Christian Brüffer – FreeBSD, Protecting Privacy with Tor

Christian Brüffer – FreeBSD, Protecting Privacy with Tor


Fortunately my slide will be centered, because
I’ll have to change resolutions. I think this works out… And, it’s about protecting your privacy with FreeBSD and Tor and, uh… Privacy. What I mean here is mostly anonymity but there are some other aspects that I’ll talk about later uh, so… I want to first talk about who needs anonimity anyway Is it just for criminals or some other bad guys, right? After this anonymization concepts, then Tor. Tor’s a, well, a tool to, uh… anonymize you on the Web. Then I’ll talk about what
FreeBSD can do with it and what else you have to take care of when you want to be anonymous on the Web or the Internet And uh, if time permits I’d like to do a little demonstration Ok, so who needs anonymity anyway? Anonymity is a pretty vast interest to most people but it’s really important for journalists… There was a case in, uh, Thailand last year when the military coup was going on and the journalists in Thailand couldn’t really uh Journalists couldn’t really, uh get the information they needed to do their work Also, uh, informants whistleblowers… people who want to tell you about corruption going on in governments and companies and don’t want to lose their job for it… Dissidents Uh, best case when in Myanmar last few weeks ago When the all the Buddhists monks were going to the streets and uh, the Internet was heavily censored It was really dangerous to do anything on the Internet So, so umm socialy sensitive information, like when you want to uh, when you were abused and want to talk to other people about it you don’t… naturally you don’t want other people to
know who you are as it will be very embarrassing Also Law Enforcement, ah for example, uh, when you want to set up a an anonymous tipline for crime reporting And uh, also companies that want to, uh research competition, as one case that, uh that a company went to check the, uh website competition and they noticed when they used Tor that, uh, they were actually getting a different website
when they uh, were coming from the corporate LAN than anyone else was getting, so ah, it’s a good way to, uh, check out… competition like this Also military actually military was one of the, uh original driving forces behind the anonymization research. And maybe you may have heard of the European Union Data Retention Directive? Where, umm collection data gets stored six to twenty-four months? Depends on the limitation
on the different nations Two weeks back this was, uh, the law was passed in Germany So, uh from first January on, every connection, phone connection, SMS, IP connections, email, or the dial-in data needs to be stored by providers for six months And, uh, sooner or later it’s going to be in Poland as well [talking] Well, you’re part of the Euro Union now, so ah, welcome! Okay, uh that’s a Maybe you want to hide what interests you have and uh,
who you talk to, I mean uh, like all of you know the Internet isn’t very secure in the first place so your ISP can see who you’re
talking to if they bother to find out Yeah, and also criminals, but they already do illegal stuff and they
don’t care about doing more illegal stuff to stay anonymous, right? They can
steal people’s identities, they can rent botnets or
create them in the first place and uh, or just crack one of the thousands of Windows computers online,
no big deal So, uh Criminals already do this and uh, the normal citizens can’t do this so… So all the groups that need anonymization are very different, but they all have the same goal, and uh that’s also one of the key concepts of anonymization you can’t really stay anonymous on your own you need the help of more people and uh, the more diverse the group that needs anonymity, the better Ok, so on to talking about two anonymization concepts Proxy? Everyone here probably knows how a proxy works, LANs connect to the proxy and request a website or whatever and the proxy just passes it on and pass through Proxys are fast and simple but it’s really a single point of
failure, like uh, when law enforcement or anyone else wants to
uh, know who you’re talking to they just get a subpoena or break into the computer room or whatever It’s pretty easy Second anonymization concept is MIX, it’s really old from nineteen eighty one So you can see, uh, how long the research in this area is going on The MIX is kind of similar to a proxy Like, trying to connect to it to send the messages and the MIX collects them and coalesces them Like, it puts them all into coming sites and uhm, you see here it shuffles them. It waits until there’s enough data in it and just shuffles them and sends them back out so um, this is to protect against correlation attacks. But second in… Oh yeah, and when you actually put several MIXes uh behind them; it’s a MIX cascade and uh, between mixes is also encryption going on, uh, the first or the client which you could see here if the slides would be centered, uh, what else gets the public keys of all the mixes and encrypts the message first for each of them and each mix removes one encryption layer and uh, the last one actually passes on the message unencrypted and uhm, loop back backwards the same So, as you can probably imagine, if you wait until you have enough messages, ah, and all
public key encryption is going pretty slow and uh, this concept is mostly used for remailers like MixMinion, for example uh where it’s not really a possib… um it’s not really important if the message is a couple of seconds late or something, but it’s not really great for uh, for low latency connections, like web routing for example but what’s good about it it’s uh distributed trust uh, just one these MIXes has to be secure to actually anonymize the whole connection so it’s slow but it’s distributed trust, which is good. So, I want to introduce Tor Tor stands for The Onion Router. It’s a concept that is actually built on both these concepts MIXes and proxies. It’s a TCP-Overlay network, that means you can, uh channel any TCP connection through it theoretically Uh, theoretically I will explain a couple of slides later It provides a SOCKS interface so you don’t need any uh, special application proxies like any application that uses
SOCKS interface can just talk to Tor and it’s available on, um, all major platforms What is uh, especially important it’s available in Windows Because, uhm, like I said earlier once you want a really diverse, really diverse group of users so you actually need uh, the normal user not just geeks. Um, well it aims to uhm combine the positive attributes of proxies and MIXes Like, proxies are fast, but seem prone to failure and MIXes distributed trust, you want to combine them so uh Fast, uh, Tor uses not only public key encryption but also session keys so it’s symmetrically encrypted. So uh all the connection set up is this public key so you just, uh authentication and stuff And uh, the actual communication that’s going on later
is always symmetrically encrypted And uh, so it’s also TCP multiplexing so you can run several TCP connections through one virtual Tor connection. And the design goals are yeah deployability like dums want the user to actually have to patch his PC off the Operating System or something just be in a… workable state really fast. Um, usability, so you get the uh, normal users not just the geeks. Flexibility, uhm it’s aimed to enable more research in this whole area. So, uh the protocol Tor users should be really flexible And uh, for simplicity it’s a security application and well complexity doesn’t play well with uh, security So, this uh, it’s how Tor works, more or less Dave is uh, a directory server, it uh, caches information about the network state and uh, which Tor servers are available in the network and uh Alice downloads this whole list from Dave you see the Tor nodes with the plus here? Through this random tree of service when she wants to talk to Jane for example The first one is the entry node, middleman nodes, and the
uh exit nodes, I will leave these for later uh, so this Alice talks to the entry node there’s a connection that is going on and is public key
encrypted and they establish a session key and same thing goes on between these two and these two so they can communicate
later on What’s really important here is the last connection here is actually unencrypted. I will talk about it later So it has to be unencrypted so you can actually get your request through This is a virtual circuit that gets established and uh every, every ten minutes a new circuit is built when a new website, when a new request comes through, so uh this one stays, all these connections above stay in this circuit and after ten when after ten minutes, ah Alice wants to talk to Jane, a new circuit is built and uh, this is important to get strong anonymity in case one connection is compromised, for example. And these ten minutes are really an arbitrary value, you can choose anything you have to do the research which value is best and so ten minutes is compromised. With Tor you get exit policies, this is important for the exit node the one which actually sends the uh, original request to the destination server and huh you can control which TCP connections you want to allow from your own node if you want As default policy which uh blocks SMTP and NNTP to prevent uh spamming and all stuff but you can actually allow SMTP if you want and there’s some other ports blocked but the rest of it works so HTTP SSH all the important stuff that you would want to anonymize just works and uh, if you uh this is important for uh, if you want to run you own node, uh waht kind of node you actually want to run if you look at the picture, uh earlier there’s these three different nodes: entry node,
middleman node, and exit node and uh, which node you want to run depends on how many problems you want afterwards I will talk about it later uh this one, the exit node actually forwards the uh, requested date, uh depends upon what what the user actually uh wants, that’s if the user uh Alice in this case uh insults someone out on a web forum, then uh the uh administrator of the forum will see the IP address of the exit node in his logs and not the one of Alice so uh he’s going to have the problems later on so I will talk about it later but you have to keep this in mind And uh, keep up everything and uh we can play the role of
entry nodes and middleman nodes which is also important Special feature of Tor are hidden services these are services which can be accessed without having the IP address of them so uh you can’t really find them physically So if you want to run a hidden service you can do it from anywhere You can even do it from inside this private network here You can set up a service and everyone in the outside world
can actually access it even if you don’t have the rights to do port forwarding or something uh, this is really important to, uh resist Denial of Service, for example Because every uh, every client that wants to access the service uh, gets a different route in the network and uh, it’s hard to actually uh DOS it. And it’s also important to resist censorship And the addresses look like this: it’s really a hash of a public key and each hidden service is actually, well, identified by a public key This how it works, uhm, yet Alice the client and the hidden server, Bob. And if Bob wants to, uh, wants to set up a service, he chooses three introduction points out of the whole mass of Tor servers. And Bob has the public key to identify the service,
and uh he sends this public key and the list of three introduction
points to the directory server. Now Alice wants to uh, connect to Bob, the first the first thing she does is download this this list with the introduction points and the uh public key from the directory server. After that, uh she chooses one of the uh introduction points and uh, posts a circle rendesvouz cookie there. A piece of
data so uh, she can, uh identify herself and uh, she also gives the introduction point the address of her random rendesvouz point that
Alice has chosen so what happens then is uh, Bob notices that uh, some data has been stored in the introduction point and Alice and Bob uh, make a rendesvouz point, and Bob uses this, this uh rendesvouz cookie to actually identify himself on the rendesvouz point and after that all the connection of data runs through this rendesvouz point. uh, if time permits I’ll actually uh, set up a rendesvouz a hidden service here so you can actually see how it works I’ll also demonstrate Tor, like I said uh, there’s some legal issues to be uhm recognized, uh. As you can imagine, Tor may be
forbidden in some countries; especially totalitarian countries which censor the Internet anyway and uh, you may get into trouble for using Tor practically, anyone knows this there can be crytpo restrictions for example Great Britain, the uh RIPA act, I’m not even sure what it stands for but basically says that uh, if the government wants, then you have to give up your crypto keys so they can decrypt it later and uh, yeah, it’s not really great and actually last week was the first case when this was actually used in Great Britain Uh, there can be special laws like in Germany sort of like a hacker paragraph It’s just a nickname, it has some cryptic legal name uh, in reality and it says that uh you’re liable if you, uh, if you give people access to tools that they can use to uh, well, to do illegal stuff. More or less. It’s really uh, not concrete and no one really… it could uh, it could restrict anything. From a map to a to God know what Network tools. and uh But it was actually, it was actually passed so no one
really knows what’s the, uhm what’s really restrict by it. So Tor could be restricted by it, because it could really enable people to do
illegal stuff, but no one really knows and uh, the biggest Tor problem is that, uh when uh, when it actually gets sent to a Tor network the uh, the IP address that gets sent well that’s what the destination server actually sees is one of the exit nodes. So when, uh when a client actually causes trouble, then the one that gets into trouble is the exit nodes provider. And uh, so stuff that gets done for torment purpose like sending ransom mails or uh, distributing illegal stuff and it, this all happened and, if you are unlucky as an exit node operator your server gets seized or something and uh, that’s random stuff that can happen So uh, as an exit nodes provider you can get letters from Law Enforcement agencies, and uh What are you doing there? Maybe some illegal stuff? And you have to explain to them that you are providing Tor server and it wasn’t you and stuff. For example the FBI in America actually knows what you’re talking about when you tell them that you’re using Tor… so, uh they won’t bother. But in Germany the uh, Law Enforcement agencies, actually are, so so depends on what kind of guy you’re actually talking to So what’s… What kind of role plays FreeBSD here? uh, FreeBSD is really well suited as a Tor node, uh when you’re operating the client you just want to use the
network, uh it doesn’t matter what kind of system you use and it shouldn’t matter This is one of the, uh like I said earlier one of the design criteria of Tor so it doesn’t matter if you’re using Windows or FreeBSD. But if you’re using the Tor as actually uh, the security of others depends on your node and uh, when you’re operating a node is important to have Operational Security and Jails are really great for this, so you can run a Tor server in Jail. It’s also Disk and Swap encryption which is important, especialy the swap encryption. And uh, there’s also audit and the MAC framework when you want to run your installation What’s also nice, Tor servers do a lot of public key encryption and it’s pretty slow so it’s great to have hardware acceleration for this. And uh, probably the biggest feature: Well maintained Tor-related ports. There is the main port, security/Tor Which is a client and server if you want to run a network node, or just a client. There’s tor-devel and these are really up to date, uhm Tor development happens really fast and the ports get updated pretty soon after a release is made. There’s Privoxy, which is an uhm web proxy and uhm,
we’ll use it later when we do the demonstration And there’s net management Vidalia which is a
graphical frontend also for Windows and, uhm there’s trans-proxy-tor which enables you to actually uhm, well there’s some badly written applications out there that do stuff that’s that makes it hard for Tor to anonymize them and you can use trans-proxy-tor to tunnel such connections through the Tor network. We’ll actually talk about them in the next slide. Yeah. What else do you need to take care of
besides running Tor? Uh, there’s name resolution, uh… Some applications just bypass the configured proxy for example Firefox versions below version 1.5, which send every data, all data through the proxy but not DNS requests so they actually result in mistrust and uh, so yeah the connection is actually anonymized but the DNS server really knows uh, who you were talking to and this is really the intention of Tor, but uh,
newer versions actually takes. Uh, there’s the usual cookies, web-bugs, referrer and stuff, uhm which uh, sites can use to check which websites you’re visiting, and it’s just the
usual disabling stuff Privoxy is a great tool to normalize HTTP traffic. And it’s also great to uhm, well filter off advertising and stuff. This should be really obvious but apparently is not. Uhm, There’s so many people who don’t realize that the last connection chain is actually unencrypted if you’re using, uh if you’re not using a secure protocol. So, people actually uhm, get their mail through POP3 or something and the exit nodes can just run desniff and sniff
out all the passwords. And it’s really surprising how many people uh, do this. So, lesson learned: use secure protocols. There are also other services that require registration, for example, with your e-mail address or personal data and uh, well if you’re using Tor and you actually log on to one of those services, Tor can help you So, once I actually demonstrate how this all works. Uh, I’ve installed Tor and Privoxy on this system Config files are on the usual places. And if you read this, this little… small…
Is this alright? So there is this torrc sample file which we can use so this there’s the usual commands and stuff and this, much stuff that we don’t need for the moment there’s this uh, SOCKS port and SOCKS listen address information that just tells you where to connect your uh, your proxy to so this is the information that we use in Privoxy to access Tor. Uhm, all we have to do to actually use Tor is copy over the config file. Start the service so, it tells us it’s running… Now we have to take a look at Privoxy There’s also lots of stuff that we don’t need
right now What we need is the uh, we need to tell Privoxy uh, where to send connection requests. Ok, I’ve actually entered this earlier uhm, all it says is uh, forward all requests to the uh, SOCKS client So we just start Ok, so we are all set Now we can just do everything with our browser Startup time sucks a bit because of my external drive okay, uh proxy settings we just put in our Privoxy server which listens on port 3128, hopefully, or doesn’t?
Oh, 8108, that’s it. Ok, so every connection we want to make should actually be routed
through the Tor network uhm, this is going to take a little bit, Because all the route selection needs to be done all the public crypto, there’s also network latency Once the connections are actually setup it’s pretty fast, not like this and it’s uh, really dependent upon uh, which kind of nodes you get if you have a node that is running a modem then, you’ll have problem, it’s really slow Ok, while waiting we can actually take a look at how our hidden service is configured There’s some lines for the Tor config file the routing services Ok, so you can see here hidden services here and
hidden service port as I said, the hidden service is identified by a
public key, and uh, if you uncomment this sutff, and uh, we start Tor quickly generate a public key and put it into the start tree and it will, uh, well it actually says to uh, where this omni address earlier, we’ll just route every connection through this address to this
local nodes line This could be the case that uh, that an exit node doesn’t uh, allow DNS Ok, this is typical that when you want to show stuff
it doesn’t work It worked earlier, so uh, it’s not the network’s fault let’s uh, back to the hidden services So we actually need to change this The default directory in FreeBSD is /var/db/tor and uh, and when we start Tor it will actually, uh create the service directory by itself. It’s also a web server listening on port 80
on localhost so we can and hopefully will be able to see it later on Okay, so let’s see if this stuff is already actually created. Ok, so you have two parts in this directory hostname and private key. Private key is uh,
self-explanatory and the hostname is actually what you give to people
if you want to to publish your service This is actually less likely to work right now because it takes some time for Tor to choose these introduction points, send all this stuff to directory services It takes time for directory services to sync up and actually distribute information to the clients and when we want to access the service, we actually put
this address into the uh, the address line, and uh, Tor knows how to deal with this uh, the Onion top-level domain, so uh this usually actually works. Let’s see what’s going on here… Well, like I said this one will take a while and what’s going on with the other one? I can actually see But uh, usually you can just go to one of these server websites that tell you your IP address, and Google is a fair example you can go to Google and Google will get you a localized web page. For example, when you are from Germany, and you go to google.com, you get a German webpage and if you’re using Tor and you go to Google, it depends upon where your exit point is located for example, if it is in the Netherlands, you get a Dutch Google, which is uh, pretty cool. So uh, I’ll have to take a look later while I’m working So let’s just, continue for a moment Ok, to summarize, uh Tor is actually useful if you want to be hidden on the net. If it actually works.
Not in this case, uh Tor is usually pretty cool to offer services from anywhere so theoretically it should work that I publish my hidden service around here and anyone in the world that’s connected to the Tor network
can actually access it and uh FreeBSD is a pretty cool platform for Tor Because it has very nice security features like jail and if you want to run a Tor node and uh, tools like Tor are really needed in our time this isn’t going to get better any time soon; so uh, we better
create the tools now to circumvent this Take a quick look at the uh browser again currently the uh, connection set up failed which I can’t do anything about right now. uh, which one? Oh, that’s all me uhm it depends upon you can use any port you like It depends on uh, what port the nodes use. Nodes can use any port for example, when I don’t want to run nodes I can put it on pause port 80 if you want so anyone who uh who has uh HTTP access can actually access my node so uh In theory uh you can use any port you like. So, this isn’t going to work. Maybe I’ll just uh, if anyone is interested, I’ll just try again later That’s port 80 it’s a you know, HTTP connection so, So, are there any questions? Yes? Well, usually I use Opera, so I didn’t know Yes, there are about 300 uh, I think about 300 Tor servers around the world No, it’s uh correct at the moment there are three directory servers worldwide you can recognize them by their public key and their public keys are hard coded into the source code at the moment so, the uh Tor developers actually run those directory servers but this is really critical infrastucture uhm Well it’s it’s hard to say Because the question was uh Were there any estimates on uh, net usage and other stuff it’s really hard to say because it’s an anonymization
network so uh, you can’t say for sure, but there are estimates of
one hundred thousand users around the world and uh, I’m not sure of the traffic. I used to run a middleman node, and in one monthm it would make it was on a one hundred megabits or dedicated line, and it made about one terabyte of traffic so it’s a lot of traffic going on and unfortunately also a lot of filesharing systems which it doesn’t relly make sense because they’re slow So uhm, Tor is really cool for web browsing and stuff but if you really want to move a lot of data it’s
not a good tool Ah, any other questions? Doesn’t seem to be the case. Ok!

6 Replies to “Christian Brüffer – FreeBSD, Protecting Privacy with Tor”

Leave a Reply

Your email address will not be published. Required fields are marked *