EECs 485 Final Exam Dark Web
Symmetric encryption
Same key to encode and decode for both parties, fast to compute, provides confidentiality (adversary cannot understand the message).
Tor Onion Services steps
1. Bob picks some intro points and builds circuits to them. 2. Bob advertises service at database- contains Bob's public key, intro node, each intro node, and signed w/ Bob's private key (xyz.onion- xyz is autogenerated name derived from Bob's public key). 3. Alice hears bout xyz.onion and requests more info and sets up rendezvous point and connects to it. Download advertisement records tells Alice where to find introduction points. 4. Alice writes messge to Bob (encrypted to public key) listening RV point and one-time secret, then asks an intro point to deliver it to Bob. All links to Introduction points and rendezvous points are encrypted and via Tor; no one can connect the mssage to Alice's IP address. 5. Bob connects to Alice's rendezvous point and provides her w/ one-time secret. 6. Bob and Alice proceed to use their Tor circuits like normal. We have established connection where neither Alice nor Bob know each other's IP addresses.
Distributed hash tables
A way for Alice to find xyz.onion- If N servers, store file foo on server hash(foo) % N. If you need to add a server, file is now mapped to server hash(foo) % (N+1).
Tor services
Allows users to anonymously publish services- Web pages, chat server. Service points (rendezvous points) must be known to clients. Even though censors may want to locate and take down services. Key idea: layer of indirection- randomized middleman. Introduction points are Tor nodes that relay traffic from clients to services.
Public key infrastructure
Certificate authorities verify identities and public keys. Public keys for big Certificate Authorities are built into browsers.
HTTPS example: Key exchange
Client generates random key to be used for later symmetric encryption- encrypts key using server's public key. Then, traffic is encrypted w/ symmetric encryption using agreed-upon key.
Browser fingerprinting
Collect enough information from a client, and you can probably identify them uniquely. Torbrowser avoids browser fingerprinting.
Internet protocol (IP)
Connectionless; "store and forward". Different packets can take different paths. Cannot lie about the destination of the packet, otherwise it cannot get sent to the right place.
Packet Inspection
Each packet has source IP address & destination IP address. Could spoof source sometimes (but NOT destination). Packet source and desination are visible to anyone observing network.
Statistical correlation attack
If Mallory is NSA/government, they could control ISPs and collect frequent traffic logs w/ timestamps of people who use Tor regularly. They also control ISPs for websites and collect frequent traffic logs w/ timestamps. With enough log data, one could find out who is visiting which websites. To prevent it, you could have people always transmit data t o Tor once per second- if no data to send, either send NULL or random data. More users in Tor -> reduce vulnerability.
Packet Switching
Internet is a best-effort, packet-switched network. Basic unit = packet, sent by hosts. May arrive late or not at all, IP routers form the core of the internet.
Tor browser
Like being in private browsing mode all the time, routes all traffic via Tor. Modified version of Firefox.
Proxy server
Middleman- makes your internet appear to come from somewhere else and hides your IP address
Tor vulnerabilities
Only first relay node knows source IP address, and only last relay node knows the destination IP address. To break anonymity, you need to surveil ALL nodes in Tor circuit. Vulnerable to statistical correlation attack
Asymmetric encryption
Pair of keys- each party has public and private keys. Messages are encrypted with one and decrypted w/ another. Cannot derive one key from another.
The Dark Web
Part of web that you can't access using standard browsing- accessible only through an anonymous connection. The deep web includes the dark web
HTTPS example: Certificate exchange
Server proves its identity to client. Server sends SSL certificate and public key, client checks certificate against stored CAs (to find out if you're really talking to the right website).
Tor- The Onion Router
Used to fight traffic analysis. TCP based protocol. 1. Alice's Tor client, Dave, obtains list of Tor nodes from directory server 2. Alice's Tor client picks random path to a destination server. All links from Alice to Bob are encrypted except for final connection between last Tor node to Bob. 3. If Alice visits another site, then Alice's Tor Client selects another random path. At each step in the relay, another encryption layer happens. At each layer, you decrypt the current layer and forward it to the next destination.
TLS/SSL- Transport Layer Security/Secure Sockets Layer
Usually https://, encryption of all content that goes into TCP payload
VPN Proxy server
VPN proxy server hides IP address and encrypts your traffic, including headers and metadata. Good for business security, but not necessarily anonymity. However, Eavesdropper can see that the client is communicating w/ VPN proxy, and can see VPN communicate w/ website. VPN proxy servers do have server logs that could be traced- some VPNs have a "destroy logs" policy, but you'd have to trust your VPN provider (as well as their tech skills). Still vulnerable to traffic analysis by ISP or Eve.
Metadata (in packets)
Your ISP (internet service provider), Destination website, intermediate router, network eavesdropper.
Desirable properties of communication
confidentiality, sender authenticity, message integrity, freshness, anonymity