SlideShare ist ein Scribd-Unternehmen logo

TOR NETWORK

Als PPTX, PDF herunterladen
Rishikese MR
Rishikese MR

This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.

Software
1 von 24
TOR NETWORK A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under the Guidance of Mr. Pramod Pavithran
2
Contents • Why do we need anonymity? • Introducing the Tor Network • How does the Tor Network work? • Hidden Services • Weaknesses
Why do we need anonymity? • To hide user identity from target web site • To hide browsing pattern from employer or ISP • To conceal our internet usage from hackers • To circumvent censorship
Introducing the Tor Network • Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. • This is done by passing the data through a circuit of at least three different routers. • The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
R1 R2 R3 R4 srvr1 srvr2 R5 R6 one minute later
How Tor Works? --- Onion Routing Alice Bob OR2 OR1 • A circuit is built incrementally one hop by one hop • Onion-like encryption • ‘Alice’ negotiates an AES key with each router • Messages are divided into equal sized cells • Each router knows only its predecessor and successor • Only the Exit router (OR3) can see the message, however it does not know where the message is from M M√ M OR3 M C1 C2 C2 C3 C3 Port
Cells • All data is sent in fixed size (bytes) cells • Control cell commands: • Padding, create, destroy • Relay cell commands: • Begin, data, connected, teardown, ...
How Tor Works? --- Node to Node Connection • Tor implements Perfect Forward Secrecy (PFC) by using AES encryption • In AES (Advanced Encryption Standard), a private key is generated and shared between the two users, and from this key, session keys are generated • Original keypairs are only used for signatures (i.e. to verify the authenticity of messages)
How Tor Works? --- Integrity Checking • Only done at the edges of a stream • SHA-1 digest of data sent and received • First 4 bytes of digest are sent with each message for verification
Commands in Use
Hidden Services • Location-hidden services allow a server to offer a TCP service without revealing its IP address. • Tor accommodates receiver anonymity by allowing location hidden services • Design goals for location hidden services • Access Control: filtering incoming requests • Robustness: maintain a long-term pseudonymous identity • Smear-resistance: against socially disapproved acts • Application transparency • Location hidden service leverage rendezvous points
Weaknesses • Autonomous System (AS) eavesdropping • Exit node eavesdropping • Traffic-analysis attack • Tor exit node block • Bad Apple attack • Sniper attack • Heartbleed bug
Autonomous System (AS) eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LASTor proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL orTLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
Exit node eavesdropping (Contd.) • In October 2011, a research team from ESIEA claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them, and then acquiring their encryption keys and algorithm seeds. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used a denial-of-service attack.
Bad Apple attack • This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
Heartbleed bug • Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of theTransport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. • The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
Licit and illicit uses • Tor is increasingly in common use by victims of domestic violence and the social workers and agencies which assist them • A growing list of news organizations are using the SecureDrop software platform to accept material for publication in a manner intended to protect the anonymity of sources. • It is endorsed by civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists
Licit and illicit uses (Contd.) • Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain access to censored information, to organize political activities, or to circumvent laws against criticism of heads of state. • Tor can be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, credit card fraud, and identity theft. • Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously
Dangers of using Tor Network • "The more you hide the more somebody wants to know why.“ • While the inter-relay communications might be secure, the entry and exit nodes are vulnerable to packet sniffing and • The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full plaintext request. This can be easily seen by the operator of the exit node. • Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to your IP • Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
References • https://www.torproject.org/ • https://en.wikipedia.org/wiki/Tor_(anonymity_network) • McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany: Springer-Verlag. pp. 63–76. • "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014. • "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014. • "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014. • Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing attack". InfoWorld. • Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project. • Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout, Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11). National Institute for Research in Computer Science and Control.
Q&A
ThankYou

Empfohlen

Tor Network
Tor NetworkTor Network
Tor NetworkMuhammad Jabir A C K
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to TorJaskaran Narula
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaOWASP Delhi
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routern|u - The Open Security Community
 
Tor Presentation
Tor PresentationTor Presentation
Tor PresentationHassan Faraz
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebJan Siy
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark WebSwecha | స్వేచ్ఛ
 
Dark Web
Dark WebDark Web
Dark WebKunalDas889957
 

Empfohlen

Tor Network
Tor NetworkTor Network
Tor NetworkMuhammad Jabir A C K
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to TorJaskaran Narula
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaDarknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
Darknets - Introduction & Deanonymization of Tor Users By Hitesh BhatiaOWASP Delhi
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routern|u - The Open Security Community
 
Tor Presentation
Tor PresentationTor Presentation
Tor PresentationHassan Faraz
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebJan Siy
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark WebSwecha | స్వేచ్ఛ
 
Dark Web
Dark WebDark Web
Dark WebKunalDas889957
 
Deep web (amatuer level)
Deep web (amatuer level)Deep web (amatuer level)
Deep web (amatuer level)Ali Saif Mirza
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymityanurag singh
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationKuldeep Padhiyar
 
Dark wed
Dark wedDark wed
Dark wedAraVind Pillai
 
The dark web
The dark webThe dark web
The dark webhellboytonmoy
 
Dark net
Dark netDark net
Dark netMudasser Afzal
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark WebAdityakumar Yadav
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
Dark web
Dark webDark web
Dark webSafwan Hashmi
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
 
Dark web (1)
Dark web (1)Dark web (1)
Dark web (1)university of Gujrat, pakistan
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routerAshly Liza
 
How TOR works?
How TOR works?How TOR works?
How TOR works?Onkar Badiger
 

Weitere ähnliche Inhalte

Was ist angesagt?

Deep web (amatuer level)
Deep web (amatuer level)Deep web (amatuer level)
Deep web (amatuer level)Ali Saif Mirza
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNetJames Bollen
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymityanurag singh
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 

Was ist angesagt? (20)

Deep web (amatuer level)
Deep web (amatuer level)Deep web (amatuer level)
Deep web (amatuer level)
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNet
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Dark wed
Dark wedDark wed
Dark wed
 
The dark web
The dark webThe dark web
The dark web
 
Dark net
Dark netDark net
Dark net
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Dark web
Dark webDark web
Dark web
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developments
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
 
Dark web (1)
Dark web (1)Dark web (1)
Dark web (1)
 

Andere mochten auch

Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routerAshly Liza
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterMohammed Bharmal
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504 Prashant Rana
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network torKhaled Mosharraf
 
Deep Web
Deep WebDeep Web
Deep WebSt John
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGSCrowdStrike
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Deep weeb juanita- monica
Deep weeb juanita- monicaDeep weeb juanita- monica
Deep weeb juanita- monicaanviurhez
 
floating touch
floating touchfloating touch
floating touchsanchit09
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The DarknetAhmed Mater
 
Maximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 TechnologyMaximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 Technologytcc07
 
Colloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m riceColloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m ricemargorice
 
Googlechrome ppt
Googlechrome pptGooglechrome ppt
Googlechrome pptabshah37
 

Andere mochten auch (18)

Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
How TOR works?
How TOR works?How TOR works?
How TOR works?
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network tor
 
Deep Web
Deep WebDeep Web
Deep Web
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
 
Darknet
DarknetDarknet
Darknet
 
Deep web
Deep webDeep web
Deep web
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Deep weeb juanita- monica
Deep weeb juanita- monicaDeep weeb juanita- monica
Deep weeb juanita- monica
 
floating touch
floating touchfloating touch
floating touch
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
Maximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 TechnologyMaximizing Classroom Collaboration Using Web 2.0 Technology
Maximizing Classroom Collaboration Using Web 2.0 Technology
 
Colloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m riceColloborating with google docs in the cloud m rice
Colloborating with google docs in the cloud m rice
 
Googlechrome ppt
Googlechrome pptGooglechrome ppt
Googlechrome ppt
 
Tor
TorTor
Tor
 

Ähnlich wie TOR NETWORK

Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsBiagio Botticelli
 
Onion protocol
Onion protocolOnion protocol
Onion protocolAnshu Raj
 
Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)IAEME Publication
 
Information security using onion routing(tor)
Information security using onion routing(tor)Information security using onion routing(tor)
Information security using onion routing(tor)Kaustubh Joshi
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersBrent Muir
 
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetComparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetIRJET Journal
 
Anonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsAnonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsBiagio Botticelli
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. Quiñones-Borrero
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 

Ähnlich wie TOR NETWORK (20)

Anonymity Network TOR
Anonymity Network TOR Anonymity Network TOR
Anonymity Network TOR
 
Anonymous traffic network
Anonymous traffic networkAnonymous traffic network
Anonymous traffic network
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
 
.Onion
.Onion.Onion
.Onion
 
Onion protocol
Onion protocolOnion protocol
Onion protocol
 
Tor
TorTor
Tor
 
Tor browser
Tor browserTor browser
Tor browser
 
The Onion Routing (TOR)
The Onion Routing (TOR)The Onion Routing (TOR)
The Onion Routing (TOR)
 
Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)Control the tradeoff between performance and anonymity through end to-end t (2)
Control the tradeoff between performance and anonymity through end to-end t (2)
 
Information security using onion routing(tor)
Information security using onion routing(tor)Information security using onion routing(tor)
Information security using onion routing(tor)
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, FreenetComparison of Anonymous Communication Networks-Tor, I2P, Freenet
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
 
Anonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing ProtocolsAnonymity in the Web based on Routing Protocols
Anonymity in the Web based on Routing Protocols
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Dark web
Dark webDark web
Dark web
 

Mehr von Rishikese MR

Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language ProcessingRishikese MR
 
Crowd Sourcing With Smart Phone
Crowd Sourcing With Smart PhoneCrowd Sourcing With Smart Phone
Crowd Sourcing With Smart PhoneRishikese MR
 
The No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra ModelThe No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra ModelRishikese MR
 
Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV'sRishikese MR
 
Middleware and Middleware in distributed application
Middleware and Middleware in distributed applicationMiddleware and Middleware in distributed application
Middleware and Middleware in distributed applicationRishikese MR
 
EMOTION BASED COMPUTING
EMOTION BASED COMPUTINGEMOTION BASED COMPUTING
EMOTION BASED COMPUTINGRishikese MR
 
BITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USESBITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USESRishikese MR
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGERishikese MR
 
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.Rishikese MR
 
Google Glass and its Features
Google Glass and its FeaturesGoogle Glass and its Features
Google Glass and its FeaturesRishikese MR
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud ComputingRishikese MR
 
Artificial intelligence in gaming.
Artificial intelligence in gaming.Artificial intelligence in gaming.
Artificial intelligence in gaming.Rishikese MR
 
A seminar on neo4 j
A seminar on neo4 jA seminar on neo4 j
A seminar on neo4 jRishikese MR
 

Mehr von Rishikese MR (19)

1 2 3 4 5 g
1 2 3 4 5 g1 2 3 4 5 g
1 2 3 4 5 g
 
Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language Processing
 
Fuzzy Logic
Fuzzy LogicFuzzy Logic
Fuzzy Logic
 
Crowd Sourcing With Smart Phone
Crowd Sourcing With Smart PhoneCrowd Sourcing With Smart Phone
Crowd Sourcing With Smart Phone
 
BLUE BRAIN
BLUE BRAINBLUE BRAIN
BLUE BRAIN
 
The No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra ModelThe No SQL Principles and Basic Application Of Casandra Model
The No SQL Principles and Basic Application Of Casandra Model
 
CYBORG
CYBORG CYBORG
CYBORG
 
DATA WAREHOUSING
DATA WAREHOUSINGDATA WAREHOUSING
DATA WAREHOUSING
 
Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's Automatic 2D to 3D Video Conversion For 3DTV's
Automatic 2D to 3D Video Conversion For 3DTV's
 
Middleware and Middleware in distributed application
Middleware and Middleware in distributed applicationMiddleware and Middleware in distributed application
Middleware and Middleware in distributed application
 
EMOTION BASED COMPUTING
EMOTION BASED COMPUTINGEMOTION BASED COMPUTING
EMOTION BASED COMPUTING
 
BITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USESBITCOIN TECHNOLOGY AND ITS USES
BITCOIN TECHNOLOGY AND ITS USES
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE
 
OUTERNET
OUTERNETOUTERNET
OUTERNET
 
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
OVERVIEW OF FACEBOOK SCALABLE ARCHITECTURE.
 
Google Glass and its Features
Google Glass and its FeaturesGoogle Glass and its Features
Google Glass and its Features
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud Computing
 
Artificial intelligence in gaming.
Artificial intelligence in gaming.Artificial intelligence in gaming.
Artificial intelligence in gaming.
 
A seminar on neo4 j
A seminar on neo4 jA seminar on neo4 j
A seminar on neo4 j
 

Kürzlich hochgeladen

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROmotivationalword821
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 

Kürzlich hochgeladen (20)

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTRO
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 

TOR NETWORK

  • 1. TOR NETWORK A Presentation by Nishanth Samuel Fenn Roll No. 57 S7, CS-B. Under the Guidance of Mr. Pramod Pavithran
  • 2. 2
  • 3. Contents • Why do we need anonymity? • Introducing the Tor Network • How does the Tor Network work? • Hidden Services • Weaknesses
  • 4. Why do we need anonymity? • To hide user identity from target web site • To hide browsing pattern from employer or ISP • To conceal our internet usage from hackers • To circumvent censorship
  • 5. Introducing the Tor Network • Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. • This is done by passing the data through a circuit of at least three different routers. • The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
  • 6. R1 R2 R3 R4 srvr1 srvr2 R5 R6 one minute later
  • 7. How Tor Works? --- Onion Routing Alice Bob OR2 OR1 • A circuit is built incrementally one hop by one hop • Onion-like encryption • ‘Alice’ negotiates an AES key with each router • Messages are divided into equal sized cells • Each router knows only its predecessor and successor • Only the Exit router (OR3) can see the message, however it does not know where the message is from M M√ M OR3 M C1 C2 C2 C3 C3 Port
  • 8. Cells • All data is sent in fixed size (bytes) cells • Control cell commands: • Padding, create, destroy • Relay cell commands: • Begin, data, connected, teardown, ...
  • 9. How Tor Works? --- Node to Node Connection • Tor implements Perfect Forward Secrecy (PFC) by using AES encryption • In AES (Advanced Encryption Standard), a private key is generated and shared between the two users, and from this key, session keys are generated • Original keypairs are only used for signatures (i.e. to verify the authenticity of messages)
  • 10. How Tor Works? --- Integrity Checking • Only done at the edges of a stream • SHA-1 digest of data sent and received • First 4 bytes of digest are sent with each message for verification
  • 12. Hidden Services • Location-hidden services allow a server to offer a TCP service without revealing its IP address. • Tor accommodates receiver anonymity by allowing location hidden services • Design goals for location hidden services • Access Control: filtering incoming requests • Robustness: maintain a long-term pseudonymous identity • Smear-resistance: against socially disapproved acts • Application transparency • Location hidden service leverage rendezvous points
  • 13. Weaknesses • Autonomous System (AS) eavesdropping • Exit node eavesdropping • Traffic-analysis attack • Tor exit node block • Bad Apple attack • Sniper attack • Heartbleed bug
  • 14. Autonomous System (AS) eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LASTor proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
  • 15. Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL orTLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
  • 16. Exit node eavesdropping (Contd.) • In October 2011, a research team from ESIEA claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them, and then acquiring their encryption keys and algorithm seeds. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used a denial-of-service attack.
  • 17. Bad Apple attack • This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
  • 18. Heartbleed bug • Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of theTransport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. • The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
  • 19. Licit and illicit uses • Tor is increasingly in common use by victims of domestic violence and the social workers and agencies which assist them • A growing list of news organizations are using the SecureDrop software platform to accept material for publication in a manner intended to protect the anonymity of sources. • It is endorsed by civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists
  • 20. Licit and illicit uses (Contd.) • Tor is used for matters that are, or may be, illegal in some countries, e.g., to gain access to censored information, to organize political activities, or to circumvent laws against criticism of heads of state. • Tor can be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, credit card fraud, and identity theft. • Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously
  • 21. Dangers of using Tor Network • "The more you hide the more somebody wants to know why.“ • While the inter-relay communications might be secure, the entry and exit nodes are vulnerable to packet sniffing and • The exit node decrypts the packet it received from its sibling on the chain of nodes and receives your full plaintext request. This can be easily seen by the operator of the exit node. • Running an exit node is dangerous as all exit traffic, legal and illegal, will be traced to your IP • Anyone using TOR network is on the NSA watch list under the Xkeyscore program.
  • 22. References • https://www.torproject.org/ • https://en.wikipedia.org/wiki/Tor_(anonymity_network) • McCoy, Damon; Bauer, Kevin; Grunwald, Dirk; Kohno, Tadayoshi; Sicker, Douglas (2008)."Shining Light in Dark Places: Understanding the Tor Network". Proceedings of the 8th International Symposium on Privacy Enhancing Technologies. 8th International Symposium on Privacy Enhancing Technologies. Berlin, Germany: Springer-Verlag. pp. 63–76. • "Tor Project Form 990 2008". Tor Project. Tor Project. 2009. Retrieved 30 August 2014. • "Tor Project Form 990 2007". Tor Project. Tor Project. 2008. Retrieved 30 August 2014. • "Tor Project Form 990 2009". Tor Project. Tor Project. 2010. Retrieved 30 August 2014. • Samson, Ted (5 August 2013). "Tor Browser Bundle for Windows users susceptible to info-stealing attack". InfoWorld. • Dingledine, Roger (7 April 2014). "OpenSSL bug CVE-2014-0160". Tor Project. • Le Blond, Stevens; Manils, Pere; Chaabane, Abdelberi; Ali Kaafar, Mohamed; Castelluccia, Claude; Legout, Arnaud; Dabbous, Walid (March 2011). "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users". 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '11). National Institute for Research in Computer Science and Control.
  • 23. Q&A