|
|
@@ -0,0 +1,280 @@
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%%deffont "standard" xfont "comic sans ms-medium-r"
|
|
|
+%%deffont "thick" xfont "arial black-medium-r"
|
|
|
+%%deffont "typewriter" xfont "courier new-bold-r"
|
|
|
+%%deffont "type2writer" xfont "arial narrow-bold-r"
|
|
|
+%%deffont "standard" tfont "standard.ttf", tmfont "kochi-mincho.ttf"
|
|
|
+%%deffont "thick" tfont "thick.ttf", tmfont "goth.ttf"
|
|
|
+%%deffont "typewriter" tfont "typewriter.ttf", tmfont "goth.ttf"
|
|
|
+%deffont "standard" xfont "helvetica-medium-r", tfont "arial.ttf", tmfont "times.ttf"
|
|
|
+%deffont "thick" xfont "helvetica-bold-r", tfont "arialbd.ttf", tmfont "hoso6.ttf"
|
|
|
+%deffont "italic" xfont "helvetica-italic-r", tfont "ariali.ttf", tmfont "hoso6.ttf"
|
|
|
+%deffont "typewriter" xfont "courier-medium-r", tfont "typewriter.ttf", tmfont "hoso6.ttf"
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%%
|
|
|
+%% Default settings per each line numbers.
|
|
|
+%%
|
|
|
+%default 1 leftfill, size 8, fore "black", back "white", font "thick", hgap 1
|
|
|
+%default 2 size 8, vgap 10, prefix " ", ccolor "black"
|
|
|
+%default 3 size 6, bar "gray70", vgap 0
|
|
|
+%default 4 size 6, fore "black", vgap 0, prefix " ", font "standard"
|
|
|
+%%
|
|
|
+%%default 1 area 90 90, leftfill, size 9, fore "yellow", back "blue", font "thick"
|
|
|
+%%default 2 size 9, vgap 10, prefix " "
|
|
|
+%%default 3 size 7, bar "gray70", vgap 10
|
|
|
+%%default 4 size 7, vgap 30, prefix " ", font "standard"
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%%
|
|
|
+%% Default settings that are applied to TAB-indented lines.
|
|
|
+%%
|
|
|
+%tab 1 size 5, vgap 40, prefix " ", icon arc "red" 50
|
|
|
+%tab 2 size 4, vgap 35, prefix " ", icon delta3 "blue" 40
|
|
|
+%tab 3 size 3, vgap 35, prefix " ", icon dia "DarkViolet" 40
|
|
|
+%%
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+%nodefault
|
|
|
+%center, size 9, font "thick", back "white", fore "black"
|
|
|
+
|
|
|
+Tor:
|
|
|
+%size 8
|
|
|
+Next-generation Onion Routing
|
|
|
+
|
|
|
+
|
|
|
+%size 7
|
|
|
+Roger Dingledine
|
|
|
+Nick Mathewson
|
|
|
+Paul Syverson
|
|
|
+
|
|
|
+The Free Haven Project
|
|
|
+%font "typewriter", fore "blue"
|
|
|
+http://freehaven.net/
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Low-latency anonymity system
|
|
|
+
|
|
|
+%leftfill
|
|
|
+Deployed: 20 nodes, hundreds (?) of users
|
|
|
+
|
|
|
+Many improvements on earlier design
|
|
|
+
|
|
|
+Free software -- available source code
|
|
|
+
|
|
|
+Design is not covered by earlier onion routing
|
|
|
+patent
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Talk Overview
|
|
|
+
|
|
|
+A bit about Onion Routing
|
|
|
+
|
|
|
+Improvements we've made
|
|
|
+
|
|
|
+Some related work
|
|
|
+
|
|
|
+Some lessons learned
|
|
|
+
|
|
|
+Ask me questions
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Anonymity: Who needs it?
|
|
|
+
|
|
|
+Private citizens
|
|
|
+ advocacy, counseling, whistleblowing, reporting, ...
|
|
|
+%size 6
|
|
|
+Higher-level protocols
|
|
|
+ voting, e-cash, auctions
|
|
|
+%size 6
|
|
|
+Government applications
|
|
|
+ research, law enforcement
|
|
|
+%size 6
|
|
|
+Business applications
|
|
|
+ hide relationships and volumes of communication
|
|
|
+ Who is visiting job sites?
|
|
|
+ Which groups are talking to patent lawyers?
|
|
|
+ Who are your suppliers and customers?
|
|
|
+ Is the CEO talking to a buyout partner?
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Anonymity is a network effect
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Onion Routing is...
|
|
|
+
|
|
|
+An overlay network
|
|
|
+
|
|
|
+Users build virtual circuits through the network
|
|
|
+
|
|
|
+One layer of encryption at each hop
|
|
|
+
|
|
|
+Fixed-size cells
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Tor's goal
|
|
|
+
|
|
|
+Conservative design (minimize new design work needed)
|
|
|
+
|
|
|
+Support testing of future research
|
|
|
+
|
|
|
+Design for deployment; deploy for use
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Threat model
|
|
|
+
|
|
|
+Protect against curious Bob
|
|
|
+
|
|
|
+Protect against somebody watching Alice
|
|
|
+
|
|
|
+Protect against a few curious nodes in the middle
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Differences / limitations
|
|
|
+
|
|
|
+
|
|
|
+We're TCP-only, not all IP (but we're user-space and very portable)
|
|
|
+
|
|
|
+Not peer-to-peer
|
|
|
+
|
|
|
+No protocol normalization
|
|
|
+
|
|
|
+%%Not unobservable
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Perfect forward secrecy
|
|
|
+
|
|
|
+
|
|
|
+Telescoping circuit
|
|
|
+
|
|
|
+ negotiates keys at each hop
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%%page
|
|
|
+%%
|
|
|
+%%Separation from "protocol cleaning"
|
|
|
+%%
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+No mixing, padding, traffic shaping (yet)
|
|
|
+
|
|
|
+
|
|
|
+Please show us they're worth the usability tradeoff
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%%page
|
|
|
+%%
|
|
|
+%%Many TCP streams can share one circuit
|
|
|
+%%
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Congestion control
|
|
|
+
|
|
|
+
|
|
|
+Simple rate limiting
|
|
|
+
|
|
|
+Plus have to keep internal nodes from overflowing
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Directory servers
|
|
|
+
|
|
|
+
|
|
|
+Approve new servers
|
|
|
+
|
|
|
+Tell clients who's up right now
|
|
|
+
|
|
|
+ plus their keys, location, etc
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Variable exit policies
|
|
|
+
|
|
|
+
|
|
|
+Each server allows different outgoing connections
|
|
|
+
|
|
|
+E.g. no servers allow outgoing mail currently
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+End-to-end integrity checking
|
|
|
+
|
|
|
+
|
|
|
+In previous onion routing, an insider could change
|
|
|
+the text being transmitted:
|
|
|
+
|
|
|
+"dir" => "rm *"
|
|
|
+
|
|
|
+Even an external adversary could do this!
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Rendezvous points
|
|
|
+
|
|
|
+
|
|
|
+allow hidden services
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Related work
|
|
|
+
|
|
|
+c/n vs c^2/n^2 vs 2
|
|
|
+
|
|
|
+freedom, peekabooty, jap
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+Future work
|
|
|
+
|
|
|
+Threshold directory agreement
|
|
|
+
|
|
|
+Restricted-route (non-clique) topology
|
|
|
+
|
|
|
+Morphmix/p2p extensions?
|
|
|
+
|
|
|
+Location-hidden servers via rendezvous points
|
|
|
+
|
|
|
+Make it work better
|
|
|
+
|
|
|
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
+%page
|
|
|
+
|
|
|
+We have working code
|
|
|
+
|
|
|
+
|
|
|
+Plus a design document,
|
|
|
+and a byte-level specification
|
|
|
+
|
|
|
+%size 9
|
|
|
+http://freehaven.net/tor/
|
|
|
+
|
|
|
+%size 6
|
|
|
+Privacy Enhancing Technologies workshop
|
|
|
+
|
|
|
+%size 9
|
|
|
+http://petworkshop.org/
|
|
|
+
|
Roger Dingledine