|
@@ -60,26 +60,43 @@ Deployed: 20 nodes, hundreds (?) of users
|
|
|
|
|
|
Many improvements on earlier design
|
|
|
|
|
|
-Free software -- available source code
|
|
|
+Free software -- modified BSD license
|
|
|
|
|
|
Design is not covered by earlier onion routing
|
|
|
patent
|
|
|
|
|
|
+Uses SOCKS to interface with client apps
|
|
|
+
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
|
-Talk Overview
|
|
|
-
|
|
|
-A bit about Onion Routing
|
|
|
+We have working code
|
|
|
|
|
|
-Improvements we've made
|
|
|
+(14 kloc of C)
|
|
|
|
|
|
-Some related work
|
|
|
+and a design document,
|
|
|
+and a byte-level specification,
|
|
|
+and a Debian package (in Unstable)
|
|
|
|
|
|
-Some lessons learned
|
|
|
+Works on Linux, BSD, OSX, Cygwin, ...
|
|
|
+User-space, doesn't need kernel mods or root
|
|
|
|
|
|
-Ask me questions
|
|
|
+%size 9
|
|
|
+http://freehaven.net/tor/
|
|
|
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%%page
|
|
|
+%%
|
|
|
+%%Talk Overview
|
|
|
+%%
|
|
|
+%%A bit about Onion Routing
|
|
|
+%%
|
|
|
+%%Improvements we've made
|
|
|
+%%
|
|
|
+%%Some related work
|
|
|
+%%
|
|
|
+%%Ask me questions
|
|
|
+%%
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
@@ -95,7 +112,8 @@ Government applications
|
|
|
research, law enforcement
|
|
|
%size 6
|
|
|
Business applications
|
|
|
- hide relationships and volumes of communication
|
|
|
+%size 5
|
|
|
+(hide relationships and volumes of communication)
|
|
|
Who is visiting job sites?
|
|
|
Which groups are talking to patent lawyers?
|
|
|
Who are your suppliers and customers?
|
|
@@ -106,6 +124,19 @@ Business applications
|
|
|
|
|
|
Anonymity is a network effect
|
|
|
|
|
|
+ Systems need traffic (many low-sensitivity users) to attract the high-sensitivity users
|
|
|
+ Most users do not value anonymity much
|
|
|
+ Weak security (fast system) can mean more users
|
|
|
+ which can mean
|
|
|
+%cont, font "italic"
|
|
|
+stronger
|
|
|
+%cont, font "standard"
|
|
|
+anonymity
|
|
|
+ High-sensitivity agents have incentive to run nodes
|
|
|
+ so they can be certain first node in their path is good
|
|
|
+ to attract traffic for their messages
|
|
|
+ There can be an optimal level of free-riding
|
|
|
+
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
@@ -122,10 +153,12 @@ Fixed-size cells
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
|
-Tor's goal
|
|
|
+Tor's goals
|
|
|
|
|
|
-Conservative design (minimize new design work needed)
|
|
|
+Conservative design
|
|
|
+ minimize new design work needed
|
|
|
|
|
|
+%size 6
|
|
|
Support testing of future research
|
|
|
|
|
|
Design for deployment; deploy for use
|
|
@@ -133,13 +166,13 @@ Design for deployment; deploy for use
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
|
-Threat model
|
|
|
-
|
|
|
-Protect against curious Bob
|
|
|
+Threat model -- what we aim for
|
|
|
|
|
|
Protect against somebody watching Alice
|
|
|
|
|
|
-Protect against a few curious nodes in the middle
|
|
|
+Protect against curious Bob
|
|
|
+
|
|
|
+Protect against `some' curious nodes in the middle
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
@@ -149,11 +182,13 @@ Differences / limitations
|
|
|
|
|
|
We're TCP-only, not all IP (but we're user-space and very portable)
|
|
|
|
|
|
+Not as strong as high-latency systems (Mixmaster, Mixminion)
|
|
|
+
|
|
|
Not peer-to-peer
|
|
|
|
|
|
No protocol normalization
|
|
|
|
|
|
-%%Not unobservable
|
|
|
+Not unobservable (no steg, etc)
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
@@ -164,12 +199,8 @@ Perfect forward secrecy
|
|
|
Telescoping circuit
|
|
|
|
|
|
negotiates keys at each hop
|
|
|
+ no more need for replay detection
|
|
|
|
|
|
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
-%%page
|
|
|
-%%
|
|
|
-%%Separation from "protocol cleaning"
|
|
|
-%%
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
@@ -183,6 +214,33 @@ Please show us they're worth the usability tradeoff
|
|
|
%%
|
|
|
%%Many TCP streams can share one circuit
|
|
|
%%
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Many TCP streams share a circuit
|
|
|
+
|
|
|
+Previous designs built a new circuit for each stream
|
|
|
+
|
|
|
+ lots of public key ops per request
|
|
|
+ plus anonymity dangers from making so many circuits
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Leaky-pipe circuit topology
|
|
|
+
|
|
|
+Alice can direct cells to any node in her circuit
|
|
|
+
|
|
|
+ So we can support long-range padding,
|
|
|
+ have multiple streams exiting at different places in the circuit
|
|
|
+ etc
|
|
|
+
|
|
|
+%size 6
|
|
|
+Unclear whether this is dangerous or useful
|
|
|
+
|
|
|
+More research needed
|
|
|
+
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
@@ -193,11 +251,14 @@ Simple rate limiting
|
|
|
|
|
|
Plus have to keep internal nodes from overflowing
|
|
|
|
|
|
+(Can't use global state or inter-node control)
|
|
|
+
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
|
Directory servers
|
|
|
|
|
|
+To solve the `introduction' problem
|
|
|
|
|
|
Approve new servers
|
|
|
|
|
@@ -233,17 +294,32 @@ Even an external adversary could do this!
|
|
|
|
|
|
Rendezvous points
|
|
|
|
|
|
-
|
|
|
allow hidden services
|
|
|
|
|
|
+don't need (brittle) reply onions
|
|
|
+
|
|
|
+ Access-controlled: Bob can control who he talks to
|
|
|
+ Robust: Bob's service is available even when some Tor nodes go down
|
|
|
+ Smear-resistant: Evil service can't frame a rendezvous router
|
|
|
+ Application-transparent: Don't need to modify Bob's apache
|
|
|
+
|
|
|
+%size 6
|
|
|
+(Not implemented yet)
|
|
|
+
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
|
|
|
|
-Related work
|
|
|
+How do we compare security?
|
|
|
|
|
|
-c/n vs c^2/n^2 vs 2
|
|
|
+Assume adversary owns c of n nodes
|
|
|
+ can choose which
|
|
|
+%size 6
|
|
|
+What's the chance for a random Alice and Bob that he wins?
|
|
|
|
|
|
-freedom, peekabooty, jap
|
|
|
+Freedom, Tor: (c/n)^2
|
|
|
+Peekabooty, six-four, etc: c/n
|
|
|
+Jap (if no padding): 1 if c>1
|
|
|
+Anonymizer: 1 if c>0
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
%page
|
|
@@ -252,11 +328,12 @@ Future work
|
|
|
|
|
|
Threshold directory agreement
|
|
|
|
|
|
-Restricted-route (non-clique) topology
|
|
|
+Scalability: Morphmix/p2p extensions?
|
|
|
+Restricted-route (non-clique topology)
|
|
|
|
|
|
-Morphmix/p2p extensions?
|
|
|
+Non-TCP transport
|
|
|
|
|
|
-Location-hidden servers via rendezvous points
|
|
|
+Implement rendezvous points
|
|
|
|
|
|
Make it work better
|
|
|
|
|
@@ -265,9 +342,9 @@ Make it work better
|
|
|
|
|
|
We have working code
|
|
|
|
|
|
-
|
|
|
Plus a design document,
|
|
|
and a byte-level specification
|
|
|
+and a Debian package (in Unstable)
|
|
|
|
|
|
%size 9
|
|
|
http://freehaven.net/tor/
|