Upload
paul-wilson
View
56
Download
0
Embed Size (px)
Citation preview
Husband, father, blogger, marketerNearly 20 years in online marketingMarketing Technologist (Capgemini)Master of Science in IT (CMU)Lobbied against Child Pornography
Paul Wilson(Charlotte, NC)
Follow me on Twitter
@PaulWilsonVisit me at
http://mymarketer.net
THE FORCE vs THE DARK SIDE
The Deep Dark Web
We will Discuss: The Landscape The Force The Dark Side A Deeper Look
Understanding the Landscape of the Dark Web
The REAL Web
Created by the US Office of Naval Research Laboratory in the 1990s & perfected by DARPA TOR is an Open Source Non Profit Organization running out of an YWCA in Cambridge, Massachusetts
33 Full Time EmployeesTOR’s hosted by 1000s of Volunteers around the world
TOR Backstory
Over 60.000 Users DailyApprox. 3500 Routers and GrowingCurrently 6 Million+ users Worldwide of the Dark Web9x of web pages are in the Deep & Dark Web!Media is wrong when they say that the only way to access the dark web is through TOR
Up & Running
The Dark Web’s Currency: BitcoinsBitcoins are based on solving an encryption formula which requires extreme amounts of computing power.Websites like Deepbit.net help you set up the mining formula.Only 21 million Bitcoins will ever existTotal Bitcoins in circulation 15,432,075 (as of April 10, 2016)
Using the Onion RouterRequires a ClientMany sites require pre- registration Anonymous Email Addresses strongly recommended.onion-URLs are used to identify hidden servicesAddresses 16-character alpha-semi-numeric hashes which are automatically generated based on a public key when the hidden service is configuredYou can use the visual web to view .onion sites, but you give up your privacy (e.g. .tor2web.org)
Potential Flaws in the Onion!Timing AttackEntry MonitoringIntersection AttackDdos AttackPredecessor Attack (Replay)Exit node Sniffing
TOR: The Force or The Dark Side?
How The Force Uses TOR
Providing a Voice for the Oppressed
Freedom from having communications monitoredFreedom of the press on dangerous and sensitive topicsUsed by government embassies for sending of confidential emailsUseful in accessing blocked Internet sites where restrictions are enforced i.e. The UK, Saudi Arabia, China etc.
The Jedi User
Home Users: protect themselves when online
Activists: anonymously report abuses from danger zones
Whistleblowers: safely report on corruption
Journalists: protect their research and sources online
Military and law enforcement: protect communications, investigations, and
intelligence
How The Dark Side Uses TOR
Providing a Voice for the Criminals
The Deep Dark Web
Anonymous and unindexed area of the internet used for serious criminal activityRumored to contain more than 500 times the size of the traditional web The average life of a .onion site is 265 days Law Enforcement Agencies and “Dark Angels” aggressively work in bringing down criminal .onion sites
FBI hosting child porn sharing site as a sting site
The Sith UserDrug Dealers: Controlled substance
marketplaces
Arm Dealer: selling all kinds of weapons
Pedifiler: Child pornography
Traitor: Unauthorized leaks of sensitive information
Thief: Money laundering and Credit Card Fraud
Plagiarist: Copyright infringement
Exploring the Dark Web
Comments
The Extras…
Potential Flaws in the Onion
Potential Flaws in the Onion!Multi Hopping = Slower ConnectionsConfusion between unlinkability with anonymityWhile using Tor leaks can occur via Flash plug-in’s & other media add-onsDarknet Heavily Monitored by Law Enforcement AgenciesNSA & GCHQ Installing hundreds of OR’s in order to capture & analyze trafficMany Honeypot Sites Exist in order to catch criminals
An anonymous communication technique Messages constantly encrypted and sent through several onion routers which creates a circuit of nodes using random domain namesEach OR removes a layer of encryption with its symmetric key to reveal routing instructions, and sends the message to the next router where process is repeated Thus the analogy “onion router.” Prevents these intermediary nodes from knowing the origin, destination, and contents of the message
What is a Onion Router?
Onion Routing: How it Works
Variants (Other Anonymizing Technologies)
Tor (anonymity network)Garlic RoutingAnonymous P2PThe Amnesic Incognito Live SystemDegree of anonymityChaum mixesBitblinderJava Anonymous Proxy
Onion Routing: How it Works
TOR Node
Encrypted
Alice
Bob
Jane
Unencrypted
•Each OR maintains a connection to every other OR•Users run an onion proxy (OP) to fetch directories, establish circuits across the network•Each OR maintains a long & short term onion identity key (10 mins)
Port 9001Port 9090Port 443
Onion Routing: How it Works
TOR Node
Encrypted
Alice
Dave
Bob
Jane
UnencryptedStep 1: Alice’s TOR Client obtains a list of TOR Clients from a directory server
Port 9001Port 9030
Onion Routing: How it Works TOR Node
Encrypted
Alice
Dave
Bob
Jane
Unencrypted
Step 2: Alice’s TOR Client picks a random path to a destination server. Green links are encrypted, red links are in the clear
Port 443
Port 80
Onion Routing: How it Works TOR Node
Encrypted
Alice
Dave
Bob
Jane
Unencrypted
Step 3: If at a later time Alice connects to a different resource then a different, random route is selected. Again Green links are encrypted, red links are in the clear
Port 80
Port 443
Fighting Internet Crime
TOR Node
Encrypted
Unencrypted
Security Agencies TOR is a key technology in the fight against organized crime on the internet
Illegal Site
Agency IP Address Hidden from Site owner
Timing analysisAdversary could determine whether a node is transmitting by correlating when messages are sent by a server and received by a nodeTor, and any other low latency network, is vulnerable to such an attackCounter Measure: A Node can defeat this attack by sending dummy messages whenever it is not sending or receiving real messages (Not currently part of the Tor threat model)
Entry Node SniffingTOR Node
Encrypted
Bob
Unencrypted
Criminal posts anonymous content out to Compromised Server
Compromised Node
Police
Law Enforcement Monitor suspects client machine (Entry Point)
Exit Node SniffingTOR Node
Encrypted
Target
Unencrypted
Criminal posts anonymous content onto Server Compromised
Node
Infected with malicious code
Police
Law Enforcement Monitors Target client machine (Exit Point)
• An exit node has complete access to the content being transmitted from the sender to the recipient
• If the message is encrypted by SSL, the exit node cannot read the information, just as any encrypted link over the regular internet
Intersection AttacksTOR Node
Encrypted
Bob
Unencrypted
Criminal posts anonymous content out to Compromised Server
Compromised Node
Police
Network AnalysisNodes periodically fail of the network; any chain that remains functioning cannot have been routed through either the nodes that left or the nodes that recently joined the network, increasing the chances of a successful traffic analysis
Offline Node
Predecessor attacks (Replay)Compromised Nodes can retain session information as it occurs over multiple chain reformations
Chains are periodically torn down and rebuiltIf the same session is observed over the course of enough reformationsThe compromised node connects with the particular sender more frequently than any other node Increasing the chances of a successful traffic analysis
Ddos Attack
DoS and TorTor is vulnerable to DoS attacks because users can consume more network resources than allowed or render the network unusable for other users.
Tor deals with these attacks with
Puzzle solving: At beginning of TLS handshake or accepting create cells, this limits the attack multiplier.Limiting rates: Limits rates of accepting of create cell and TLS connections so the computational work of processing them doesn’t disrupt the symmetric cryptography operations that allow cells to flow.