of Internews' Internet and Communications Technology (ICT) program. Co- Pilot was designed by Seamus Tuohy (Sr. Technologist and Risk Advisor, ICT Programs) and Megan DeBlois (Program Coordinator, ICT Training Programs). Research implementation was led by Megan DeBlois. Technical development was led by Seamus Tuohy. We are indebted to the trainers and developers who volunteered their deep knowledge and critical feedback during the research phases of the project. For privacy reasons, we will not list all of your here. A special thanks to Internews' Nick Sera-Leyva for his insights as a trainer and his support with the trainer community We would also like to acknowledge the Internews management team, and specifically Jon Camfield for his technical review and inputs during the peer review processes, and his deep commitment during the development phase of the project.
  • Technical and Legal Overview of the Tor Anonymity Network

    Technical and Legal Overview of the Tor Anonymity Network

    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5