DOCSLIB.ORG

Collecting Threat Intelligence from Tor Netwok

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Collecting Threat Intelligence from Tor Netwok Collecting Threat Intelligence From Tor Netwok A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science in Cyber Security by Tarun Trivedi 14/MS/027 Under the Supervision of Dr. B. M. Mehtre (Associate Professor) Center For Cyber Security Institute For Development And Research In Banking Technology, Hyderabad (Established by Reserve Bank Of India) COMPUTER SCIENCE AND ENGINEERING DEPARTMENT SARDAR PATEL UNIVERSITY OF POLICE, SECURITY AND CRIMINAL JUSTICE JODHPUR – 342304, INDIA May, 2016 UNDERTAKING I declare that the work presented in this thesis titled “Collect- ing Threat Intelligence From Tor Netwok”, submitted to the Computer Science and Engineering Department, Sardar Patel Uni- versity of Police, Security and Criminal Justice, Jodhpur, for the award of the Master of Science degree in Cyber Security, is my original work. I have not plagiarized or submitted the same work for the award of any other degree. In case this undertaking is found in- correct, I accept that my degree may be unconditionally withdrawn. May, 2016 Jodhpur (Tarun Trivedi) ii CERTIFICATE Certified that the work contained in the thesis titled “Collecting Threat Intelligence From Tor Netwok”, by Tarun Trivedi, Registra- tion Number 14/MS/027 has been carried out under my supervision and that this work has not been submitted elsewhere for a degree. (Dr. B. M. Mehtre) (Associate Professor) Center For Cyber Security, Institute For Development And Research In Banking Technology, Hyderabad (Established by Reserve Bank Of India) May, 2016 iii Acknowledgment I would like to take this opportunity to express my deep sense of gratitude to all who helped me directly or indirectly during this thesis work. First, I would like to thank my supervisor, Associate Professor Dr. B.M. Mehtre, for being a great mentor and the best adviser I could ever have. His advise, encouragement and critics are source of innovative ideas, inspiration and causes behind the successful completion of this dissertation. The confidence shown on me by him was the biggest source of inspiration for me. It has been a privilege working with him from last five months. He gave me many opportunities to explore inner me. I wish to express my sincere gratitude to Dr. Bhupendra Singh , Vice Chancellor and Sh. M.L. Kumawat (Former), Vice Chancellor, for providing me all the facilities required for the completion of this thesis work. I would like to express my sincere appreciation and gratitude towards faculty mem- bers at S.P.U.P., Jodhpur, especially Mr. Arjun Choudhary & Mr.Vikas Sihag, for their encouragement, consistent support and invaluable suggestions. I thanks to Mr. Vinod Parihar, who helped me, guided me at the time I needed the most. Whenever I get ner- vous, I used to talk with my colleagues. They always tried to encourage me, without all mentioned above, this work could not have achieved its goal. iv Finally, I am grateful to my father Mr.Mangilal Trivedi , my mother Mrs. Usha Trivedi for their support. It was impossible for me to complete this thesis work without their love, blessing and encouragement. Tarun Trivedi v Biographical Sketch Tarun Trivedi 8B Badi Brhmpuri PIN-306401 E-Mail: [email protected], Contact. No. +91- 7737939573 Father’s Name : Mr. Mangilal Trivedi Mother’s Name : Mrs. Usha Trivedi Education • Pursuing Master of Science in Cyber Security, Computer Science & Engineering branch from S.P.U.P., Jodhpur,2016 • B.Tech. in Computer Science and Engineering from Rajasthan Technical Univer- sity,Kota with 64% in 2010. • Intermediate from MBM School,Pali with 62% in 2006. • High School from Bangur School,Pali with 53% in 2003. vi Dedicated to My Loving Family for their kind love & support. To my friends for showing confidence in me. vii }Genius is one percent inspiration, ninety-nine percent perspiration.~ -Thomas Edison viii Synopsis Threat intelligence is evidence-based data and information for detecting and preventing attacks. It includes context, keywords, and indicator’s, etc. about the attack and advance information to predict what will happen in the real world. Many sources like- chats, com- ments, blogs, etc. are helpful to the intelligence agency in decision making. Intelligence agencies monitor the dark world for how the attackers plan and engineer attacks. The main aim of threat intelligence is to find out different types of attacks such as hacking, anonymity, hidden services, etc. in the dark world. The onion sites in the dark world provide resources devoted to hacking, security, anonymity, fake IDs, weapons, services, drugs, pornography, and other malicious services. Well-known browsers such as Google chrome, Internet explorer, Mozilla Firefox, etc. can not access the onion sites, whereas Tor browser is capable of accessing onion sites. Government and intelligence agencies monitor the hidden services in the dark world. Essentially, they look for the hidden networks and their connection to the dark world. To use Tor browser there is need to create an account on the onion site and then start monitoring the comments, blogs, Question and Answer etc. We proposed a scheme for collecting threat intelligence from Tor network. First, we monitored the activities of more than 200 onion sites in the dark world which are used for hacking, attacking, and tracing. Secondly, we extracted the information about attacks from the onion sites. This is based on the discussion on various attacks that would be happening in the group. The discussion ix of a particular attack acts as an indicator that on some malicious users are interested in the particular attack. Based on this information, we would be finding out vulnerable sites (for this attack) and will inform that the site could be under attack. Threat intelligence is not just restricted in predicting the attacks, but also to discover the attack that have already happened. Our focus is on both the above stated goals. We have developed a TNT Tool(Threat intelligence tool) for extracting the keywords from the onion sites using Tor proxy. Our tool collects all the keywords related to attacks such as hacking, tracing, tracking, bandwidth, etc. from the onion sites. After collecting keywords our Tool identifies URL’s of onion sites whenever the keywords are found. Once URL’s extracted, we have sent an email to the owner of the onion site as a client. The onion site owner replied the mail and then we got Email header. Finally we have located the geographical location of the site and IP as well from the Email header.Thus, we can locate enhance in the Darkworld. x Contents Acknowledgment v Biographical Sketch vii Synopsis x 1 Introduction 1 1.1 The Threat intelligence . 1 1.2 The Onion Routing(Tor) . 2 1.3 The onion sites . 3 1.4 Problem statement . 3 1.5 Organization of thesis . 3 2 Literature survey 5 2.1 Tor...................................... 5 2.1.1 Anonimity of Tor . 5 2.1.2 Working of TOR . 6 2.2 Deep web onion services . 9 2.2.1 What is Deep web onion sites? . 9 2.2.2 The Dark Web versus the Deep Web . 10 xi 2.2.3 Number of onion sites in the dark world . 10 2.2.4 How deep web onion sites work? . 12 2.2.5 Why the onion site owner take payment in Bitcoin ? . 12 3 Methodology 13 3.1 Working of the Tool . 14 3.1.1 Application is running through Tor proxy . 15 3.1.2 Searching keyword on an onion site . 16 3.1.3 If URL link is present . 16 3.1.4 Apply text mining tool . 16 3.1.5 Collecting keyword related to the threat intelligence . 16 3.1.6 When a keyword is found, pick up a complete sentence . 16 3.1.7 Show URL address of the onion site . 17 3.2 List of onion sites use for Hacking . 17 4 Results and Discussions 36 4.1 How we can trace the owner of an onion site ? . 36 5 Conclusions and future work 43 References 46 xii List of Figures 1 Selection of nodes in a Tor network. 2 2 Anonimity layer in an OSI Model. 6 3 Tor client request to Directory server to establish connection. 7 4 Tor client connected to server through Tor node. 7 5 Tor client chooses different random path for establishing connection for next time. 8 6 Working of Diffie-Hillman key exchange algorithm. 9 7 List of items selling in the dark world. 10 8 Details of item in the Dark world . 11 9 Protocols found in the Deep Web apart from HTTP/HTTPS. 11 10 Flowchart of working of the Tool. 15 11 Reply mail by [email protected](owner of the onion site). 37 12 Trace E-mail header of a [email protected][23](owner of the onion site). 37 13 Reply mail by [email protected](owner of the onion site). 38 14 Trace E-mail header of a [email protected][23](owner of the onion site). 38 xiv 15 Reply mail by [email protected](owner of the onion site). 39 16 Trace E-mail Header of a [email protected][23](owner of the onion site). 39 17 Reply mail by [email protected][23](owner of the onion site). 40 18 Trace E-mail Header of a [email protected][23](owner of the onion site). 40 19 Reply mail by [email protected](owner of the onion site). 41 20 Trace E-mail of a [email protected][23](owner of the onion site). 41 xv Chapter 1 Introduction 1.1 The Threat intelligence The main aim of Threat intelligence is detecting and preventing attacks in the dark world.
Load more

Recommended publications
  • High-Profile Cyberattack Investigations: London's Met Police
    High-Profile Cyberattack Investigations: London’s Met Police Share Takeaways Raymond Black | Metropolitan Police About the Speaker • 1990 to 1996 - Uniformed officer working in various locations across South London • 1996 to 2000 - Detective working in various locations across South London • 2000 to 2006 - Territorial Support Group (Riot police) – (2002 to 2003 - Worked in private sector management in Durban South Africa for transport and construction company) • 2006 to 2014 - Operation Trident (proactive firearms and gangs unit) – (2012 to 2013 - Employed by European Union investigating government corruption in Guatemala) • 2014 to Present – Cyber crime investigator Specialist Cyber Crime Unit • Other deployments working in various roles in Jamaica, The Netherlands, Poland and the United States 2 #ISMGSummits ROCU Map 1. North East (NERSOU) 2. Yorkshire & Humber (ODYSSEY) 3. North West (TITAN) 4. Southern Wales (TARIAN) 5. West Midlands 6. East Midlands (EMSOU) 7. Eastern (ERSOU) 8. South West (ZEPHYR) 9. London 10. South East (SEROCU) NATIONAL COORDINATION 3 #ISMGSummits Remit of MPCCU To deal with the most serious offences of: • Cyber-crime facilitated by the use and control of malicious software (malware). • Cyber-crime facilitated by the use of online phishing techniques. • Computer and network intrusions (dependant upon motives and objectives). • Denial of service attacks and website defacement (dependant upon motives and objectives). • The online trade in financial, personal and other data obtained through cyber-crime. • The intentional and dishonest online provision of services, tools etc. to facilitate cyber-crime. 4 #ISMGSummits Threshold of MPCCU • Where life is put at risk • Targeting or impacting on public safety, emergency services or other public systems and services.
    [Show full text]
  • Pairing-Based Onion Routing with Improved Forward Secrecy ∗
    Pairing-Based Onion Routing with Improved Forward Secrecy ∗ Aniket Kate Greg M. Zaverucha Ian Goldberg David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, Canada N2L 3G1 {akate,gzaveruc,iang}@cs.uwaterloo.ca Abstract This paper presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to forge new onion routing circuit constructions. These constructions, based on a user’s selection, offer immediate or eventual forward secrecy at each node in a circuit and require significantly less computation and communication than the telescoping mechanism used by Tor. Further, the use of the identity-based infrastructure also leads to a reduction in the required amount of authenticated directory information. Therefore, our constructions provide practical ways to allow onion routing anonymity networks to scale gracefully. Keywords: onion routing, Tor, pairing-based cryptography, anonymous key agreement, forward secrecy 1 Introduction Over the years, a large number of anonymity networks have been proposed and some have been implemented. Common to many of them is onion routing [RSG98], a technique whereby a message is wrapped in multiple layers of encryption, forming an onion. As the message is delivered via a number of intermediate onion routers (ORs), or nodes, each node decrypts one of the layers, and forwards the message to the next node. This idea goes back to Chaum [Cha81] and has been used to build both low- and high-latency communication networks. A common realization of an onion routing system is to arrange a collection of nodes that will relay traffic for users of the system.
    [Show full text]
  • An Evolving Threat the Deep Web
    8 An Evolving Threat The Deep Web Learning Objectives distribute 1. Explain the differences between the deep web and darknets.or 2. Understand how the darknets are accessed. 3. Discuss the hidden wiki and how it is useful to criminals. 4. Understand the anonymity offered by the deep web. 5. Discuss the legal issues associated withpost, use of the deep web and the darknets. The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online ‘dark’ marketplaces. Operation Onymous, coordinated by Europol’s Europeancopy, Cybercrime Centre (EC3), the FBI, the U.S. Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI) and Eurojust, resulted in 17 arrests of vendors andnot administrators running these online marketplaces and more than 410 hidden services being taken down. In addition, bitcoins worth approximately USD 1 million, EUR 180,000 Do in cash, drugs, gold and silver were seized. —Europol, 20141 143 Copyright ©2018 by SAGE Publications, Inc. This work may not be reproduced or distributed in any form or by any means without express written permission of the publisher. 144 Cyberspace, Cybersecurity, and Cybercrime THINK ABOUT IT 8.1 Surface Web and Deep Web Google, Facebook, and any website you can What Would You Do? find via traditional search engines (Internet Explorer, Chrome, Firefox, etc.) are all located 1. The deep web offers users an anonym- on the surface web. It is likely that when you ity that the surface web cannot provide. use the Internet for research and/or social What would you do if you knew that purposes you are using the surface web.
    [Show full text]
  • Into the Reverie: Exploration of the Dream Market
    Into the Reverie: Exploration of the Dream Market Theo Carr1, Jun Zhuang2, Dwight Sablan3, Emma LaRue4, Yubao Wu5, Mohammad Al Hasan2, and George Mohler2 1Department of Mathematics, Northeastern University, Boston, MA 2Department of Computer & Information Science, Indiana University - Purdue University, Indianapolis, IN 3Department of Mathematics and Computer Science, University of Guam, Guam 4Department of Mathematics and Statistics, University of Arkansas at Little Rock, AK 5Department of Computer Science, Georgia State University, Atlanta, GA [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Since the emergence of the Silk Road market in Onymous" in 2014, a worldwide action taken by law enforce- the early 2010s, dark web ‘cryptomarkets’ have proliferated and ment and judicial agencies aimed to put a kibosh on these offered people an online platform to buy and sell illicit drugs, illicit behaviors [5]. Law enforcement interventions such as relying on cryptocurrencies such as Bitcoin for anonymous trans- actions. However, recent studies have highlighted the potential for Onymous, along with exit scams and hacks, have successfully de-anonymization of bitcoin transactions, bringing into question shut down numerous cryptomarkets, including AlphaBay, Silk the level of anonymity afforded by cryptomarkets. We examine a Road, Dream, and more recently, Wall Street [6]. Despite these set of over 100,000 product reviews from several cryptomarkets interruptions, new markets have continued to proliferate. The collected in 2018 and 2019 and conduct a comprehensive analysis authors of [7] note that there appears to be a consistent daily of the markets, including an examination of the distribution of drug sales and revenue among vendors, and a comparison demand of about $500,000 for illicit products on the dark web, of incidences of opioid sales to overdose deaths in a US city.
    [Show full text]
  • HOW to RUN a ROGUE GOVERNMENT TWITTER ACCOUNT with an ANONYMOUS EMAIL ADDRESS and a BURNER PHONE Micah Lee February 20 2017, 9:53 A.M
    HOW TO RUN A ROGUE GOVERNMENT TWITTER ACCOUNT WITH AN ANONYMOUS EMAIL ADDRESS AND A BURNER PHONE Micah Lee February 20 2017, 9:53 a.m. Illustration: Doug Chayka for The Intercept LEIA EM PORTUGUÊS ⟶ One of the first things Donald Trump did when he took office was tem- porarily gag several federal agencies, forbidding them from tweeting. In response, self-described government workers created a wave of rogue Twitter accounts that share real facts (not to be confused with “alterna- tive facts,” otherwise known as “lies”) about climate change and sci- ence. As a rule, the people running these accounts chose to remain anonymous, fearing retaliation — but, depending on how they created and use their accounts, they are not necessarily anonymous to Twitter itself, or to anyone Twitter shares data with. Anonymous speech is firmly protected by the First Amendment and the Supreme Court, and its history in the U.S. dates to the Federalist Papers, written in 1787 and 1788 under the pseudonym Publius by three of the founding fathers. But the technical ability for people to remain anonymous on today’s in- ternet, where every scrap of data is meticulously tracked, is an entirely different issue. The FBI, a domestic intelligence agency that claims the power to spy on anyone based on suspicions that don’t come close to probable cause, has a long, dark history of violating the rights of Ameri- cans. And now it reports directly to President Trump, who is a petty, re- venge-obsessed authoritarian with utter disrespect for the courts and the rule of law.
    [Show full text]
  • MEMO. Nº. 52/2017 – SCOM
    00100.096648/2017-00 MEMO. nº. 52/2017 – SCOM Brasília, 21 de junho de 2017 A Sua Excelência a Senhora SENADORA REGINA SOUSA Assunto: Ideia Legislativa nº. 76.334 Senhora Presidente, Nos termos do parágrafo único do art. 6º da Resolução do Senado Federal nº. 19 de 2015, encaminho a Vossa Excelência a Ideia Legislativa nº. 76.334, sob o título de “Criminalização Da Apologia Ao Comunismo”, que alcançou, no período de 09/06/2017 a 20/06/2017, apoiamento superior a 20.000 manifestações individuais, conforme a ficha informativa em anexo. Respeitosamente, Dirceu Vieira Machado Filho Diretor da Secretaria de Comissões Senado Federal – Praça dos Três Poderes – CEP 70.165-900 – Brasília DF ARQUIVO ASSINADO DIGITALMENTE. CÓDIGO DE VERIFICAÇÃO: CE7C06D2001B6231. CONSULTE EM http://www.senado.gov.br/sigadweb/v.aspx. 00100.096648/2017-00 ANEXO AO MEMORANDO Nº. 52/2017 – SCOM - FICHA INFORMATIVA E RELAÇÃO DE APOIADORES - Senado Federal – Praça dos Três Poderes – CEP 70.165-900 – Brasília DF ARQUIVO ASSINADO DIGITALMENTE. CÓDIGO DE VERIFICAÇÃO: CE7C06D2001B6231. CONSULTE EM http://www.senado.gov.br/sigadweb/v.aspx. 00100.096648/2017-00 Ideia Legislativa nº. 76.334 TÍTULO Criminalização Da Apologia Ao Comunismo DESCRIÇÃO Assim como a Lei já prevê o "Crime de Divulgação do Nazismo", a apologia ao COMUNISMO e seus símbolos tem que ser proibidos no Brasil, como já acontece cada vez mais em diversos países, pois essa ideologia genocida causou males muito piores à Humanidade, massacrando mais de 100 milhões de inocentes! (sic) MAIS DETALHES O art. 20 da Lei 7.716/89 estabeleceu o "Crime de Divulgação do Nazismo": "§1º - Fabricar, comercializar, distribuir ou veicular, símbolos, emblemas, ornamentos, distintivos ou propaganda que utilizem a cruz suástica ou gamada, para fins de divulgação do nazismo.
    [Show full text]
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • TAZ, Ontological Anarchy, Poetic Terrorism.Pdf
    T. A. Z. The Temporary Autonomous Zone, Ontological Anarchy, Poetic Terrorism By Hakim Bey Autonomedia Anti-copyright, 1985, 1991. May be freely pirated & quoted-- the author & publisher, however, would like to be informed at: Autonomedia P. O. Box 568 Williamsburgh Station Brooklyn, NY 11211-0568 Book design & typesetting: Dave Mandl HTML version: Mike Morrison Printed in the United States of America Part 1 T. A. Z. The Temporary Autonomous Zone, Ontological Anarchy, Poetic Terrorism By Hakim Bey ACKNOWLEDGMENTS CHAOS: THE BROADSHEETS OF ONTOLOGICAL ANARCHISM was first published in 1985 by Grim Reaper Press of Weehawken, New Jersey; a later re-issue was published in Providence, Rhode Island, and this edition was pirated in Boulder, Colorado. Another edition was released by Verlag Golem of Providence in 1990, and pirated in Santa Cruz, California, by We Press. "The Temporary Autonomous Zone" was performed at the Jack Kerouac School of Disembodied Poetics in Boulder, and on WBAI-FM in New York City, in 1990. Thanx to the following publications, current and defunct, in which some of these pieces appeared (no doubt I've lost or forgotten many--sorry!): KAOS (London); Ganymede (London); Pan (Amsterdam); Popular Reality; Exquisite Corpse (also Stiffest of the Corpse, City Lights); Anarchy (Columbia, MO); Factsheet Five; Dharma Combat; OVO; City Lights Review; Rants and Incendiary Tracts (Amok); Apocalypse Culture (Amok); Mondo 2000; The Sporadical; Black Eye; Moorish Science Monitor; FEH!; Fag Rag; The Storm!; Panic (Chicago); Bolo Log (Zurich); Anathema; Seditious Delicious; Minor Problems (London); AQUA; Prakilpana. Also, thanx to the following individuals: Jim Fleming; James Koehnline; Sue Ann Harkey; Sharon Gannon; Dave Mandl; Bob Black; Robert Anton Wilson; William Burroughs; "P.M."; Joel Birroco; Adam Parfrey; Brett Rutherford; Jake Rabinowitz; Allen Ginsberg; Anne Waldman; Frank Torey; Andr Codrescu; Dave Crowbar; Ivan Stang; Nathaniel Tarn; Chris Funkhauser; Steve Englander; Alex Trotter.
    [Show full text]
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations
    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
    [Show full text]
  • “Guía Metodológica De Uso Seguro De Internet Para Personas Y Empresas Utilizando La Red Tor”
    PONTIFICIA UNIVERSIDAD CATÓLICA DEL ECUADOR FACULTAD DE INGENIERÍA ESCUELA DE SISTEMAS DISERTACIÓN DE GRADO PREVIA A LA OBTENCIÓN DEL TÍTULO DE INGENIERO EN SISTEMAS Y COMPUTACIÓN “GUÍA METODOLÓGICA DE USO SEGURO DE INTERNET PARA PERSONAS Y EMPRESAS UTILIZANDO LA RED TOR” NOMBRES: Javier Andrés Vicente Alarcón Verónica Cristina Guillén Guillén DIRECTOR: Msc. Luis Alberto Pazmiño Proaño QUITO, 2015 “GUÍA METODOLÓGICA DE USO SEGURO DE INTERNET PARA PERSONAS Y EMPRESAS UTILIZANDO LA RED TOR” TABLA DE CONTENIDO RESUMEN .......................................................................................................................... 3 INTRODUCCIÓN ................................................................................................................ 6 0. ANTECEDENTES ......................................................................................................... 8 0.1. Internet .............................................................................................................. 8 0.1.1. Definición .................................................................................................... 8 0.1.2. Historia........................................................................................................ 9 0.1.3. Evolución .................................................................................................. 12 0.2. Ciberataque ...................................................................................................... 13 0.2.1. Definición .................................................................................................
    [Show full text]
  • Tor: the Second-Generation Onion Router (2014 DRAFT V1)
    Tor: The Second-Generation Onion Router (2014 DRAFT v1) Roger Dingledine Nick Mathewson Steven Murdoch The Free Haven Project The Free Haven Project Computer Laboratory [email protected] [email protected] University of Cambridge [email protected] Paul Syverson Naval Research Lab [email protected] Abstract Perfect forward secrecy: In the original Onion Routing We present Tor, a circuit-based low-latency anonymous com- design, a single hostile node could record traffic and later munication service. This Onion Routing system addresses compromise successive nodes in the circuit and force them limitations in the earlier design by adding perfect forward se- to decrypt it. Rather than using a single multiply encrypted crecy, congestion control, directory servers, integrity check- data structure (an onion) to lay each circuit, Tor now uses an ing, configurable exit policies, anticensorship features, guard incremental or telescoping path-building design, where the nodes, application- and user-selectable stream isolation, and a initiator negotiates session keys with each successive hop in practical design for location-hidden services via rendezvous the circuit. Once these keys are deleted, subsequently com- points. Tor is deployed on the real-world Internet, requires promised nodes cannot decrypt old traffic. As a side benefit, no special privileges or kernel modifications, requires little onion replay detection is no longer necessary, and the process synchronization or coordination between nodes, and provides of building circuits is more reliable, since the initiator knows a reasonable tradeoff between anonymity, usability, and ef- when a hop fails and can then try extending to a new node.
    [Show full text]
  • Digital Security for Activists
    Training the Motivated: Digital Security for Activists Glencora Borradaile Kelsy Kretschmer Abstract School of Electrical Engineering School of Public Policy The state of global surveillance and the political and Computer Science Sociology Program environment has many activists caring more about their Oregon State University Oregon State University online security culture. We report on the initiation of a Corvallis, OR 97331, USA Corvallis, OR 97331, USA Digital Security for Activists program and a pilot study of an [email protected] [email protected] introductory seminar. Pre- and post-surveys of the seminar will form an initial assessment of what kind of intervention might increase the security practices of activists and to inform the design of program offerings. We report on the pre-surveys from three offerings of the seminar. Introduction In collaboration with the Civil Liberties Defense Center (CLDC), the first author had been offering informal digital security trainings for activists and their lawyers. After the fall elections in the U.S., requests for these trainings increased dramatically and shortly thereafter we launched a Digital Security for Activists (DSA) program. The DSA program’s intent is to align with the CLDC mission (“to defend and uphold civil liberties through education, outreach, litigation, legal support, and assistance”) and enable citizen activists to assert their constitutional rights while organizing online. Copyright is held by the author/owner. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. Poster In order to provide trainings that are useful and effective, we presented at the 13th Symposium on Usable Privacy and Security (SOUPS 2017).
    [Show full text]