SlideShare ist ein Scribd-Unternehmen logo

2006: Hack.lu Luxembourg 2006: Anonymous Communication

Fabio Pietrosanti
Fabio Pietrosanti

The document discusses exploiting anonymous communication networks to setup anonymous infrastructures. It presents the Laissez Faire Island Project which aims to create anonymous social environments using TOR. The project provides free virtual private servers for anonymous services and wants to build a redundant anonymous infrastructure. It also presents LFI MAIL, an unconventional approach to anonymous email that aims to provide email services through a network of redundant servers located across many anonymous "islands", escaping reliance on TOR exit nodes by leveraging SMTPS-enabled Mixmaster remailers.

Technologie
1 von 66
Downloaden Sie, um offline zu lesen
Exploiting hidden services to setup anonymous communication infrastructures 21 October 2006 Fabio Pietrosanti Luxembourg naif at s0ftpj.org
My goals • Explain anonymity concept and different networks • Explain the potential of exploiting anonymous networks in a different way • Present the Laissez Faire Island Project and get interests and contributors • Discuss on how to support the growth of anonymous communication systems with an a-commerce market 2
What’s this talk not about? • Not go deeper in the technical details of anonymous protocols • Do not make any promotion of commercial tools 3
Me • Underground: member of the s0ftpj group, sikurezza.org italian mailing list, e-privacy and winston smith anonymous communities, and some advisories made for PIX firewalls • Work: CTO of a swiss privacy provider • Personally: love for anonymity research! 4
You • Who does personally require anonymity? • Who have ever used TOR? 5
Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 6
Anonymity 7
What’s anonymity • Anonymity is a state of not being identifiable within a set of subjects • Big difference between anonymity and confidentiality: • Identity protection • Location protection • Deniability of actions (w.r.t. identity) 8
What to protect? The sender/receiver anonymity issues • Who you are • Whom you communicate with • Where you are located • Where the recipient/ server is located Most of anon nets protects only the sender! Good anonymity requires mutual protection 9
Anonymity require cooperation • No organization would be ever able to stay anonymous by itself. • You can only get confidentiality yourself. • Anonymous network require cooperation 10
Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 11
Anonymity use and abuse 12
Personal use • Discussion of sensible issues • sexual attitude • religious belief / vision • political inquiries • Avoid tracking and profiling by isp’s / corporate / governments / google! 13
Corporate use • Business Intelligence activity • Stop competitive analysis (r&d, procurement) • Legal discussions • Communications from non democratic countries and war places • Journalist communications • Prevent price & information discrimination 14
Government use • Diplomatic communications • Where is the ambassador staying? • Anonymous requests by citizen to law enforcers • Criminal investigation • Oh... FBI is looking at my website!! • Stuff in the public interest... 15
Security Research USAGE • Security Researchers caught at security conferences • Dmitry Sklyarov @ Defcon • Stephen Rombom @ Hope • 20 September 2006: Tron @ Toorcon 8 • First conference over TOR! • Ventrilo (2k/s voice streaming) + VNC (5-10k/s video streaming) = Alan Bradley & Kevin Flynns talked securely away from the USA/DMCA risks 16
Abuse (why limits?!?) • Do only terrorists need anonymity? • Hotmail & drafts methods! • http://www.jihadwatch.org/archives/002871.php • Hey... also mafia, pedopornograph, cyber vandals use TOR! • So we should declare illegal internet, airplanes, child, knifes because it can be abused? • Adversaries are much less skilled than what we ever thought! 17
Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 18
Anonymous networks 19
There’s too much garbage! • There are tons of anonymous technologies out there: • Few projects got success • Few projects grow • Limitations are mainly related with: • Risk context to be managed • Deployment & usability 20
High latency • Good for store & forward action -> Email • Anonymous Remailers: • CypherPunk type I: old technology, old network) • Mixmaster type II: around 35 servers, very stable networks • Mixminion type III: experimental networks by freeheaven • Nym servers: old school -> anon.penet.fi / nym.alias.net • Those networks are not email systems: need true, traceable email systems 21
Low latency • Good for interactive action -> Web Browsing / Chat • Onion Routing -> The Onion Router (c) • The biggest anonymous network ever known • I2P (java) • Free mixnet • Fully distributed (p2p) • Variable latency trough I2P API • FreeNET (java) • P2P storage for mutual anonymous content publishing and access. Still too slow 22
Misc anon networks • AnoNET • Marabunta • Crowds • Morphmix • Invisible IRC • Tarzan • WASTE • AntsP2P • Entropy • .... • Mute • GNUnet • Winny • Mnet • Infrastructure for resilient internet systems • Rodi 23
Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 24
The Onion Router TOR 25
Who did make it? • USA Department of Defense • Electronic Frontier Foundation 26
Goals • Deployability for supporters and users • Flexibility of the protocols • Usability for the users • Simple design of architecture • Directory Servers - RendezVous Servers - Users - Tor Servers (Middleman / Exit node) 27
NOT Goals • Not peer to peer • Not secure against end-to-end attacks • No protocol normalization (Use privoxy!) • It’s filterable • Block http request for /tor/* (dir server) • It’s identifiable (TOR-bl, public list of nodes) 28
TOR network expansion last 24 months grow of tor routers http://www.noreply.org/tor-running-routers/totalLong.html 29
TOR network bandwidth last 24 months grow of tor bandwidth http://www.noreply.org/tor-running-routers/totalTrafficLong.html 30
Vidalia • http://vidalia-project.net • Status - Stop/Start - Map - Logos - Configuration - Help - Translations - Monitor 31
TOR tipical use • Protect only the identity & RECEIVER location of the sender accessing internet services INTERNET SENDER 32
A look at exit nodes traffic • Most http, messaging, pop3 • A lot of porn and googling! • Automated web attacks • Cinema like telnet! ;) • EVERY EXIT NODE CAN INTERCEPT NON ENCRYPTED TRAFFIC! • Paranoid but dumb: https://tor.unixgu.ru/ 33
Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 34
Anonymous internet backbone 35
Changing the rules • Consider the Internet as a generic transport media • TOR as an anonymous backbone • do you know MPLS? • Mutual anonymous protection • High performance anonymity • No more 3 trusted third party!!! 36
No more 3 trusted party • Protect the identity & location of the sender AND of the receiver (server) by accessing hidden services. INTERNET SENDER RECEIVER 37
Onion LAND • Hidden services are tcp redirects from the running tor client • Hidden services can be exposed behind NAT • Latency: • New connection: 80ms - 5 seconds • Established connection: 700ms - 2 seconds • .onion TLD for each registered service • No restriction policy as for Exit Node! 38
Usability issue • Make the .onion hostname easier • Hidden wiki http://6sxoyfb3h2nvok2d.onion • FreeNODE irc irc://mejokbp2brhw4omd.onion • Application level Internet redirection (not a good way!) • http://anon1.xxx.com -> 302 -> http://odkdokdod.onion • 2nd level TOR rendez vous services • Easy hidden url 39
service limits • High bandwidth services (video) • Frequent connections (p2p file sharing) • Low latency services (telephony) • Ok for Push To Talk • Serious troubles with full duplex! 40
Anonymous services • Develop an anonymous society • Start doing business with anonymous tools! • Promote Free and NON-Free anon services: • Email hosting • Server (physical or virtual) hosting: rayservers, me (free vps) • Internet reverse proxy services (easy migration) • es: http://serifos.eecs.harvard.edu/proxy/http://6sxoyfb3h2nvok2d.onion • Payment provider (egold exchanger, prepaid visa cards) 41
Thinking anon business • There are many business to be build around anonymous networks! • Main issues: availability(b2b) & payment(b2c) • Investing % of the income in the network would really improve availability • Anonymous VPNs • Anonymous Messaging 42
Anonymous VPNs (1) • VPNs are not so private (identity & location) High risk context VPNs are useful in business and personal use • The anonymous backbone is a nat proof transport media • Good for email, instant messaging, file services (better webdav with keepalive!) and http resources 43
Anonymous VPNs (2) • Example use: Journalism, Public safety, NAT bypass, non-democratic country branch ANON VPN Embassy in Ministry of foreign Interior country 44
Anonymous VPNs (3) • Place privacy enforcement on the firewalls! 45
Anonymous Messaging • Email messaging with anonymous network works really definitely well but... • No hidden diffused email messaging services • xrek (62 users) http://4nc7xi5usjq6z7bc.onion/ • Tormail down (onion.theme1.com) • TOR block outgoing SMTP (for spam)!!! 46
Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 47
Laissez Faire Island Project 48
Laissez Faire City • Do you remember Laissez Faire City? • In ’95 a group of cyber/economist fanatic created a new sovereign international cyber city • Developed a privacy infrastructure to allow individual to operate in the freedom of cyberspace outside the confines of the traditional nation-state • Declaration of the independence of CyberSpace • http://homes.eff.org/~barlow/Declaration-Final.html • A mix between crypto-anarchism and anarcho-capitalism 49
Laissez Faire City • Mailvault - www.mailvault.com - YodelBank - • DMT - Digital Monetary Trust • DMT ALTA - Asset Lodgement Trust Accounts • DMT LESE - Laissez-Faire Electronic Stock Exchange • ICA - International Contract Registration • http://ica.citystateinc.com/ • CEP - Common Economic Protocol • http://cep.metropipe.net/ 50
Laissez Faire Island • Laissez Faire Island aims to became a small piece of land in the sea of anonymity • We want to create and stimulate the creation of anonymous social environments • TOR gives us the chance to do that! • Laissez Faire Island is a baby! • We need a logo! 51
Laissez Faire Island • Laissez Faire Island require infrastructures! • Several islands are required to born before service network can be really effective! • We provide free virtual private server for anonymous services! • Get one and setup free a service! 52
LFI Architecture (1) • How to implement a Laissez Faire Island? • Be 100% sure that no one would be able to discover where it is! • Be 100% sure that incoming traffic follow a different path respect to outgoing traffic • Differentiate services and traffic routing! • Use virtualization technology (XEN) 53
LFI Architecture (2) TOR-IN TOR-OUT entry-node entry-node Internet GW + FIREWALL SERVER FARM TOR-IN TOR-OUT Virtual Servers DNS • Carefully select TOR-IN / TOR-OUT 54
LFI Architecture (3) • TOR CVS simplify the setup • TransPort 9040 + iptables/iproute2 • DNS servers • tor-dns-proxy.py (dugsong) • dns-proxy-tor (http://p56soo2ibjkx23xo.onion/) • Iptables / iproute2 for network policy/redir • Dynamic firewall script for tor-only traffic • Dmcrypt-luks for disk encryption 55
We want your island! • Setup your island! • Came with us! • Build a redundant and solid Anonymous Infrastructure! • Availability & distribution are key features! 56
Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 57
Laissez Faire Island Email Platform 58
An old need • Before spam, people thought anonymous email was a good idea: • David Chaum. “Untraceable electronic email, return address and digital pseudonyms”. Communications of the ACM, 1981 59
LFI MAIL GOAL • Provide anon email services through a network of redundant servers located in many islands of the sea of anonymity • Escape from the net: stay in the islands! • internal communication (simple) • external outbound communication (complex!) • external inbound communication (very complex!) 60
Escape from TOR • TOR exit nodes block outgoing SMTP but... • SMTPS (465/tcp) is allowed! • 19/35 Mixmaster anonymous remailer nodes support SMTPS ! • http://www.noreply.org/tls/ • We mix the best we can get from different anonymous networks! 61
LFI MAIL: anonymix! RECIPIENT MIXMASTER EMAIL SERVER NETWORK 5 CHAIN External outbound MIXMASTER SMTPS communications made easy & more paranoid! INTERNET TOR (OUT) TOR LFI MAIL (IN) SENDER LFI EMAIL USER 62
LFI MAIL sw • An email system quick to be setup) ( www.kolab.org ) • Mixmaster & smtp2mix • Horde Webmail (+mod_security +mod_chroot) • Simple signup system • Upcoming: automatic encryption (anubis) 63
Still no internet inbound • Having a unique inbound internet-to-TOR gateway would expose the system to interception • Inbound connection would require an high number of information nodes around the world giving their IP • Idea! Ask TOR-ops/Mixmaster-ops to redirect 25/TCP port to the network of islands! • DNS MX Record: 900 results around the 64
future useful ideas • Old school shell server • Conference streaming platform • Proxy middleware to avoid tor exit issues • Free “Exit Node” pcap dump for all! • TOR development • Hidden Service Round Robin • Easy 2nd level rendez vous services 65
Questions? • Contribute and share your passion! • wiki http://vbp22opdeypalsic.onion • naif@vbp22opdeypalsic.onion (beta LFI mail) • Internet: naif@s0ftpj.org • Get TOR! http://vidalia-project.org 66

Empfohlen

Dark net
Dark netDark net
Dark netMudasser Afzal
 
Darknet
DarknetDarknet
DarknetShubham Dwivedi
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
The Dark Net
The Dark NetThe Dark Net
The Dark NetPaige Rasid
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Dark web
Dark webDark web
Dark webaakshidhingra
 
Tor, Darknet, And Hidden Sites
Tor, Darknet, And Hidden SitesTor, Darknet, And Hidden Sites
Tor, Darknet, And Hidden Sitesagora_url
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 

Empfohlen

Dark net
Dark netDark net
Dark netMudasser Afzal
 
Darknet
DarknetDarknet
DarknetShubham Dwivedi
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
The Dark Net
The Dark NetThe Dark Net
The Dark NetPaige Rasid
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Dark web
Dark webDark web
Dark webaakshidhingra
 
Tor, Darknet, And Hidden Sites
Tor, Darknet, And Hidden SitesTor, Darknet, And Hidden Sites
Tor, Darknet, And Hidden Sitesagora_url
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniPraneshKulkarni22
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web Murray Security Services
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Anshu Prateek
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*PeterNBiddle
 
Darknet
DarknetDarknet
Darknetinnabiii
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet EmergesAndrew Delamarter
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Darknet
DarknetDarknet
DarknetRafel Ivgi
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th... Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...i_scienceEU
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Deep web
Deep webDeep web
Deep webAbu Kaisar
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
 
CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tipspgmaynard
 
Presentation darknet
Presentation darknetPresentation darknet
Presentation darknetDvir Barel
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark WebSwecha | స్వేచ్ఛ
 
Darknet
DarknetDarknet
DarknetMatthew Kwong
 
History of Old School Hacking
History of Old School HackingHistory of Old School Hacking
History of Old School HackingMatt Harasymczuk
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec) Bradley W. Deacon
 
Brain gate ppt prem (5010)
Brain gate ppt prem (5010)Brain gate ppt prem (5010)
Brain gate ppt prem (5010)Pothapragada Harsha
 
E ball pc technology & space mouse
E ball pc technology & space mouseE ball pc technology & space mouse
E ball pc technology & space mouseindrathakur001
 

Weitere ähnliche Inhalte

Was ist angesagt?

Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Anshu Prateek
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*PeterNBiddle
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th... Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...i_scienceEU
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tipspgmaynard
 
Presentation darknet
Presentation darknetPresentation darknet
Presentation darknetDvir Barel
 
History of Old School Hacking
History of Old School HackingHistory of Old School Hacking
History of Old School HackingMatt Harasymczuk
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 

Was ist angesagt? (20)

ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
The Darknet and the Future of Everything*
The Darknet and the Future of Everything*The Darknet and the Future of Everything*
The Darknet and the Future of Everything*
 
Darknet
DarknetDarknet
Darknet
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet Emerges
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
Darknet
DarknetDarknet
Darknet
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th... Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Deep web
Deep webDeep web
Deep web
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
 
CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips
 
Presentation darknet
Presentation darknetPresentation darknet
Presentation darknet
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
Darknet
DarknetDarknet
Darknet
 
History of Old School Hacking
History of Old School HackingHistory of Old School Hacking
History of Old School Hacking
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
 
Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec)
 

Andere mochten auch

E ball pc technology & space mouse
E ball pc technology & space mouseE ball pc technology & space mouse
E ball pc technology & space mouseindrathakur001
 
Quantum computer
Quantum computerQuantum computer
Quantum computerNikhil Eg
 
Wireless usb ppt
Wireless usb pptWireless usb ppt
Wireless usb pptrajveer007
 
Sniffer for detecting lost mobile ppt
Sniffer for detecting lost mobile pptSniffer for detecting lost mobile ppt
Sniffer for detecting lost mobile pptasmita tarar
 
Linux ppt
Linux pptLinux ppt
Linux pptlincy21
 
Linux.ppt
Linux.ppt Linux.ppt
Linux.ppt onu9
 

Andere mochten auch (11)

Brain gate ppt prem (5010)
Brain gate ppt prem (5010)Brain gate ppt prem (5010)
Brain gate ppt prem (5010)
 
E ball pc technology & space mouse
E ball pc technology & space mouseE ball pc technology & space mouse
E ball pc technology & space mouse
 
Quantum computer
Quantum computerQuantum computer
Quantum computer
 
Quantum computer
Quantum computerQuantum computer
Quantum computer
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Wireless usb ppt
Wireless usb pptWireless usb ppt
Wireless usb ppt
 
Sniffer for detecting lost mobile ppt
Sniffer for detecting lost mobile pptSniffer for detecting lost mobile ppt
Sniffer for detecting lost mobile ppt
 
Quantum computer ppt
Quantum computer pptQuantum computer ppt
Quantum computer ppt
 
seminar on invisible eye
seminar on invisible eyeseminar on invisible eye
seminar on invisible eye
 
Linux ppt
Linux pptLinux ppt
Linux ppt
 
Linux.ppt
Linux.ppt Linux.ppt
Linux.ppt
 

Ähnlich wie 2006: Hack.lu Luxembourg 2006: Anonymous Communication

The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) WebJeroen Baert
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark WebTom Kranz
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504 Prashant Rana
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Darknet (roxas, juan raveeno s) powerpoint file
Darknet (roxas, juan raveeno s) powerpoint fileDarknet (roxas, juan raveeno s) powerpoint file
Darknet (roxas, juan raveeno s) powerpoint fileraevenroxas
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 
Anon p2p slides
Anon p2p slidesAnon p2p slides
Anon p2p slideschintaan
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network torKhaled Mosharraf
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routerJapneet Singh
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
I2P (Invisible Internet Project)
I2P (Invisible Internet Project)I2P (Invisible Internet Project)
I2P (Invisible Internet Project)Shail Shah
 
2008 07-17-nnedv-presentation
2008 07-17-nnedv-presentation2008 07-17-nnedv-presentation
2008 07-17-nnedv-presentationAndrew Lewman
 
Dark Web Presentation.pptx
Dark Web Presentation.pptxDark Web Presentation.pptx
Dark Web Presentation.pptxAbhinavRaj219245
 

Ähnlich wie 2006: Hack.lu Luxembourg 2006: Anonymous Communication (20)

Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) Web
 
Demystifying the Dark Web
Demystifying the Dark WebDemystifying the Dark Web
Demystifying the Dark Web
 
Dark Net
Dark NetDark Net
Dark Net
 
Dark web
Dark webDark web
Dark web
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Dark net (escalona)
Dark net (escalona)Dark net (escalona)
Dark net (escalona)
 
Darknet (roxas, juan raveeno s) powerpoint file
Darknet (roxas, juan raveeno s) powerpoint fileDarknet (roxas, juan raveeno s) powerpoint file
Darknet (roxas, juan raveeno s) powerpoint file
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Anon p2p slides
Anon p2p slidesAnon p2p slides
Anon p2p slides
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network tor
 
Anonymity Network TOR
Anonymity Network TOR Anonymity Network TOR
Anonymity Network TOR
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
I2P (Invisible Internet Project)
I2P (Invisible Internet Project)I2P (Invisible Internet Project)
I2P (Invisible Internet Project)
 
2008 07-17-nnedv-presentation
2008 07-17-nnedv-presentation2008 07-17-nnedv-presentation
2008 07-17-nnedv-presentation
 
Dark Web Presentation.pptx
Dark Web Presentation.pptxDark Web Presentation.pptx
Dark Web Presentation.pptx
 

Mehr von Fabio Pietrosanti

Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol reviewFabio Pietrosanti
 
Voice communication security
Voice communication securityVoice communication security
Voice communication securityFabio Pietrosanti
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
 
2003 CNR Security Task Force: Wireless (In)security
2003 CNR Security Task Force: Wireless (In)security2003 CNR Security Task Force: Wireless (In)security
2003 CNR Security Task Force: Wireless (In)securityFabio Pietrosanti
 
2007: Infosecurity Italy: Voice Privacy Security (flash talk)
2007: Infosecurity Italy: Voice Privacy Security (flash talk)2007: Infosecurity Italy: Voice Privacy Security (flash talk)
2007: Infosecurity Italy: Voice Privacy Security (flash talk)Fabio Pietrosanti
 
2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...
2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...
2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...Fabio Pietrosanti
 
2005: E-privacy 2005: Pgp Luci E Ombre
2005: E-privacy 2005: Pgp Luci E Ombre2005: E-privacy 2005: Pgp Luci E Ombre
2005: E-privacy 2005: Pgp Luci E OmbreFabio Pietrosanti
 
2004: Webbit Padova 04: Presentazione Sikurezza.Org
2004: Webbit Padova 04: Presentazione Sikurezza.Org2004: Webbit Padova 04: Presentazione Sikurezza.Org
2004: Webbit Padova 04: Presentazione Sikurezza.OrgFabio Pietrosanti
 
2002: SMAU ITBH: Wireless (in)security
2002: SMAU ITBH: Wireless (in)security2002: SMAU ITBH: Wireless (in)security
2002: SMAU ITBH: Wireless (in)securityFabio Pietrosanti
 
2004: Webbit Padova 04: Wireless (in)security
2004: Webbit Padova 04: Wireless (in)security2004: Webbit Padova 04: Wireless (in)security
2004: Webbit Padova 04: Wireless (in)securityFabio Pietrosanti
 

Mehr von Fabio Pietrosanti (12)

Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol review
 
Voice communication security
Voice communication securityVoice communication security
Voice communication security
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)
 
2003 CNR Security Task Force: Wireless (In)security
2003 CNR Security Task Force: Wireless (In)security2003 CNR Security Task Force: Wireless (In)security
2003 CNR Security Task Force: Wireless (In)security
 
2007: Infosecurity Italy: Voice Privacy Security (flash talk)
2007: Infosecurity Italy: Voice Privacy Security (flash talk)2007: Infosecurity Italy: Voice Privacy Security (flash talk)
2007: Infosecurity Italy: Voice Privacy Security (flash talk)
 
2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...
2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...
2006: Infosecurity Italy: Tecnologie di Firma Digitale e Tutela della Riserva...
 
2005: E-privacy 2005: Pgp Luci E Ombre
2005: E-privacy 2005: Pgp Luci E Ombre2005: E-privacy 2005: Pgp Luci E Ombre
2005: E-privacy 2005: Pgp Luci E Ombre
 
2004: Webbit Padova 04: Presentazione Sikurezza.Org
2004: Webbit Padova 04: Presentazione Sikurezza.Org2004: Webbit Padova 04: Presentazione Sikurezza.Org
2004: Webbit Padova 04: Presentazione Sikurezza.Org
 
2002: SMAU ITBH: Wireless (in)security
2002: SMAU ITBH: Wireless (in)security2002: SMAU ITBH: Wireless (in)security
2002: SMAU ITBH: Wireless (in)security
 
2004: Webbit Padova 04: Wireless (in)security
2004: Webbit Padova 04: Wireless (in)security2004: Webbit Padova 04: Wireless (in)security
2004: Webbit Padova 04: Wireless (in)security
 

Kürzlich hochgeladen

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

2006: Hack.lu Luxembourg 2006: Anonymous Communication

  • 1. Exploiting hidden services to setup anonymous communication infrastructures 21 October 2006 Fabio Pietrosanti Luxembourg naif at s0ftpj.org
  • 2. My goals • Explain anonymity concept and different networks • Explain the potential of exploiting anonymous networks in a different way • Present the Laissez Faire Island Project and get interests and contributors • Discuss on how to support the growth of anonymous communication systems with an a-commerce market 2
  • 3. What’s this talk not about? • Not go deeper in the technical details of anonymous protocols • Do not make any promotion of commercial tools 3
  • 4. Me • Underground: member of the s0ftpj group, sikurezza.org italian mailing list, e-privacy and winston smith anonymous communities, and some advisories made for PIX firewalls • Work: CTO of a swiss privacy provider • Personally: love for anonymity research! 4
  • 5. You • Who does personally require anonymity? • Who have ever used TOR? 5
  • 6. Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 6
  • 8. What’s anonymity • Anonymity is a state of not being identifiable within a set of subjects • Big difference between anonymity and confidentiality: • Identity protection • Location protection • Deniability of actions (w.r.t. identity) 8
  • 9. What to protect? The sender/receiver anonymity issues • Who you are • Whom you communicate with • Where you are located • Where the recipient/ server is located Most of anon nets protects only the sender! Good anonymity requires mutual protection 9
  • 10. Anonymity require cooperation • No organization would be ever able to stay anonymous by itself. • You can only get confidentiality yourself. • Anonymous network require cooperation 10
  • 11. Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 11
  • 12. Anonymity use and abuse 12
  • 13. Personal use • Discussion of sensible issues • sexual attitude • religious belief / vision • political inquiries • Avoid tracking and profiling by isp’s / corporate / governments / google! 13
  • 14. Corporate use • Business Intelligence activity • Stop competitive analysis (r&d, procurement) • Legal discussions • Communications from non democratic countries and war places • Journalist communications • Prevent price & information discrimination 14
  • 15. Government use • Diplomatic communications • Where is the ambassador staying? • Anonymous requests by citizen to law enforcers • Criminal investigation • Oh... FBI is looking at my website!! • Stuff in the public interest... 15
  • 16. Security Research USAGE • Security Researchers caught at security conferences • Dmitry Sklyarov @ Defcon • Stephen Rombom @ Hope • 20 September 2006: Tron @ Toorcon 8 • First conference over TOR! • Ventrilo (2k/s voice streaming) + VNC (5-10k/s video streaming) = Alan Bradley & Kevin Flynns talked securely away from the USA/DMCA risks 16
  • 17. Abuse (why limits?!?) • Do only terrorists need anonymity? • Hotmail & drafts methods! • http://www.jihadwatch.org/archives/002871.php • Hey... also mafia, pedopornograph, cyber vandals use TOR! • So we should declare illegal internet, airplanes, child, knifes because it can be abused? • Adversaries are much less skilled than what we ever thought! 17
  • 18. Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 18
  • 20. There’s too much garbage! • There are tons of anonymous technologies out there: • Few projects got success • Few projects grow • Limitations are mainly related with: • Risk context to be managed • Deployment & usability 20
  • 21. High latency • Good for store & forward action -> Email • Anonymous Remailers: • CypherPunk type I: old technology, old network) • Mixmaster type II: around 35 servers, very stable networks • Mixminion type III: experimental networks by freeheaven • Nym servers: old school -> anon.penet.fi / nym.alias.net • Those networks are not email systems: need true, traceable email systems 21
  • 22. Low latency • Good for interactive action -> Web Browsing / Chat • Onion Routing -> The Onion Router (c) • The biggest anonymous network ever known • I2P (java) • Free mixnet • Fully distributed (p2p) • Variable latency trough I2P API • FreeNET (java) • P2P storage for mutual anonymous content publishing and access. Still too slow 22
  • 23. Misc anon networks • AnoNET • Marabunta • Crowds • Morphmix • Invisible IRC • Tarzan • WASTE • AntsP2P • Entropy • .... • Mute • GNUnet • Winny • Mnet • Infrastructure for resilient internet systems • Rodi 23
  • 24. Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 24
  • 26. Who did make it? • USA Department of Defense • Electronic Frontier Foundation 26
  • 27. Goals • Deployability for supporters and users • Flexibility of the protocols • Usability for the users • Simple design of architecture • Directory Servers - RendezVous Servers - Users - Tor Servers (Middleman / Exit node) 27
  • 28. NOT Goals • Not peer to peer • Not secure against end-to-end attacks • No protocol normalization (Use privoxy!) • It’s filterable • Block http request for /tor/* (dir server) • It’s identifiable (TOR-bl, public list of nodes) 28
  • 29. TOR network expansion last 24 months grow of tor routers http://www.noreply.org/tor-running-routers/totalLong.html 29
  • 30. TOR network bandwidth last 24 months grow of tor bandwidth http://www.noreply.org/tor-running-routers/totalTrafficLong.html 30
  • 31. Vidalia • http://vidalia-project.net • Status - Stop/Start - Map - Logos - Configuration - Help - Translations - Monitor 31
  • 32. TOR tipical use • Protect only the identity & RECEIVER location of the sender accessing internet services INTERNET SENDER 32
  • 33. A look at exit nodes traffic • Most http, messaging, pop3 • A lot of porn and googling! • Automated web attacks • Cinema like telnet! ;) • EVERY EXIT NODE CAN INTERCEPT NON ENCRYPTED TRAFFIC! • Paranoid but dumb: https://tor.unixgu.ru/ 33
  • 34. Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 34
  • 35. Anonymous internet backbone 35
  • 36. Changing the rules • Consider the Internet as a generic transport media • TOR as an anonymous backbone • do you know MPLS? • Mutual anonymous protection • High performance anonymity • No more 3 trusted third party!!! 36
  • 37. No more 3 trusted party • Protect the identity & location of the sender AND of the receiver (server) by accessing hidden services. INTERNET SENDER RECEIVER 37
  • 38. Onion LAND • Hidden services are tcp redirects from the running tor client • Hidden services can be exposed behind NAT • Latency: • New connection: 80ms - 5 seconds • Established connection: 700ms - 2 seconds • .onion TLD for each registered service • No restriction policy as for Exit Node! 38
  • 39. Usability issue • Make the .onion hostname easier • Hidden wiki http://6sxoyfb3h2nvok2d.onion • FreeNODE irc irc://mejokbp2brhw4omd.onion • Application level Internet redirection (not a good way!) • http://anon1.xxx.com -> 302 -> http://odkdokdod.onion • 2nd level TOR rendez vous services • Easy hidden url 39
  • 40. service limits • High bandwidth services (video) • Frequent connections (p2p file sharing) • Low latency services (telephony) • Ok for Push To Talk • Serious troubles with full duplex! 40
  • 41. Anonymous services • Develop an anonymous society • Start doing business with anonymous tools! • Promote Free and NON-Free anon services: • Email hosting • Server (physical or virtual) hosting: rayservers, me (free vps) • Internet reverse proxy services (easy migration) • es: http://serifos.eecs.harvard.edu/proxy/http://6sxoyfb3h2nvok2d.onion • Payment provider (egold exchanger, prepaid visa cards) 41
  • 42. Thinking anon business • There are many business to be build around anonymous networks! • Main issues: availability(b2b) & payment(b2c) • Investing % of the income in the network would really improve availability • Anonymous VPNs • Anonymous Messaging 42
  • 43. Anonymous VPNs (1) • VPNs are not so private (identity & location) High risk context VPNs are useful in business and personal use • The anonymous backbone is a nat proof transport media • Good for email, instant messaging, file services (better webdav with keepalive!) and http resources 43
  • 44. Anonymous VPNs (2) • Example use: Journalism, Public safety, NAT bypass, non-democratic country branch ANON VPN Embassy in Ministry of foreign Interior country 44
  • 45. Anonymous VPNs (3) • Place privacy enforcement on the firewalls! 45
  • 46. Anonymous Messaging • Email messaging with anonymous network works really definitely well but... • No hidden diffused email messaging services • xrek (62 users) http://4nc7xi5usjq6z7bc.onion/ • Tormail down (onion.theme1.com) • TOR block outgoing SMTP (for spam)!!! 46
  • 47. Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 47
  • 48. Laissez Faire Island Project 48
  • 49. Laissez Faire City • Do you remember Laissez Faire City? • In ’95 a group of cyber/economist fanatic created a new sovereign international cyber city • Developed a privacy infrastructure to allow individual to operate in the freedom of cyberspace outside the confines of the traditional nation-state • Declaration of the independence of CyberSpace • http://homes.eff.org/~barlow/Declaration-Final.html • A mix between crypto-anarchism and anarcho-capitalism 49
  • 50. Laissez Faire City • Mailvault - www.mailvault.com - YodelBank - • DMT - Digital Monetary Trust • DMT ALTA - Asset Lodgement Trust Accounts • DMT LESE - Laissez-Faire Electronic Stock Exchange • ICA - International Contract Registration • http://ica.citystateinc.com/ • CEP - Common Economic Protocol • http://cep.metropipe.net/ 50
  • 51. Laissez Faire Island • Laissez Faire Island aims to became a small piece of land in the sea of anonymity • We want to create and stimulate the creation of anonymous social environments • TOR gives us the chance to do that! • Laissez Faire Island is a baby! • We need a logo! 51
  • 52. Laissez Faire Island • Laissez Faire Island require infrastructures! • Several islands are required to born before service network can be really effective! • We provide free virtual private server for anonymous services! • Get one and setup free a service! 52
  • 53. LFI Architecture (1) • How to implement a Laissez Faire Island? • Be 100% sure that no one would be able to discover where it is! • Be 100% sure that incoming traffic follow a different path respect to outgoing traffic • Differentiate services and traffic routing! • Use virtualization technology (XEN) 53
  • 54. LFI Architecture (2) TOR-IN TOR-OUT entry-node entry-node Internet GW + FIREWALL SERVER FARM TOR-IN TOR-OUT Virtual Servers DNS • Carefully select TOR-IN / TOR-OUT 54
  • 55. LFI Architecture (3) • TOR CVS simplify the setup • TransPort 9040 + iptables/iproute2 • DNS servers • tor-dns-proxy.py (dugsong) • dns-proxy-tor (http://p56soo2ibjkx23xo.onion/) • Iptables / iproute2 for network policy/redir • Dynamic firewall script for tor-only traffic • Dmcrypt-luks for disk encryption 55
  • 56. We want your island! • Setup your island! • Came with us! • Build a redundant and solid Anonymous Infrastructure! • Availability & distribution are key features! 56
  • 57. Agenda • Anonymity • Anonymity use and abuse • Anonymous Networks • TOR - The Onion Router • Anonymous Backbone Concept • Laissez Faire Island Project • LFI MAIL: unconventional approach to anonymous email 57
  • 58. Laissez Faire Island Email Platform 58
  • 59. An old need • Before spam, people thought anonymous email was a good idea: • David Chaum. “Untraceable electronic email, return address and digital pseudonyms”. Communications of the ACM, 1981 59
  • 60. LFI MAIL GOAL • Provide anon email services through a network of redundant servers located in many islands of the sea of anonymity • Escape from the net: stay in the islands! • internal communication (simple) • external outbound communication (complex!) • external inbound communication (very complex!) 60
  • 61. Escape from TOR • TOR exit nodes block outgoing SMTP but... • SMTPS (465/tcp) is allowed! • 19/35 Mixmaster anonymous remailer nodes support SMTPS ! • http://www.noreply.org/tls/ • We mix the best we can get from different anonymous networks! 61
  • 62. LFI MAIL: anonymix! RECIPIENT MIXMASTER EMAIL SERVER NETWORK 5 CHAIN External outbound MIXMASTER SMTPS communications made easy & more paranoid! INTERNET TOR (OUT) TOR LFI MAIL (IN) SENDER LFI EMAIL USER 62
  • 63. LFI MAIL sw • An email system quick to be setup) ( www.kolab.org ) • Mixmaster & smtp2mix • Horde Webmail (+mod_security +mod_chroot) • Simple signup system • Upcoming: automatic encryption (anubis) 63
  • 64. Still no internet inbound • Having a unique inbound internet-to-TOR gateway would expose the system to interception • Inbound connection would require an high number of information nodes around the world giving their IP • Idea! Ask TOR-ops/Mixmaster-ops to redirect 25/TCP port to the network of islands! • DNS MX Record: 900 results around the 64
  • 65. future useful ideas • Old school shell server • Conference streaming platform • Proxy middleware to avoid tor exit issues • Free “Exit Node” pcap dump for all! • TOR development • Hidden Service Round Robin • Easy 2nd level rendez vous services 65
  • 66. Questions? • Contribute and share your passion! • wiki http://vbp22opdeypalsic.onion • naif@vbp22opdeypalsic.onion (beta LFI mail) • Internet: naif@s0ftpj.org • Get TOR! http://vidalia-project.org 66