Scribd
Upload
12 views9 pages

Guard Iat - Tor

20131004-guard-iat_tor

Uploaded by

ahmad0farah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views9 pages

Guard Iat - Tor

20131004-guard-iat_tor

Uploaded by

ahmad0farah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

TOP SECRET//SI//REL TO USA,FVEY

(C//REL) Types of I AT-Advanced Open Source Multi-Hop

mi
(S//REL) Open Source Multi-Hop Networks
K
- (S//REL) Tor
»
1
< ! (S//REL) Very widely used worldwide
7
(S//REL) Open Source
k
<s (S//REL) Active Development
(S//REL) Mitigates Threats

% (S//REL) Very Secure


(S//REL) Low enough latency for most TCP uses
(S//REL) Still the King of high secure, low latency Internet Anonymity
(S//REL) There are no contenders for the throne in waiting

TOP SECRET//COMINT REL TO USA,FVEY


<38*
4t t
TOP SECRET//SI//REL TO USA,FVEY
(S//REL) Tor Operation (1)

BO HOW Tor Works: 1 Tor nodo


uncncryptcd link
• • •

— • oncryptod link

Alice

Step 1: Alice's Tor


client obtains a list
of Tor nodes from
a directory server.
Jane

Dave
TOP SECRET//SI//REL TO USA,FVEY
(S//REL) Tor Operation (2)

«
EO HOW Tor Works: 2 IO • •
Tor nodo
unoncryptod link
m — > oncryptod link ».

is h
% v 1
Alice

Step 2: Alice's Tor client


picks a random path to T-.
destination server Green
links are encrypted, red i
links are in the clear. Jane

h
«

2 >l_
Bob
Dave
Exit

TOP SECRET//COMINT REL TO USA,FVEY 40

1 h *
TOP SECRET//SI//REL TO USA,FVEY

(S//SI//REL) Passive Tor Traffic Analysis

V/ $

I
TO
h
(S//SI//REL) For Normal SIGINT flow, need to identify Tor traffic!
(S//SI//REL) Only outer TLS layer visible How to Distinguish?
(S//SI//REL) Tor developers attempt to remain anonymous by blending in
*
m

with myriad other TLS traffic 7

*
(S//SI//REL) Tor TLS has changed over the years
' <"i
(S//SI//REL) There ARE some server —» client features which are

I recognizable
- (S//SI//REL) Certificate: Specific Diffie-Hellman

CN=www.ofzfkdjxvrss.net- regex match


(DH) Modulus - byte search

- (S//SI//REL) Certificate: Issuer and Subject random names of same form - ex:

(S//SI//REL) Certificate: always 2 hour lifetime - ASN. 1 parsing, more computation

- (S//SI) Multiple XKS fingerprints from multiple parties deployed

TOP SECRET//COMINT REL TO USA,FVEY 43

J*'
(S//REL) Driven by Censorship Circumvention, Hide Signature
(S//REL) China and Iran still main adversaries
(S//REL) Researching better bridge distribution strategies
t:
(S//REL) Claim by Tor Project is 8000 requests/day for <1000 total
(S//REL) Around Feb 2011, changed the TLS handshake
(S//REL) Signature more like Apache web-server
(S//REL) Different DH Modulus
(S//SI//REL) New XKS Signatures address this "¿4
(TS//SI//REL) Proposed eventual change will kill identification!
(S//REL) Each Tor node will generate random-ish signatures in a volatile
way specifically designed to look like normal website TLS traffic!

TOP SECRET//COMINT REL TO USA,FVEY 44

4f t
TOP SECRET//SI//REL TO USA,FVEY
(S//REL) Censorship Driven Protocol Obfuscation - Psiphon 3 / Tor

s f i
(S//REL) Extreme Censorship blocking: Common encrypted protocols
• (S//REL) In the case of Psiphon 3: SSH
• (S//REL) In the case of Tor. TLS
• (S//REL) Make deep packet inspection (XKS :-)) work harder
• (S//REL) Both use work of a open source project (brl/obfuscated-openssh)
(S//REL) Idea is both sides transmit random seed and verifier information
• (S//REL) Verifier is hash of seed and other data
• (S//REL) If verifier passes data used from both side seeds to generate key
• (S//REL) Key used in symmetric cipher to encrypt native SSH or SSL protocol
• (S//REL) So for random stream, need to de-obfuscate and test for SSH / SSL
(S//REL) Details for Psiphon 3
• (S//REL) Hash used for verifier, key generation: 6000 iterations SHA-1
• (S//REL) Symmetric cipher is RC-4
(S//REL) Details for Tor Obsfproxy
• (S//REL) Hash used for verifier, key generation: 100K iterations SHA-256
• (S//REL) Symmetric cipher is AES-CTR-128
• (S//REL) Key uses seed from both sides!
TOP SECRET//COMINT REL TO USA,FVEY 6
TOP SECRET//SI//REL TO USA,FVEY
(S//REL) Tor Project and friends Recent Activity

V/ $

(S//REL) Tor on non-traditional platforms


S (S//REL) ORBOT, Tor for Android smartphones - Associated browser, easy to use!

(S//REL) Tor Router Project - Modified Linksys Router (everything over Tor) M
h
(S//REL) Hide-My-IP-Address • '

(S//REL) Proprietary replacement for Tor Browser Bundle


h (S//REL) From "WCCL Network not part of Tor Project
• <

(S//SI//REL) Looked at based on reference by CT target


(S//REL) Tor Project working on improving support for circumvention
» (S//REL) Handshake obfuscation (discussed)
» (S//REL) Better bridge proliferation / distribution
(S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor

(S//REL) Adds Severe CNE misery to equation


(S//SI//REL) Has been discussed by CT targets
TOP SECRET//COMINT REL TO USA,FVEY 46

J*'
TOP SECRET//SI//REL TO USA,FVEY
(S//REL) Tor Project and friends Recent Activity

ivy $

r (S//REL)Advanced Tor"Obfuscation" Project: SkypeMorph


(S//REL) Another option for pluggable transport

(S//REL) More sophisticated concept than Obfsproxy K

(S//REL) Open connection to Skype server with "bridge Skype ID"

(S//REL) Encapsulate Tor in encrypted data mimicking Skype Video Traffic

(S//REL) Sort of traffic flow steganography vice content steganography

(S//REL) True Public Key cryptography vice obfuscation with known key

(S//REL) Product of University research - Non-trivial to deploy

(TS//SI//REL) Most Recent SIGINT Work on Exploiting Tor


(TS//SI//REL) REMATION II Workshop (US/UK) at MHS spring 2012

(S//SI//REL) Unleashed Networking/CNE legions...


(S//REL) See later talk b y t h e scoop
TOP SECRET//COMINT REL TO USA,FVEY 47
A *
js¥
TOP SECRET//SI//REL TO USA,FVEY
(S//REL) Tor Project and friends Recent Activity

Y
% ss
A
•(S//REL) Online Feud between 2 I AT Products: Ultrasurf and Tor
(S//REL)" Technical Analysis of the Ultrasurf proxying software" (Applebaum)
- (S//REL) Analysis (including some SRE) - highly critical
- (S//REL) Single hop, controlled by one authority 7
A - (S//REL) Security by obscurity
*

- (S//REL) No perfect forward secrecy (forensic traces exploitable)


- (S//REL) Responsible Disclosure: Ultrasurf notified 12/2011, published 04/2012

% (S//REL) 'Tor's critique of Ultrasurf: A reply from the Ultrasurf developers"


» (S//REL) Posted on Ultrasurf site days after Tor published critique
» (S//REL) All talk and no show
» (S//REL) Not fully analyzed
» (S//REL) One Approach to IAT: Tor - higher anonymity, smaller scale
» {S//RE\-) One Approach to lAT^ Ultrasurf - focus on circumvention, massive ^cale
TOP SECRET//COMINT REL TO USA,FVEY 48

You might also like