- Paper
- Blog posts: 1, 2, 3
- Lecture note from 2012
- Old quizzes
- Goals
- Mechanisms
- Streams/Circuits
- Rendezvous Points & Hidden services
- Directory Servers
- Attacks & Defenses
- Practice Problems
- Anonymous communication
- Responder anonymity
- If I run a service like "mylittleponey.com" I don't want anyone associating me with that service
- Deployability / usability
- Why a security goal?
- Because it increases the # of people using Tor, i.e. the anonimity set
- ...which in turn increases security
- (adversary has more people to distinguish you amongst)
- ...which in turn increases security
- Because it increases the # of people using Tor, i.e. the anonimity set
- Why a security goal?
- TCP layer (Why? See explanations in lecture notes above)
- NOT P2P (because more vulnerable?)
TODO: Define circuit
Alice multiplexes many TCP streams onto a few circuits. Why? Low-latency system, expensive to make new circuit.
TODO: Define Onion Router (OR)
Directory server: State of network, OR public keys, OR IPs
ORs:
- All connected to one another with TLS
- See blog post 1: Authorities vote on consensus directory document
Example:
[ Draw example of Alice building a new circuit ]
[ and connecting to Twitter. ]
Rendezvous Points & Hidden services
Example:
[ Add an example of Alice connecting to Bob's ]
[ hidden service on Tor ]
Bob runs hidden service (HS):
- Decides on long term PK/SK pair
- Publish introduction points, advertises on lookup service
- Builds a circuit to Intro Points, waits for messages
Alice wants to connect to Bob's HS:
- Build circuit to new Rendezvous Point (RP) (any OR)
- Gives cookie to RP
- Builds circuit to one of Bob's intro points and sends message
- with
{RP, Cookie, g^x}_PK(Bob)
- with
- Bob builds circuit to RP, sends
{ cookie, g^y, H(K)} - RP connects Alice and Bob