ToR

From The Black OP Security Wiki

  Main Page >>  ToR

Long Story Short: ToR passes your data (except flash java etc) encrypted trough a certain number of computers, the last one decrypts it and sends it to the whatever you wanted to send it, so you must be aware that your data can be stolen and your IP could be tracked. It's slow as hell too. So false sensation of "anonimity" at cost of reduced performance.

This is a page dedicated to the workings of ToR, if you want to skip straight to the Install walk-through please see the following pages.

How To Install (WinXP)
How To Install (Mac OS X)
How To Install (Ubuntu)
Install Hidden Service: CentOS

How It Works

FAQ

Q. I hear that only [The government, Scammers, Identity thieves, Bad people] run Tor nodes.

A. Almost anyone with a computer and an internet connection can run a Tor node. Although it is quite likely some Tor nodes are run by government agencies, scammers, identity thieves and other generally malicious people, a great many are also run by people just like you. Another thing to keep in mind is that for every node a government agency is running, another agency of another government is likely running one as well. And the chances of the two governments cooperating to launch an attack on your Tor connection are slim. This combined with the type of math involved with Tor shows that it is perhaps not a big deal if a great many nodes are run by a variety of malicious entities. For every node that an adversary adds to the network in an attempt to break someones anonymity, that same node will be used to save the anonymity of thousands of others.

Q. I hear that if I use the Tor network, random people who run nodes can see everything that I am saying.

A. This has some amount of truth in it. If you are using Tor and are not either using SSL, self encryption or only accessing Hidden Services, then the person who runs your exit node can see what you are saying if they bother to look (probably many are in fact going to look, but also many are not going to in the first place). This threat is easily countered however. Simply make sure that when you are using Tor, you are only connecting to websites with SSL, sending information that you have pre-encrypted, or accessing a Hidden Service. You should keep an eye on your SSL certificate as a malicious exit node could attempt to spoof one, but in most cases you will notice this as your browser will likely give you a warning.

Q. Is Tor supposed to go this slow?!

A. Tor is not known for going very fast. There are two main reasons for this. The first reason is that your communications are being relayed through at least three computers around the world. The second reason is that while over a hundred thousand people a day use Tor, there are only around two thousand Tor nodes. So a little bandwidth is being divided up for a lot of people. Keep in mind that you don't need to use Tor for everything you do, just things that you want to keep anonymous.

Q. I hear that if I use the Tor network, my internet traffic will be mixed in with pedophiles.

A. The Tor network has well over a hundred thousand people use it every single day. Some of these people are pedophiles. Some of them are Chinese Dissenters. Some of them are people trying to keep their ISP from gathering information on them and then selling it to marketers. Lots of different people use Tor. Even law enforcement and military agents use Tor. Journalists use Tor. Bloggers who write on controversial subjects use Tor. A lot of the people using Tor are just trying to protect their right to freedom of speech. So although it is true that Tor does attract pedophiles and similar people you would not want to be associated with, just because you use Tor does not by any means make you associated with them.

Another way I have heard this question asked is in the terms of Hidden Services. As many people know that Hidden Services are frequently used by pedophiles, they are hesitant to use Hidden Services themselves, thinking it will mix them in with pedophiles. This is also an incorrect understanding of how Hidden Services work. A Hidden Service is set up on a traditional server that the owner of the Hidden Service has control over. There are not special Tor Hidden Services in some magical building (at the exclusion of all other servers) that just happen to be full of pedophiles. Hidden Services are no more used by pedophiles than traditional servers are. The Tor Hidden Service protocol was designed with military servers in mind in the first place. And as I said before, near any server can be configured as a Tor Hidden Service.

Tor Basics + Attacks

Tor is what is referred to as an anonymity network. It attempts to allow a person to communicate online with out being traceable. Tor consists of a software program and a network. The software program was originally developed by the Navy, but is now developed by a non-profit organization. The Tor network consists of volunteer donated bandwidth and CPU cycles. Almost anyone with a computer and internet connection can set up to be a node for the Tor network. Tor sends your internet traffic through three nodes before it reaches the destination, in an attempt to prevent the destination from being able to find out who you are.

Tor.No.SSL

Instead of “The Internet” (IE: Whatever servers you communicate with) seeing your IP address, they see the IP address of the Exit node. Unless using SSL or self encryption, the exit node can eavesdrop on your communications. The red arrow indicates a non encrypted connection.

In addition to routing your traffic through three nodes, Tor encrypts the communications in layers. This prevents your ISP, and the first two nodes (and their ISPs) from being able to see what you are doing. Unfortunately, the design of the internet does not allow for native end to end encryption using systems such as Tor. This means that the Exit node needs to be able to see what you are saying, and who you are saying it to. For this reason, it is best to use SSL constantly when using Tor, otherwise a random volunteer donating bandwidth and CPU cycles to Tor could eavesdrop on a portion of your communications (although they could not trace you back, unless of course you leak personally identifying information in the contents of your communications). With Tor hidden services, there is end to end encryption and SSL is not required (and is suggested against, for anonymity reasons).

ToR with SSL.

With SSL (https://), the exit node can not see what you are saying. This is why you should always use SSL with Tor. It should be noted that one should always check the fingerprint on their SSL certificate, as an exit node could attempt to spoof an SSL certificate and man in the middle attack your connection.

Tor has a few weaknesses. The easiest way for the adversary (meaning the person trying to trace you, the enemy, whoever that may be) to find your location, is to use what is called a side channel attack. Side channel attacks do not strictly speaking break Tor, rather they go around Tor to find your real IP address. Such side channel attacks include using Flash, Java applets, Javascript, Quicktime, DNS leaks, FTP leaks, Word plugins, I-tunes plugins and more to bypass Tor and get your real IP address. For this reason, you should disable all plugins when you are using Tor. You should also make sure to point FTP connections at Tor, even though it can't manage them it is better than leaking your real IP address to FTP servers. You should also make sure to disable Flash, Java and Javascript with the browser/application you are using Tor with.

Another attack on Tor, which actually breaks its anonymity rather than goes around it, is node poisoning. The more nodes the adversary owns on your circuit (a circuit is three nodes together), the more info he can gather on you.

If the adversary owns your Tor entry node, then he can tell you are using the Tor network, but he can not see what you are saying (because all information on Tor is encrypted in layers, except for from exit nodes), or who you are saying it to (Because he forwards it on to the relay node, not the end destination.

If the adversary owns the relay node in your circuit, they can't do anything with it really: they can't see that your IP is using the Tor network because they had the information relayed to them by the entry node, not you. They also can not see what you are saying, thanks to encryption, nor who you are saying it to, as they merely relay the information to an exit node, not to the destination server.

If the adversary owns the exit node, they can see what you are saying and who you are saying it to, but they can't see who you are, as you are two nodes away from them. If you use SSL with websites (Meaning the address is https:// instead of http://), the exit node can not see what you are saying but can see who you are talking to (but again can not figure out who you are). An exit node could attempt to spoof a SSL certificate, but this is not very likely. Never the less, you should check SSL finger prints and make sure they are signed by the proper authority.

If the adversary owns multiple nodes on your circuit, the risks become more plentiful. If the adversary owns either the entry or the exit along with the relay node, they have not much of an advantage more than if they just owned the entry or the exit node, although against hidden services they can find your entry guard if they own the exit and the relay coming from the server. Once they have determined the hidden services entry guards, there are sophisticated attacks they can attempt to trace back its location (more on this later).

Timing Attack

If the adversary owns the entry and the exit node, your anonymity can begin to decrease drastically. An adversary that owns an entry and an exit node on your circuit can see that you are using the Tor network, and has a pretty good chance of seeing what server you are connecting to (and what you are saying to them if you are not using SSL) by doing timing attacks. That means the entry node compares the time data arrived at the entry node with the time data arrives at the exit node, also taking into consideration the location and bandwidth history of the unowned relay node, in an attempt to statistically show that the data leaving from the exit node is the same data you put in to the entry node. Tor has a low level of protection against this attack in the form of very minimal crowding. Crowding means that since hundreds or possibly thousands of people are having their data relayed through your identical circuit, and circuits that share nodes with your circuit, there is a possibility that your traffic will blend in with theirs against timing attacks. This very minimal amount of crowding provides you with some level of anonymity, in some cases, but a compromised entry and exit node is still a massive hit to your anonymity and greatly narrows you down

Trace-Back

If the adversary owns all three nodes on your circuit, you are easily traced and unless you are using SSL your communications are easily seen. Thankfully, it is very unlikely that an adversary will ever own all three nodes on your circuit due to the factorial math involved with building Tor circuits. This means that an adversary who owns half of the Tor nodes will still not be able to have a full circuit half of the time. This math makes things more friendly for anonymity than for node poisoning leading to a trace back circuit.

ISP_retention

Another attack on Tor, the most deadly to its anonymity, is international ISP cooperation. A more detailed illustration of how the Tor network functions would look something like this:

Even assuming that the adversary doesn't own any of the nodes on your path, if the can get the ISPs to cooperate, and if the ISPs log data, they could trace you back and see what you are saying, if you don't use SSL (or Hidden Services), by getting the information straight from the ISPs. As data retention laws sweep the world (ISPs are required to log connection data for months instead of minutes) this attack starts to become attractive and possible to the federal policing agencies (who before probably relied mostly on side channel attacks, and possibly some amount of node poisoning). Unfortunately, Tor does not currently defend against such attacks, and ISP data retention laws are popping up in country after country. This means that Tors ability to keep you anonymous is slowly but surely getting less and less. Thankfully the police states of the world have not yet fully gotten to the level of international cooperation and data retention required to trivially trace Tor back, but it is likely they will greatly reduced the anonymity of Tor in the coming years. It is worth nothing that this reduction in anonymity and privacy applies to the internet in general, not Tor in specific. It is also worth noting perhaps that even in countries with data retention laws, it is at the ISP level usually. Meaning that servers with a connection to an internet backbone (such as in data centers) are not necessarily having data retention apply to them. This is good, because although a great many Tor nodes are run on residential connections, quite a few are being run in data centers, and may escape data retention logging.

NSA logging

In countries such as the United States, data retention laws have not yet reached the ISP level. The data logging that takes place in the USA is done at Exchange Points, likely by military intelligence agencies such as the NSA. Here is an illustration of how this sort of logging appears:

In this case, even if the adversary does not own any of the nodes in the circuit, and the ISPs are not logging data under data retention laws, you can be traced back as the ISPs exchange data with each other through a very limited number of exchange points. It is quite likely that in a large number of exchange points, especially those in the United States, that the NSA is either passively collecting connection information, or perhaps more likely at least has the ability to do so. This means that against an adversary with the ability to log at the exchange point level, Tor does not stand up well at all. It is the authors opinion that even though the NSA could likely trace back Tor relatively trivially, that they would not do so. There are multiple reasons for this. Keep in mind that the NSA is an intelligence agency, not a policing agency. Their goal is to gather information, especially information on foreign governments and militarys. Tor is used in embassies around the world for people to communicate information back to their home country. Tor is also likely used by spies, and for military servers. Unless you fall into one of those categories, the NSA is not likely to care about what you are using Tor for. Even if you do fall into one of those categories, the NSA is not likely to directly act on information it gathers about your communication patterns, because to do so would scare people away from Tor. As it is right now, Tor is in a way the ultimate honey pot for the NSA, and unless you are a spy, work at a foreign embassy or use Tor to set up hidden military servers, you are not the fly they are interested in attracting. And they are also not likely to destroy what is undoubtedly an invaluable source of information for them, by showing their ability to compromise Tor.

Another noteworthy attack on Tor is the adversary being able to see that you are even using it. In some countries even using Tor is illegal, China being the first that comes to mind. If you are using a laptop and stealing WiFi from different random access points, this may not be quite as big of a deal to your anonymity, as anyone who sees the use of Tor will see it as the people whose WiFi you are borrowing using Tor. Tor might simply be blocked though (this is quite likely), or you may not want to haphazardly play with the lives of people whose WiFi you are borrowing. Tor has some basic anti-censorship measures. For one, you can find a bridge in various ways. A bridge is a node that is not in the publicly listed node directories, but which allows you to connect to the Tor network. You can find bridges from the Tor website, or from friends who get them from the Tor website for you. These bridges are better than using a publicly listed directory node, as they are much less likely to be blocked or noticed. But a determined adversary (Such as the government of China) may be able to find the majority of these nodes by posing as those who wish to use them. Another possibility is to set up, or have a friend set up, a tor relay on a VPS (or home computer) and only share the IP address with you or a few others. This node will most likely not be found by the Chinese government as a Tor node, and is unlikely to be blocked. It should be noted however that if your actual traffic is analyzed it shouldn't be too hard for the Chinese government to tell that it is tor traffic, but this is not near as likely of an attack as them gathering a comprehensive node list. Tor does take a few minor security precautions against the actual traffic being fingerprinted, it semi-disguises your traffic as a different protocol.

It should be noted that you can gain slight anonymity benefits against some attacks by running a relay node. This will make it so a person with a limited amount of nodes can not tell if data coming from your machine originated with you of if it originated with someone else and was merely relayed though you. It might be a bad idea to run a relay on your laptop if you are hitting up random WiFi access points. But it is a good idea to run a relay on your home computer, simply because you contribute to the Tor network and can offer a steady stream of bandwidth. Relays are weaker against some attacks than standard clients. For example, there are hundreds of thousands of Tor clients, and at the peak there are rarely more than two thousand tor nodes at a given time. So your anonymity set is decreased in some ways, against adversaries who know you run a relay, but a crowd of over a thousand is pretty good still. I suggest you run a relay on your home computer but not on your laptop.

Tor Hidden Services

Another feature of Tor is the ability to set up hidden services. A hidden service allows a person to publish content on the internet, or host services (such as IRC), with out revealing the physical location of the server. A Tor hidden service model looks like this:

First, the Hidden Service generates a key pair. Then, the Hidden Service selects a couple of introductory points and tells them its public key. The introduction points do not know the hidden Services IP address.

The hidden service creates a service descriptor, containing its public key and a list of introduction points. The descriptor is signed with the private key, and uploaded to directory servers. Clients can find the service descriptor by using its 16 character onion address, which is uniquely derived from the public key. This gives the service 80 bits of authentication. Although 80 bits of authentication is not particularly good, it should be noted that this system is resistant to MIM attacks due to the layered encrypted. This is not the case with SSL.

When a client (you) wants to connect to the hidden service, it first must learn the services onion address. Then the client downloads the service descriptor from a directory server. The client also randomly selects a node to act as a rendezvous node. The client tells the rendezvous node a one time secret.

The client assembles an introduction message to the server, and encrypts it with the servers private key. The introduction message contains the rendezvous nodes location, as well as the one time secret. The client then sends this message to the introduction point, with instructions to forward it on to the hidden service. After receiving the introduction message, the hidden service decrypts it. It then connects to the rendezvous point and sends it a copy of the one time secret.

The client and the hidden service communicate over their Tor circuits, with the exit node of the client being the rendezvous point. Sometimes there will be an additional node between the client and server, for a total of between six and seven.

Hidden services provide significantly stronger anonymity to a system than simply having the clients use Tor does. For one, there are twice as many nodes between the client and the server (six or seven instead of three). This exponentially decreases the chances of someone breaking Tors anonymity with node poisoning. For two, more nodes than exit nodes can be rendezvous points. This also greatly increases the amount of possible circuits, and thus greatly reduces the chances of node poisoning breaking the anonymity of the circuit to traceback. A third advantage is that users absolutely must use Tor to access the hidden service; that means no accidentally forgetting to use Tor, which is an anonymity protection (protects against user error). Fourth, and perhaps most importantly of all, as there are twice as many nodes between the client and the server, that means that in the pure sense (attacks on client to server node circuits), an adversary will need the cooperation of up to twice as many ISPs to do ISP collusion attacks on Tor (although it is at a maximum twice as many, as multiple nodes may use the same ISP, and there are only a few hundred exchange points in the world). The chances of all ISPs of all nodes on the circuit retaining data also decreases significantly. Thus, Tor hidden services provide greatly enhanced anonymity against virtually all attacks that break Tor (but not against side channel attacks).

Tor hidden services have a variety of other advantages as well. Communications between the client and server are end to end encrypted, meaning there is virtually no chance that they will be eavesdropped on by a third party. Tor hidden services also offer (comparatively to SSL) a moderate amount of authentication (although it should be noted the authentication is resistant to some attacks SSL is not). One of the biggest benefits of Tor hidden services is that they are extremely resistant to DDOS attacks. An adversary wishing to DDOS a service will only be able to do so if they find the services IP address (break Tor). Otherwise, they can merely DDOS the entry guards the hidden service is using. Since there are over a thousand possible entry guards, this will require a massive amount of bandwidth. Essentially, to DDOS a single hidden service, an adversary must DDOS the entire Tor network. In addition to techniques which help defend the actual Tor network against DDOS (such as rate limiting and burstable bandwidth settings on tor relays), the Tor network itself is robust enough to handle large amounts of bandwidth.

There are a few attacks on the anonymity of Tor hidden services that go outside the range of attacks on Tor clients. This does not mean that a Tor client accessing a hidden service is more vulnerable than a Tor client accessing a standard web service; actually it is more secure and anonymous. It does however mean, that in some ways it is easier to find a Tor hidden service than it is to find a standard Tor client.

In addition to the standard attacks on Tor clients, (Side channel [although in this case it is more likely to be the software running on the service, such as apache, leaking information], node poisoning [reduced risk], ISP correlation and timing attacks [which in the standard sense are harder to do against hidden services than they are normal clients]), a hidden service is at risk of being found with time skew attacks , sophisticated DDOS / node poisoning attacks and 'special' side channel attacks.

A computer measures time with vibrating quartz crystals. As the temperature of the environment the computer is in changes, minor changes to the speed the quartz crystals vibrate come about. An adversary who can measure the time skew of the hidden service, can use that information to statistically find some information about the server. Certain time skews are more common in a server rack setting (such as most commercial hosting services) than they are in a home computer setting (running on a dedicated box, or on a personal computer). Also, temperature variation through out the day can help an adversary who can see the temperature patterns from the time skew narrow down geographic locations of hidden services. This attack will not fully break the anonymity of Tor, but it can be used to significantly narrow down possible locations of the hidden service.

A possible, albeit relatively unlikely, attack on the anonymity of Tor hidden services involves the use of bandwidth flooding (most likely botnet style DDOS) to down entry guards, while flooding the network with nodes in the hopes that the hidden service will pick one of the poisoned nodes as a new entry guard. Before this attack can properly be explained, entry guards need explained. When a Tor client (including the client used to provide a hidden service) first connects to the Tor network, it selects a couple of entry guards randomly. If they are up and reachable, entry guards will always be used by the client as the first node on a circuit (the entry node). Although the exit and the relay node change randomly every few minutes, the entry node is selected from the same very small pool of nodes that were selected to be entry guards when the client was first set up. This reduces the chance that an adversary with a relatively small amount of nodes will be able to poison an entire circuit, or even be able to do timing attacks. This is because, if the entry guards are not owned by the adversary, the adversary will never be able to trace the clients connect back (via node poisoning) . If the adversary does own one or more of the entry guards used (even all of them), their ability to do a node poisoning attack is based on statistical formulas (and still not very favorable for them).

Entry guards are used by all Tor clients, but with hidden services they are arguably more of a target. Hidden services are up for long periods of time, and will accept a great many connections to them (You visiting a hidden service is one connection from your anonymity perspective, but from the hidden services perspective you are one of many. Plus you decided to open the connection to the hidden service, not vice versa; the hidden service is much more vulnerable to an adversary opening up dozens of connections to it in an attempt to get multiple poisoned nodes in the circuit). Although an entry guard offers a hidden service better anonymity from node poisoning, just as it does for you, it is easier to attack this defense mechanism against a hidden service than it is against a standard client. An adversary with a great deal of bandwidth, such as a large bot net, can flood the Tor network with hundreds of nodes at no expense to themselves (uses the resources of the botnet). They can then force connections to the hidden service via many of the botnet nodes, and eventually they are likely to own two of the three nodes in the circuit coming from the server ; how long it will take for this to happen is based on statistics and greatly depends on how many nodes the adversary owns. With two nodes on the circuit path the adversary can find the IP of the hidden services entry guards, and DDOS them offline with bandwidth from the botnet.

When the entry guards have all been knocked offline, the hidden service will pick new ones. As the adversary has the network flooded with nodes from a botnet, there is a significant chance that at least one of the new entry guards selected by the hidden service will belong to the adversary. The adversary can then flood the hidden service with requests from the botnet, and find the hidden services IP address if they do in fact own the entry guard.

This attack on hidden services is not very likely to be launched by government agencies. Government agencies are much more likely to try and break the anonymity of hidden services with international ISP data retention laws. This attack could however be used by sophisticated non-government affiliated adversaries (people who have an easier time getting a ten thousand node botnet than they do getting ISPs to retain data, or share retained data with them even if they did). However, due to the complexity and sophistication of this attack (as well as the highly questionable legality), it is unlikely to be encountered.

Another attack that is mostly specific to hidden services, is the fact that all traffic to most hidden service servers is going to be from the Tor network. It is possible that if a servers general location can be narrowed down, perhaps by time skew, that with proper cooperation (or illegal activity) various hosting services and/or upstream ISPs with data retention, could find the specific location of the hidden service by viewing where traffic from known Tor exits is going. Another thing that could be done, is upstream ISPs could find the location of multiple hidden services (or highly suspected hidden services) with out necessarily knowing their content. It is important to only bind to localhost to help defend against this attack.