SlideShare uma empresa Scribd logo

TOR NETWORK

Transferir como PPTX, PDF
Rishikese MR
Rishikese MR

This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.

Software
1 de 24
TOR NETWORK A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under the Guidance of Mr. Pramod Pavithran
2
Contents • Why do we need anonymity? • Introducing the Tor Network • How does the Tor Network work? • Hidden Services • Weaknesses
Why do we need anonymity? • To hide user identity from target web site • To hide browsing pattern from employer or ISP • To conceal our internet usage from hackers • To circumvent censorship
Introducing the Tor Network • Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. • This is done by passing the data through a circuit of at least three different routers. • The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
R1 R2 R3 R4 srvr1 srvr2 R5 R6 one minute later
How Tor Works? --- Onion Routing Alice Bob OR2 OR1 • A circuit is built incrementally one hop by one hop • Onion-like encryption • ‘Alice’ negotiates an AES key with each router • Messages are divided into equal sized cells • Each router knows only its predecessor and successor • Only the Exit router (OR3) can see the message, however it does not know where the message is from M M√ M OR3 M C1 C2 C2 C3 C3 Port
Cells • All data is sent in fixed size (bytes) cells • Control cell commands: • Padding, create, destroy • Relay cell commands: • Begin, data, connected, teardown, ...
How Tor Works? --- Node to Node Connection • Tor implements Perfect Forward Secrecy (PFC) by using AES encryption • In AES (Advanced Encryption Standard), a private key is generated and shared between the two users, and from this key, session keys are generated • Original keypairs are only used for signatures (i.e. to verify the authenticity of messages)
How Tor Works? --- Integrity Checking • Only done at the edges of a stream • SHA-1 digest of data sent and received • First 4 bytes of digest are sent with each message for verification
Commands in Use
Hidden Services • Location-hidden services allow a server to offer a TCP service without revealing its IP address. • Tor accommodates receiver anonymity by allowing location hidden services • Design goals for location hidden services • Access Control: filtering incoming requests • Robustness: maintain a long-term pseudonymous identity • Smear-resistance: against socially disapproved acts • Application transparency • Location hidden service leverage rendezvous points
Weaknesses • Autonomous System (AS) eavesdropping • Exit node eavesdropping • Traffic-analysis attack • Tor exit node block • Bad Apple attack • Sniper attack • Heartbleed bug
Autonomous System (AS) eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LASTor proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL orTLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
Exit node eavesdropping (Contd.) • In October 2011, a research team from ESIEA claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them, and then acquiring their encryption keys and algorithm seeds. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used a denial-of-service attack.
Bad Apple attack • This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
Heartbleed bug • Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of theTransport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. • The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
Licit and illicit uses • Tor is increasingly in common use by victims of domestic violence and the social workers and agencies which assist them • A growing list of news organizations are using the SecureDrop software platform to accept material for publication in a manner intended to protect the anonymity of sources. • It is endorsed by civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists
Licit and illicit uses (Contd.) • Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain access to censored information, to organize political activities, or to circumvent laws against criticism of heads of state. • Tor can be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, credit card fraud, and identity theft. • Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously
Dangers of using Tor Network • "The more you hide the more somebody wants to know why.“ • While the inter-relay communications might be secure, the entry and exit nodes are vulnerable to packet sniffing and • The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full plaintext request. This can be easily seen by the operator of the exit node. • Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to your IP • Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
References • https://www.torproject.org/ • https://en.wikipedia.org/wiki/Tor_(anonymity_network) • McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany: Springer-Verlag. pp. 63–76. • "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014. • "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014. • "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014. • Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing attack". InfoWorld. • Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project. • Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout, Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11). National Institute for Research in Computer Science and Control.
Q&A
ThankYou

Recomendados

Tor Presentation
Tor PresentationTor Presentation
Tor PresentationHassan Faraz
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network torKhaled Mosharraf
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to TorJaskaran Narula
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterMohammed Bharmal
 
Tor Network
Tor NetworkTor Network
Tor NetworkMuhammad Jabir A C K
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymityanurag singh
 
Onion protocol
Onion protocolOnion protocol
Onion protocolAnshu Raj
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routern|u - The Open Security Community
 

Recomendados

Tor Presentation
Tor PresentationTor Presentation
Tor PresentationHassan Faraz
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network torKhaled Mosharraf
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to TorJaskaran Narula
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterMohammed Bharmal
 
Tor Network
Tor NetworkTor Network
Tor NetworkMuhammad Jabir A C K
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymityanurag singh
 
Onion protocol
Onion protocolOnion protocol
Onion protocolAnshu Raj
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routern|u - The Open Security Community
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Deep web
Deep webDeep web
Deep webAbu Kaisar
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
 
Dark Web
Dark WebDark Web
Dark WebKunalDas889957
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark WebAdityakumar Yadav
 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
 
PPT dark web
PPT dark webPPT dark web
PPT dark webjitiyaashwin
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Dark wed
Dark wedDark wed
Dark wedAraVind Pillai
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Cysinfo Cyber Security Community
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebSuraj Jaundoo
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentationtravel_affair
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routerAshly Liza
 
How TOR works?
How TOR works?How TOR works?
How TOR works?Onkar Badiger
 

Mais conteúdo relacionado

Mais procurados

Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 

Mais procurados (20)

Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Deep web
Deep webDeep web
Deep web
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
 
Dark Web
Dark WebDark Web
Dark Web
 
Network security
Network securityNetwork security
Network security
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Wireshark
Wireshark Wireshark
Wireshark
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
 
Firewall
FirewallFirewall
Firewall
 
PPT dark web
PPT dark webPPT dark web
PPT dark web
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
 
Dark wed
Dark wedDark wed
Dark wed
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Network security
Network security Network security
Network security
 
Deep Web - what to do and what not to do
Deep Web - what to do and what not to do Deep Web - what to do and what not to do
Deep Web - what to do and what not to do
 
Wireshark
WiresharkWireshark
Wireshark
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentation
 

Destaque

Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routerAshly Liza
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504 Prashant Rana
 
Deep Web
Deep WebDeep Web
Deep WebSt John
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGSCrowdStrike
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Deep weeb juanita- monica
Deep weeb juanita- monicaDeep weeb juanita- monica
Deep weeb juanita- monicaanviurhez
 
floating touch
floating touchfloating touch
floating touchsanchit09
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The DarknetAhmed Mater
 
Maximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 TechnologyMaximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 Technologytcc07
 
Colloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m riceColloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m ricemargorice
 
Googlechrome ppt
Googlechrome pptGooglechrome ppt
Googlechrome pptabshah37
 

Destaque (17)

Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
How TOR works?
How TOR works?How TOR works?
How TOR works?
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
Deep Web
Deep WebDeep Web
Deep Web
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
 
Darknet
DarknetDarknet
Darknet
 
Deep web
Deep webDeep web
Deep web
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Deep weeb juanita- monica
Deep weeb juanita- monicaDeep weeb juanita- monica
Deep weeb juanita- monica
 
floating touch
floating touchfloating touch
floating touch
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
Maximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 TechnologyMaximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 Technology
 
Colloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m riceColloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m rice
 
Googlechrome ppt
Googlechrome pptGooglechrome ppt
Googlechrome ppt
 
Tor
TorTor
Tor
 

Semelhante a TOR NETWORK

Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsBiagio Botticelli
 
Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)IAEME Publication
 
Information security using onion routing(tor)
Information security using onion routing(tor)Information security using onion routing(tor)
Information security using onion routing(tor)Kaustubh Joshi
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetComparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetIRJET Journal
 
Anonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsAnonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsBiagio Botticelli
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. Quiñones-Borrero
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Saprative Jana
 

Semelhante a TOR NETWORK (20)

Anonymity Network TOR
Anonymity Network TOR Anonymity Network TOR
Anonymity Network TOR
 
Anonymous traffic network
Anonymous traffic networkAnonymous traffic network
Anonymous traffic network
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
 
.Onion
.Onion.Onion
.Onion
 
Tor
TorTor
Tor
 
Tor browser
Tor browserTor browser
Tor browser
 
The Onion Routing (TOR)
The Onion Routing (TOR)The Onion Routing (TOR)
The Onion Routing (TOR)
 
Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)
 
Information security using onion routing(tor)
Information security using onion routing(tor)Information security using onion routing(tor)
Information security using onion routing(tor)
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetComparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
 
Anonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsAnonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing Protocols
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Dark web
Dark webDark web
Dark web
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)
 

Mais de Rishikese MR

Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language ProcessingRishikese MR
 
Crowd Sourcing With Smart Phone
Crowd Sourcing With Smart PhoneCrowd Sourcing With Smart Phone
Crowd Sourcing With Smart PhoneRishikese MR
 
The No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra ModelThe No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra ModelRishikese MR
 
Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV'sRishikese MR
 
Middleware and Middleware in distributed application
Middleware and Middleware in distributed applicationMiddleware and Middleware in distributed application
Middleware and Middleware in distributed applicationRishikese MR
 
EMOTION BASED COMPUTING
EMOTION BASED COMPUTINGEMOTION BASED COMPUTING
EMOTION BASED COMPUTINGRishikese MR
 
BITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USESBITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USESRishikese MR
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGERishikese MR
 
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.Rishikese MR
 
Google Glass and its Features
Google Glass and its FeaturesGoogle Glass and its Features
Google Glass and its FeaturesRishikese MR
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud ComputingRishikese MR
 
Artificial intelligence in gaming.
Artificial intelligence in gaming.Artificial intelligence in gaming.
Artificial intelligence in gaming.Rishikese MR
 
A seminar on neo4 j
A seminar on neo4 jA seminar on neo4 j
A seminar on neo4 jRishikese MR
 

Mais de Rishikese MR (19)

1 2 3 4 5 g
1 2 3 4 5 g1 2 3 4 5 g
1 2 3 4 5 g
 
Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language Processing
 
Fuzzy Logic
Fuzzy LogicFuzzy Logic
Fuzzy Logic
 
Crowd Sourcing With Smart Phone
Crowd Sourcing With Smart PhoneCrowd Sourcing With Smart Phone
Crowd Sourcing With Smart Phone
 
BLUE BRAIN
BLUE BRAINBLUE BRAIN
BLUE BRAIN
 
The No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra ModelThe No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra Model
 
CYBORG
CYBORG CYBORG
CYBORG
 
DATA WAREHOUSING
DATA WAREHOUSINGDATA WAREHOUSING
DATA WAREHOUSING
 
Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's
 
Middleware and Middleware in distributed application
Middleware and Middleware in distributed applicationMiddleware and Middleware in distributed application
Middleware and Middleware in distributed application
 
EMOTION BASED COMPUTING
EMOTION BASED COMPUTINGEMOTION BASED COMPUTING
EMOTION BASED COMPUTING
 
BITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USESBITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USES
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE
 
OUTERNET
OUTERNETOUTERNET
OUTERNET
 
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
 
Google Glass and its Features
Google Glass and its FeaturesGoogle Glass and its Features
Google Glass and its Features
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud Computing
 
Artificial intelligence in gaming.
Artificial intelligence in gaming.Artificial intelligence in gaming.
Artificial intelligence in gaming.
 
A seminar on neo4 j
A seminar on neo4 jA seminar on neo4 j
A seminar on neo4 j
 

Último

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Último (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 

TOR NETWORK

  • 1. TOR NETWORK A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under the Guidance of Mr. Pramod Pavithran
  • 2. 2
  • 3. Contents • Why do we need anonymity? • Introducing the Tor Network • How does the Tor Network work? • Hidden Services • Weaknesses
  • 4. Why do we need anonymity? • To hide user identity from target web site • To hide browsing pattern from employer or ISP • To conceal our internet usage from hackers • To circumvent censorship
  • 5. Introducing the Tor Network • Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. • This is done by passing the data through a circuit of at least three different routers. • The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
  • 6. R1 R2 R3 R4 srvr1 srvr2 R5 R6 one minute later
  • 7. How Tor Works? --- Onion Routing Alice Bob OR2 OR1 • A circuit is built incrementally one hop by one hop • Onion-like encryption • ‘Alice’ negotiates an AES key with each router • Messages are divided into equal sized cells • Each router knows only its predecessor and successor • Only the Exit router (OR3) can see the message, however it does not know where the message is from M M√ M OR3 M C1 C2 C2 C3 C3 Port
  • 8. Cells • All data is sent in fixed size (bytes) cells • Control cell commands: • Padding, create, destroy • Relay cell commands: • Begin, data, connected, teardown, ...
  • 9. How Tor Works? --- Node to Node Connection • Tor implements Perfect Forward Secrecy (PFC) by using AES encryption • In AES (Advanced Encryption Standard), a private key is generated and shared between the two users, and from this key, session keys are generated • Original keypairs are only used for signatures (i.e. to verify the authenticity of messages)
  • 10. How Tor Works? --- Integrity Checking • Only done at the edges of a stream • SHA-1 digest of data sent and received • First 4 bytes of digest are sent with each message for verification
  • 12. Hidden Services • Location-hidden services allow a server to offer a TCP service without revealing its IP address. • Tor accommodates receiver anonymity by allowing location hidden services • Design goals for location hidden services • Access Control: filtering incoming requests • Robustness: maintain a long-term pseudonymous identity • Smear-resistance: against socially disapproved acts • Application transparency • Location hidden service leverage rendezvous points
  • 13. Weaknesses • Autonomous System (AS) eavesdropping • Exit node eavesdropping • Traffic-analysis attack • Tor exit node block • Bad Apple attack • Sniper attack • Heartbleed bug
  • 14. Autonomous System (AS) eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LASTor proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
  • 15. Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL orTLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
  • 16. Exit node eavesdropping (Contd.) • In October 2011, a research team from ESIEA claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them, and then acquiring their encryption keys and algorithm seeds. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used a denial-of-service attack.
  • 17. Bad Apple attack • This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
  • 18. Heartbleed bug • Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of theTransport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. • The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
  • 19. Licit and illicit uses • Tor is increasingly in common use by victims of domestic violence and the social workers and agencies which assist them • A growing list of news organizations are using the SecureDrop software platform to accept material for publication in a manner intended to protect the anonymity of sources. • It is endorsed by civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists
  • 20. Licit and illicit uses (Contd.) • Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain access to censored information, to organize political activities, or to circumvent laws against criticism of heads of state. • Tor can be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, credit card fraud, and identity theft. • Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously
  • 21. Dangers of using Tor Network • "The more you hide the more somebody wants to know why.“ • While the inter-relay communications might be secure, the entry and exit nodes are vulnerable to packet sniffing and • The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full plaintext request. This can be easily seen by the operator of the exit node. • Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to your IP • Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
  • 22. References • https://www.torproject.org/ • https://en.wikipedia.org/wiki/Tor_(anonymity_network) • McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany: Springer-Verlag. pp. 63–76. • "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014. • "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014. • "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014. • Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing attack". InfoWorld. • Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project. • Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout, Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11). National Institute for Research in Computer Science and Control.
  • 23. Q&A