Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cross-site scripting wikipedia , lookup
Outlook.com wikipedia , lookup
Distributed firewall wikipedia , lookup
Jacob Appelbaum wikipedia , lookup
Deep packet inspection wikipedia , lookup
Mobile security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Unix security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Security-focused operating system wikipedia , lookup
The Pros and Cons of Open Source Security: Peeling Back the Layers of the Tor Network www.NtrepidCorp.com The Pros and Cons of Open Source Security Tor: An Overview Tor was originally built by the U.S. Naval Research Laboratory’s Onion Routing Program with support from DARPA (Defense Advanced Research Projects Agency). Currently distributed as an open source project run by the nonprofit Torproject.org, it is a popular non-attribution system. Tor is intended to allow users to make connections to Internet services, including websites, without revealing their actual IP addresses to their destination. When using Tor, all TCP connections (most Internet connections) of any given user are tunneled through a single circuit, which rotates over time. Typically, a circuit is made up of three nodes or relays, the first of which is called the entrance Tor relay. From there, the second node is called the middle Tor relay, with the final and exit node of the circuit referred to as the exit Tor relay. Under ideal circumstances, the entrance relay is the only one that knows the real IP address of the client, while the exit relay is the only one that knows the real IP address of the destination. The middle relay is responsible for maintaining the anonymity between the entrance and exit nodes. Tor and its Scope of Anonymity To better understand the technology, one must examine Tor’s threat model and the non-attribution it attempts to provide. Ideally, a non-attribution solution would protect against global adversaries who have the ability to observe and/or control an entire network. When Tor was originally planned and built, its designers chose a lower latency model that would ensure faster transmission across the network. Tor’s trade-off for speed of transmission is a weaker design that allows global adversaries who simply own numerous nodes within the Tor network to identify users, network traffic, and destination sites. In essence, any sensitive emails, plans, and other mission communications could be monitored if they are routed through a network of nodes that is managed by a single owner or group of cooperating hostile individuals. To demonstrate the vulnerabilities associated with Tor, one need only look at a well-documented intrusion that was carried out by Dan Egerstad, a Swedish computer consultant who exposed confidential information by infiltrating the Tor network. Without even hacking any computers, he obtained critical information on over 1,000 foreign government email accounts by simply monitoring traffic flowing through a Tor node that he set up. As unencrypted, sensitive government emails were passing through Tor nodes, he gained access to important information about government field agents like Passport numbers, birth dates, addresses, requests for Visas, names and passwords to email accounts, and detailed meeting schedules. He later posted 100 sets of usernames and passwords on his website to further demonstrate Tor’s vulnerabilities. Benefits of Tor There have been few non-academic examples of Tor user data or identities revealed in practice, and Tor has been successfully used to get around website censorship in more than 20 countries that censor political and human rights sites. www.NtrepidCorp.com 2 The Pros and Cons of Open Source Security Vulnerabilities Associated with Using Tor Abusive users can cause relays to be shut down It is widely known that legitimate exit node operators have a hard time functioning because of the malicious client behavior of many Tor users. Exit node providers often receive a large number of complaints including DMCA 512 notices related to copyright infringement, in addition to reports of hacking attempts, IRC bot network controls, and website defacement. Increased likelihood of blocking Websites can easily block content originating from a Tor node because the IP addresses of all Tor nodes are easy to obtain through Tor’s own directory servers which are necessary to inform the network about other Tor nodes. All a website administrator has to do is create a simple rule to query a Tor directory server and then block traffic from all IP addresses that it returns. This is a fairly common practice, as website administrators know that Tor users are more likely to be attackers. This is particularly true for websites where the service already knows the user’s true identity, like a bank, brokerage or utility. The trouble with insecure protocols If a client uses an insecure protocol like POP or IMAP (typical for email), Telnet, or FTP, or mistakenly enters any identifying information into a non-secure web page, the exit relay can detect and store login credentials or critical mission communications. To make matters worse, Tor uses the same circuit for all of each user’s connections. Therefore, once an exit node observes identifying information, it can trace all traffic on the circuit back to the client, even if some of the traffic is encrypted. While the circuit does change periodically, there is plenty of time to launch an attack before it changes. Susceptible to monitoring As traffic emerges from the exit Tor relay, it is decrypted for transmission to the target. This enables the owner of the “exit” node to log or “sniff” all of the traffic that comes through their particular node. It’s widely believed that some people set up Tor nodes just so that they can monitor traffic to steal passwords, read secured communications, and gain access to other types of information that will be used for criminal activities. Cannot protect against cloaking Cloaking is a common practice where a website changes the content of a page based on the IP address or geographic location of the user viewing the site. One example of this is Aljazeera.net, which has from time to time displayed dramatically different content to users based on the origin of their IP addresses. For example, users who connect through IP addresses that are recognized to be from the Middle East are shown dramatically different content than those that originate from a Western IP address. Since Tor doesn’t allow users to easily choose an exit relay or location, it’s not possible to ensure that a user is seeing a site from their geographic preference. It’s also unlikely that a Tor exit relay exists in a region where you would want your traffic to appear to originate from, as the vast majority of the network’s exit nodes are located in Germany, the United States, France, Switzerland, the Netherlands, and Finland. www.NtrepidCorp.com 3 The Pros and Cons of Open Source Security It’s easy to break non-attribution with a little bit of funding Five percent of all Tor relays transport fifty percent of all traffic. This means that if an adversary controls a set of the highest performing relays, they have a high probability of determining the real identity of the user, the content of the user’s traffic, and the target destination. In essence, they can monitor any user’s traffic they choose. Conclusion While it is up to each individual user to determine if Tor is the right solution for his or her needs, a vulnerability assessment of the types of information and investigations that will communicate through the Tor network is critical. For casual users, Tor provides a level of security that may be enough, but government and business organizations should examine the ramifications of operating through Tor nodes that may or may not be monitored by nefarious individuals who can attribute mission communications back to any given user’s actual IP address. Contact us to learn more: [email protected] or 800.921.2414 ©2014 Ntrepid Corporation. All rights reserved. Ntrepid is a trademark of Ntrepid Corporation. 12-14-002 www.NtrepidCorp.com 4