DOCSLIB.ORG

Understanding Tor Usage with Privacy-Preserving Measurement

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Understanding Tor Usage with Privacy-Preserving Measurement Akshaya Mani•∗ T Wilson-Brown‡∗ Rob Jansen| Aaron Johnson| Micah Sherr• •Georgetown University zUNSW Canberra Cyber, University of New South Wales am3227,micah.sherr @georgetown.edu [email protected] f g |U.S. Naval Research Laboratory rob.g.jansen, aaron.m.johnson @nrl.navy.mil f g ABSTRACT store data about clients, traffic patterns, sites visited, The Tor anonymity network is difficult to measure because, etc.|information that may otherwise not be collected if not done carefully, measurements could risk the privacy for privacy reasons. Even if the entities collecting this (and potentially the safety) of the network’s users. Recent information are honest, the exposure of the data (e.g., work has proposed the use of differential privacy and secure through machine compromise or compulsion from gov- aggregation techniques to safely measure Tor, and prelimi- ernment authorities) could pose serious privacy risks. nary proof-of-concept prototype tools have been developed Additionally, the dissemination of even highly aggre- in order to demonstrate the utility of these techniques. In this gated measurement information risks users' privacy since work, we significantly enhance two such tools—PrivCount adversaries could potentially combine this data with and Private Set-Union Cardinality—in order to support the background knowledge (e.g., when a tweet was posted, safe exploration of new types of Tor usage behavior that have ISP logs showing user accesses to the Tor network, etc.) never before been measured. Using the enhanced tools, we to deanonymize users [16]. conduct a detailed measurement study of Tor covering three In addition to user privacy and safety, monitoring major aspects of Tor usage: how many users connect to Tor communication is antithetical to the mission of the Tor and from where do they connect, with which destinations do network. For this reason, the Tor Metrics Portal [43], users most frequently communicate, and how many onion a data repository that archives information about the services exist and how are they used. Our findings include anonymity network's size, makeup, and capacity, pro- that Tor has ∼8 million daily users (a factor of four more vides only a limited number of statistics, many of which than previously believed) while Tor user IPs turn over al- are based on indirect measurements and assumptions of most twice in a 4 day period. We also find that ∼40% of the Tor client behavior. We demonstrate in this paper that sites accessed over Tor have a torproject.org domain name, some of Tor's estimates do not correlate well with our ∼10% of the sites have an amazon.com domain name, and own direct observations of user behavior. ∼80% of the sites have a domain name that is included in Other efforts to measure Tor, such as those that record the Alexa top 1 million sites list. Finally, we find that ∼90% packets at Tor's ingress and egress points, can pose se- of lookups for onion addresses are invalid, and more than rious ethical and legal issues: they rely on unsafe [41] 90% of attempted connections to onion services fail. (and potentially unlawful [40]) techniques that would be difficult to repeat. As a result, such studies have arXiv:1809.08481v1 [cs.CR] 22 Sep 2018 1. INTRODUCTION been met with criticism by the privacy community [40]. Toward safe Tor measurement The Tor network has been in operation since 2003 [18], . There has been an enabling millions of daily users [43] to anonymously ac- exciting recent trend in the literature that proposes dif- cess the Internet. Despite its relative longevity, grow- ferentially private [21] statistics collection techniques ing popularity, and prominence as a privacy-enhancing for anonymity networks such as Tor. Systems such as communication tool, surprisingly little is known about PrivEx [23], PrivCount [27], HisTor [36], and PSC [24] who uses Tor and how they use it. enable useful statistics collection while providing for- mal guarantees about the privacy risks they impose Challenges in Measuring Tor. The primary chal- on the network's users. However, to date, researchers lenge in conducting measurements on the Tor network have (rightfully) focused on developing these privacy- is that, if not done with extreme care, they can im- preserving measurement techniques rather than on per- pose significant risk to the network's users. The col- forming exhaustive measurements of deployed anonymity lection of statistical information implies the need to networks such as Tor. ∗Equally credited authors. 1 Our Contributions. This paper presents the largest ethical validity of our study, and describe our experi- and most comprehensive measurement study of the Tor ences with institutional ethics boards and an indepen- network to date, performed using newly proposed differ- dent safety review board. entially private statistics collection techniques. To con- duct our study, we modify Tor and significantly enhance 2. BACKGROUND and improve PrivCount [27] and PSC [24] (described in We begin by presenting a brief overview of Tor and more detail in the following section) to support a larger reviewing the privacy definitions and privacy-preserving variety of measurements, and contribute our improve- measurement tools we use in our study. ments to the respective open source projects. We run 16 Tor relays that contribute approximately 3.5% of Tor's 2.1 Tor bandwidth capacity, and deploy our measurement sys- Tor provides anonymous TCP connections through tems across these relays in order to safely collect mea- source-routed paths that originate at the Tor client (i.e., surements of the live Tor network. We extend previ- the user) and traverse through (usually) three relays. ous statistical methodology to enable unique-counting Traffic enters the Tor network through guard relays. on Tor, and extend privacy definitions (action bounds) Middle relays carry traffic from guard relays to exit to cover new types of user activity. We also describe relays, where the traffic exits the anonymity network. the challenges and tactics for selecting appropriate pri- These anonymous paths through Tor relays are called vacy parameters to ensure Tor users' safety, as well as circuits. The unit of transport in Tor circuits is the cell: methods for inferring whole-network statistics given lo- Tor cells carry encrypted routing information and 498 cal observations at our relays. bytes of data [17]. The encryption of application-level Using our improved measurement tools and extended headers and payloads makes it difficult for an adversary techniques, we conduct a detailed measurement study to perform traffic analysis on circuits and learn the end- of Tor covering three major aspects of Tor usage: who points or content of communication. connects to Tor and from where do they connect; how Tor has a three-tiered communication architecture. is Tor used and with what services and destinations do A single circuit may carry multiple streams. A Tor Tor users communicate; and how many onion services stream is a logical connection between the client and exist and how are they used. Findings from our client- a single destination (e.g., a webserver), and is roughly based measurements suggest that Tor has ∼8 million analogous to a standard TCP connection. A request to daily users, which is a factor of four more than previ- retrieve a webpage may produce several streams (e.g., ously believed. We are the first to measure client churn to example:com and ads:example:com) that are mul- in Tor, and we find that Tor user IPs turn over almost tiplexed over a single circuit. Finally, Tor maintains twice in a 4 day period. We also find that ∼40% of the longstanding TLS-encrypted connections between re- sites accessed over Tor have a torproject.org domain lays that are adjacent on some Tor circuit. Communica- name, ∼10% of the sites have an amazon.com domain tion belonging to different circuits that share a common name, and ∼80% of the sites have a domain name that hop between two relays are multiplexed through a sin- is included in the Alexa top 1 million sites list. Fi- gle connection. Similarly, a user's Tor client maintains nally, we find that ∼90% of onion address lookups fail a single connection to each of its guards, through which because the address is missing or the request is mal- multiple circuits (and streams) may be formed. formed, and more than 90% of attempted connections Tor clients periodically download \directory updates" to onion services fail because the server never completes that describe the consensus view of the network. Clients its side of the connection protocol. Our findings both re- send all user data through one guard by default, but inforce existing beliefs about the Tor network (e.g., that directory updates are obtained through three guards the vast majority of its use is for web browsing) and by default. Tor clients avoiding censorship may connect elucidate many aspects of the Tor network that have to the network through bridges [37], which are guards previously not been explored. In some instances, our whose identities are not public and are disseminated by measurements|which are based on direct observations Tor to users requesting them. of behavior on Tor|suggest that existing heuristically- driven estimates of Tor's usage (including the number Onion services. Tor allows services to hide their loca- of Tor users) are highly inaccurate. tions through the use of onion services [42]. As a special Limiting the risk to Tor's users was paramount in (but common) case, when the onion service corresponds both the design and implementation of all of our mea- to a hidden website, we refer to it as an onionsite. surements, and a significant contribution of this work To operate an onion service, the operator selects six is the methodology for choosing system parameters to relays to serve as introduction points.
Recommended publications
  • UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations

    UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations

    UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations Title A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Permalink https://escholarship.org/uc/item/6w76f8x7 Author Swift, Kathy Publication Date 2017 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA Santa Barbara A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Education by Kathleen Anne Swift Committee in charge: Professor Richard Duran, Chair Professor Diana Arya Professor William Robinson September 2017 The dissertation of Kathleen Anne Swift is approved. ................................................................................................................................ Diana Arya ................................................................................................................................ William Robinson ................................................................................................................................ Richard Duran, Committee Chair June 2017 A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Copyright © 2017 by Kathleen Anne Swift iii ACKNOWLEDGEMENTS I would like to thank the members of my committee for their advice and patience as I worked on gathering and analyzing the copious amounts of research necessary to
  • Applications Log Viewer

    Applications Log Viewer

    4/1/2017 Sophos Applications Log Viewer MONITOR & ANALYZE Control Center Application List Application Filter Traffic Shaping Default Current Activities Reports Diagnostics Name * Mike App Filter PROTECT Description Based on Block filter avoidance apps Firewall Intrusion Prevention Web Enable Micro App Discovery Applications Wireless Email Web Server Advanced Threat CONFIGURE Application Application Filter Criteria Schedule Action VPN Network Category = Infrastructure, Netw... Routing Risk = 1-Very Low, 2- FTPS-Data, FTP-DataTransfer, FTP-Control, FTP Delete Request, FTP Upload Request, FTP Base, Low, 4... All the Allow Authentication FTPS, FTP Download Request Characteristics = Prone Time to misuse, Tra... System Services Technology = Client Server, Netwo... SYSTEM Profiles Category = File Transfer, Hosts and Services Confe... Risk = 3-Medium Administration All the TeamViewer Conferencing, TeamViewer FileTransfer Characteristics = Time Allow Excessive Bandwidth,... Backup & Firmware Technology = Client Server Certificates Save Cancel https://192.168.110.3:4444/webconsole/webpages/index.jsp#71826 1/4 4/1/2017 Sophos Application Application Filter Criteria Schedule Action Applications Log Viewer Facebook Applications, Docstoc Website, Facebook Plugin, MySpace Website, MySpace.cn Website, Twitter Website, Facebook Website, Bebo Website, Classmates Website, LinkedIN Compose Webmail, Digg Web Login, Flickr Website, Flickr Web Upload, Friendfeed Web Login, MONITOR & ANALYZE Hootsuite Web Login, Friendster Web Login, Hi5 Website, Facebook Video
  • Consensgx: Scaling Anonymous Communications Networks With

    Consensgx: Scaling Anonymous Communications Networks With

    Proceedings on Privacy Enhancing Technologies ; 2019 (3):331–349 Sajin Sasy* and Ian Goldberg* ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments Abstract: Anonymous communications networks enable 1 Introduction individuals to maintain their privacy online. The most popular such network is Tor, with about two million Privacy is an integral right of every individual in daily users; however, Tor is reaching limits of its scala- society [72]. With almost every day-to-day interaction bility. One of the main scalability bottlenecks of Tor and shifting towards using the internet as a medium, it similar network designs originates from the requirement becomes essential to ensure that we can maintain the of distributing a global view of the servers in the network privacy of our actions online. Furthermore, in light to all network clients. This requirement is in place to of nation-state surveillance and censorship, it is all avoid epistemic attacks, in which adversaries who know the more important that we enable individuals and which parts of the network certain clients do and do not organizations to communicate online without revealing know about can rule in or out those clients from being their identities. There are a number of tools aiming to responsible for particular network traffic. provide such private communication, the most popular In this work, we introduce a novel solution to this of which is the Tor network [21]. scalability problem by leveraging oblivious RAM con- Tor is used by millions of people every day to structions and trusted execution environments in order protect their privacy online [70].
  • Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Citation: Doswell, Stephen (2016) Measurement and management of the impact of mobility on low-latency anonymity networks. Doctoral thesis, Northumbria University. This version was downloaded from Northumbria Research Link: http://nrl.northumbria.ac.uk/30242/ Northumbria University has developed Northumbria Research Link (NRL) to enable users to access the University’s research output. Copyright © and moral rights for items on NRL are retained by the individual author(s) and/or other copyright owners. Single copies of full items can be reproduced, displayed or performed, and given to third parties in any format or medium for personal research or study, educational, or not-for-profit purposes without prior permission or charge, provided the authors, title and full bibliographic details are given, as well as a hyperlink and/or URL to the original metadata page. The content must not be changed in any way. Full items must not be sold commercially in any format or medium without formal permission of the copyright holder. The full policy is available online: http://nrl.northumbria.ac.uk/policies.html MEASUREMENT AND MANAGEMENT OF THE IMPACT OF MOBILITY ON LOW-LATENCY ANONYMITY NETWORKS S.DOSWELL Ph.D 2016 Measurement and management of the impact of mobility on low-latency anonymity networks Stephen Doswell A thesis submitted in partial fulfilment of the requirements of the University of Northumbria at Newcastle for the degree of Doctor of Philosophy Research undertaken in the Department of Computer Science and Digital Technologies, Faculty of Engineering and Environment October 2016 Declaration I declare that the work contained in this thesis has not been submitted for any other award and that it is all my own work.
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
  • Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor Tariq Elahi†, Kevin Bauer†, Mashael AlSabah†, Roger Dingledine‡, Ian Goldberg† †University of Waterloo ‡The Tor Project, Inc. †{mtelahi,k4bauer,malsabah,iang}@cs.uwaterloo.ca ‡[email protected] ABSTRACT parties with anonymity from their communication partners as well Tor is the most popular low-latency anonymity overlay network as from passive third parties observing the network. This is done for the Internet, protecting the privacy of hundreds of thousands by distributing trust over a series of Tor routers, which the network of people every day. To ensure a high level of security against cer- clients select to build paths to their Internet destinations. tain attacks, Tor currently utilizes special nodes called entry guards If the adversary can anticipate or compel clients to choose com- as each client’s long-term entry point into the anonymity network. promised routers then clients can lose their anonymity. Indeed, While the use of entry guards provides clear and well-studied secu- the client router selection protocol is a key ingredient in main- rity benefits, it is unclear how well the current entry guard design taining the anonymity properties that Tor provides and needs to achieves its security goals in practice. be secure against adversarial manipulation and leak no information We design and implement Changing of the Guards (COGS), a about clients’ selected routers. simulation-based research framework to study Tor’s entry guard de- When the Tor network was first launched in 2003, clients se- sign. Using COGS, we empirically demonstrate that natural, short- lected routers uniformly at random—an ideal scheme that provides term entry guard churn and explicit time-based entry guard rotation the highest amount of path entropy and thus the least amount of contribute to clients using more entry guards than they should, and information to the adversary.
  • Introduction Points

    Introduction Points

    Introduction Points Ahmia.fi - Clearnet search engine for Tor Hidden Services (allows you to add new sites to its database) TORLINKS Directory for .onion sites, moderated. Core.onion - Simple onion bootstrapping Deepsearch - Another search engine. DuckDuckGo - A Hidden Service that searches the clearnet. TORCH - Tor Search Engine. Claims to index around 1.1 Million pages. Welcome, We've been expecting you! - Links to basic encryption guides. Onion Mail - SMTP/IMAP/POP3. ***@onionmail.in address. URSSMail - Anonymous and, most important, SECURE! Located in 3 different servers from across the globe. Hidden Wiki Mirror - Good mirror of the Hidden Wiki, in the case of downtime. Where's pedophilia? I WANT IT! Keep calm and see this. Enter at your own risk. Site with gore content is well below. Discover it! Financial Services Currencies, banks, money markets, clearing houses, exchangers. The Green Machine Forum type marketplace for CCs, Paypals, etc.... Some very good vendors here!!!! Paypal-Coins - Buy a paypal account and receive the balance in your bitcoin wallet. Acrimonious2 - Oldest escrowprovider in onionland. BitBond - 5% return per week on Bitcoin Bonds. OnionBC Anonymous Bitcoin eWallet, mixing service and Escrow system. Nice site with many features. The PaypalDome Live Paypal accounts with good balances - buy some, and fix your financial situation for awhile. EasyCoin - Bitcoin Wallet with free Bitcoin Mixer. WeBuyBitcoins - Sell your Bitcoins for Cash (USD), ACH, WU/MG, LR, PayPal and more. Cheap Euros - 20€ Counterfeit bills. Unbeatable prices!! OnionWallet - Anonymous Bitcoin Wallet and Bitcoin Laundry. BestPal BestPal is your Best Pal, if you need money fast. Sells stolen PP accounts.
  • Tor: the Second-Generation Onion Router (2014 DRAFT V1)

    Tor: the Second-Generation Onion Router (2014 DRAFT V1)

    Tor: The Second-Generation Onion Router (2014 DRAFT v1) Roger Dingledine Nick Mathewson Steven Murdoch The Free Haven Project The Free Haven Project Computer Laboratory [email protected] [email protected] University of Cambridge [email protected] Paul Syverson Naval Research Lab [email protected] Abstract Perfect forward secrecy: In the original Onion Routing We present Tor, a circuit-based low-latency anonymous com- design, a single hostile node could record traffic and later munication service. This Onion Routing system addresses compromise successive nodes in the circuit and force them limitations in the earlier design by adding perfect forward se- to decrypt it. Rather than using a single multiply encrypted crecy, congestion control, directory servers, integrity check- data structure (an onion) to lay each circuit, Tor now uses an ing, configurable exit policies, anticensorship features, guard incremental or telescoping path-building design, where the nodes, application- and user-selectable stream isolation, and a initiator negotiates session keys with each successive hop in practical design for location-hidden services via rendezvous the circuit. Once these keys are deleted, subsequently com- points. Tor is deployed on the real-world Internet, requires promised nodes cannot decrypt old traffic. As a side benefit, no special privileges or kernel modifications, requires little onion replay detection is no longer necessary, and the process synchronization or coordination between nodes, and provides of building circuits is more reliable, since the initiator knows a reasonable tradeoff between anonymity, usability, and ef- when a hop fails and can then try extending to a new node.
  • An Investigative Study of Cryptocurrency Abuses in the Dark Web

    An Investigative Study of Cryptocurrency Abuses in the Dark Web

    Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web Seunghyeon Leeyz Changhoon Yoonz Heedo Kangy Yeonkeun Kimy Yongdae Kimy Dongsu Hany Sooel Sony Seungwon Shinyz yKAIST zS2W LAB Inc. {seunghyeon, kangheedo, yeonk, yongdaek, dhan.ee, sl.son, claude}@kaist.ac.kr {cy}@s2wlab.com Abstract—The Dark Web is notorious for being a major known as one of the major drug trading sites [13], [22], and distribution channel of harmful content as well as unlawful goods. WannaCry malware, one of the most notorious ransomware, Perpetrators have also used cryptocurrencies to conduct illicit has actively used the Dark Web to operate C&C servers [50]. financial transactions while hiding their identities. The limited Cryptocurrency also presents a similar situation. Apart from coverage and outdated data of the Dark Web in previous studies a centralized server, cryptocurrencies (e.g., Bitcoin [58] and motivated us to conduct an in-depth investigative study to under- Ethereum [72]) enable people to conduct peer-to-peer trades stand how perpetrators abuse cryptocurrencies in the Dark Web. We designed and implemented MFScope, a new framework which without central authorities, and thus it is hard to identify collects Dark Web data, extracts cryptocurrency information, and trading peers. analyzes their usage characteristics on the Dark Web. Specifically, Similar to the case of the Dark Web, cryptocurrencies MFScope collected more than 27 million dark webpages and also provide benefits to our society in that they can redesign extracted around 10 million unique cryptocurrency addresses for Bitcoin, Ethereum, and Monero. It then classified their usages to financial trading mechanisms and thus motivate new business identify trades of illicit goods and traced cryptocurrency money models, but are also adopted in financial crimes (e.g., money flows, to reveal black money operations on the Dark Web.
  • Torward: DISCOVERY, BLOCKING, and TRACEBACK of MALICIOUS TRAFFIC OVER Tor 2517

    Torward: DISCOVERY, BLOCKING, and TRACEBACK of MALICIOUS TRAFFIC OVER Tor 2517

    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 10, NO. 12, DECEMBER 2015 2515 TorWard: Discovery, Blocking, and Traceback of Malicious Traffic Over Tor Zhen Ling, Junzhou Luo, Member, IEEE,KuiWu,Senior Member, IEEE, Wei Yu, and Xinwen Fu Abstract— Tor is a popular low-latency anonymous communi- I. INTRODUCTION cation system. It is, however, currently abused in various ways. OR IS a popular overlay network that provides Tor exit routers are frequently troubled by administrative and legal complaints. To gain an insight into such abuse, we designed Tanonymous communication over the Internet for and implemented a novel system, TorWard, for the discovery and TCP applications and helps fight against various Internet the systematic study of malicious traffic over Tor. The system censorship [1]. It serves hundreds of thousands of users and can avoid legal and administrative complaints, and allows the carries terabyte of traffic daily. Unfortunately, Tor has been investigation to be performed in a sensitive environment such abused in various ways. Copyrighted materials are shared as a university campus. An intrusion detection system (IDS) is used to discover and classify malicious traffic. We performed through Tor. The black markets (e.g., Silk Road [2], an comprehensive analysis and extensive real-world experiments to online market selling goods such as pornography, narcotics validate the feasibility and the effectiveness of TorWard. Our or weapons1) can be deployed through Tor hidden service. results show that around 10% Tor traffic can trigger IDS alerts. Attackers also run botnet Command and Control (C&C) Malicious traffic includes P2P traffic, malware traffic (e.g., botnet servers and send spam over Tor.
  • Tor: a Quick Overview

    Tor: a Quick Overview

    Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, Knight Foundation, ... 2 The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy 3 Estimated 600,000? daily Tor users 4 Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 5 Anonymity isn't encryption: Encryption just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 6 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 7 Anonymity serves different interests for different user groups. Anonymity “It's privacy!” Private citizens 8 Anonymity serves different interests for different user groups. Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 9 Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 10 Anonymity serves different interests for different user groups. Human rights “It's reachability!” “It's traffic-analysis activists resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 11 Regular citizens don't want to be watched and tracked.
  • Monitoring the Dark Web and Securing Onion Services

    Monitoring the Dark Web and Securing Onion Services

    City University of New York (CUNY) CUNY Academic Works Publications and Research Queensborough Community College 2017 Monitoring the Dark Web and Securing Onion Services John Schriner CUNY Queensborough Community College How does access to this work benefit ou?y Let us know! More information about this work at: https://academicworks.cuny.edu/qb_pubs/41 Discover additional works at: https://academicworks.cuny.edu This work is made publicly available by the City University of New York (CUNY). Contact: [email protected] Monitoring the Dark Web Schriner 1 John Schriner Monitoring the Dark Web Contrary to what one may expect to read with a title like Monitoring the Dark Web, this paper will focus less on how law enforcement works to monitor hidden web sites and services and focus more on how academics and researchers monitor this realm. The paper is divided into three parts: Part One discusses Tor research and how onion services work; Part Two discusses tools that researchers use to monitor the dark web; Part Three tackles the technological, ethical, and social interests at play in securing the dark web. Part One: Tor is Research-Driven Tor (an acronym for 'the onion router' now stylized simply 'Tor') is an anonymity network in which a user of the Tor Browser connects to a website via three hops: a guard node, a middle relay, and an exit node. The connection is encrypted with three layers, stripping a layer at each hop towards its destination server. No single node has the full picture of the connection along the circuit: the guard knows only your IP but not where the destination is; the middle node knows the guard and the exit node; the exit node knows only the middle node and the final destination.