Playing Server Hide and Seek on the
Tor Anonymity Network
Dr Paul Syverson
Naval Research Laboratory
Date:
Time:
Place: 1230
Engineering
Host: L. Xiao
Abstract:
Can
you set up a server that anyone can access but no one can find? Yes you
can. Since 2004 we have deployed location hidden servers on the Tor
network. Anyone can set one up and hide it using Tor. (Tor is a freely available anonymous
communication network developed by the Naval Research Laboratory and the
Free Haven Project. It is the most widely deployed and used anonymizing
network ever in existence. It currently consists of about 450 servers
worldwide and has an unknown (hidden) number of users estimated to be
about a quarter million. Tor was
named one of the 100 best products of 2005 by PC
World.)
Hidden
services have many uses from resisting server DDoS to anonymous blogging.
Undergroundmedia.org has published a guide to "Torcasting" (anonymity
preserving and censorship resistant podcasting). And both the Electronic Frontier Foundation
and Reporters Without Borders have issued guides that describe using hidden
services via Tor to protect the safety of dissidents as well as resist
censorship.
Our
primary focus in this presentation will be attacks. We will start by briefly
describing the basic motivation and design of the Tor network and of hidden
services. We will then demonstrate attacks we have recently carried out in
experiments on the deployed Tor network that uncover the location of hidden
servers in a matter of minutes. We will also tell you how to protect against
these attacks. We will present entry gaurd nodes and other countermeasures to
these attacks that have recently been implemented and describe how they counter
the attacks.
Biography:
Paul
Syverson is inventor of Onion
Routing, for which he received the Edison Invention Award, and designer of
all three generations of Onion Routing systems, including the latest system, Tor. Dr.
Syverson has been designing and analyzing security and privacy systems at the
Naval Research Laboratory for sixteen years. He has been chair of eight
conferences and workshops ranging from the European Symposium on Research in Computer
Security to the Privacy Enhancing Technologies Workshop and the Financial
Cryptography Conference. He is the editor of several books on these topics, as
well as author of many dozens of papers published in refereed conferences and
journals. He is also the author of Logic,
Convention, and Common Knowledge, a book that discusses philosophical
foundations of logic, and employs game theory and distributed computing in
doing so. He is former editor of IEEE Cipher. He has been an invited visitor at
the Newton Institute for Mathematical Sciences in