You are on page 1of 19
Analysis of The Onion Routing Project (TOR Project) Anthony Prasetyo - 1701320781 Evan Korius - 170

Analysis of The Onion Routing Project (TOR Project)

Anthony Prasetyo - 1701320781 Evan Korius - 170 Rahadian Adinugroho - 1701358641 Raymond Haryanto - 17013120674

Table of Contents

Chapter I: Project Description................................................................3 Project Brief..................................................................................3

Introduction................................................................................3

What is TOR?...............................................................................3

Background....................................................................................4

Why The Internet is not secure.........................................................4 Surface Web................................................................................5 Deep Web...................................................................................5 Dark Web....................................................................................6 Dark Web or Deep Web...................................................................7 Chapter II: Objective...........................................................................8 Chapter III: Research...........................................................................8 Why Dark Web Cannot be Accessed Directly?............................................8 How to access deep and dark web?.......................................................8 What is TOR Project?........................................................................9 Who Uses TOR?..............................................................................10 What are .onion sites?.....................................................................10 How do .onion sites work?..............................................................10 Chapter IV: Type of Transparency...........................................................11 Chapter V: System Architecture.............................................................11 Chapter VI: Process / Communication.....................................................12 Chapter VI: Fault Tolerance..................................................................14 Chapter VII: Security..........................................................................14 Security mechanisms.......................................................................15 Chapter VIII: Current Weaknesses..........................................................16 Exit node eavesdropping...................................................................16 Sniper attack................................................................................16 Bandwidth hogging.........................................................................16

Email.........................................................................................16

Chapter IX: Conclusion.......................................................................17

Chapter I: Project Description

Project Brief

Introduction

 

What is Internet?

A

means of connecting a computer to any other

via
via

computer anywhere in the world

two

all
all

are

connected

over

the

Internet,

and

servers. When

they

can send

and

kinds

of

such

as

text,

graphics, voice,

and

computer programs. However all the activities that we had done and

our identities would be recorded into logs and easily tracked by other parties. Therefore, there is an organization that created another dimension of internet to help us to maintain our privacy called “The Dark Web”.

The Dark Web is a term that refers specifically to a collection of websites that are available to everyone, but protects the identity such as IP addresses of the servers and the user. Thus these servers can be visited by any web user, but it is very difficult to work out who is behind the sites. And you cannot find these sites using search engines. Almost all sites on the so- called Dark Web hide their identity using the Tor encryption tool. You may know Tor for its end-user-hiding properties. You can use Tor to hide your identity, and spoof your location. When a website is run through Tor it has much the same effect.

Indeed, it multiplies the effect. To visit a site on the Dark Web that is using Tor encryption, the web user needs to be using Tor. Just as the end user's IP is bounced through several layers of encryption to appear to be at another IP address on the Tor network, so is that of the website. So there are several layers of magnitude more secrecy than the already secret act of using Tor to visit a website on the open internet - for both parties.

What is TOR?

Tor is software that allows users to browse the web anonymously. Developed by the Tor Project, a nonprofit organization that advocates for anonymity on the internet, Tor was originally called The Onion Router because it uses a technique called onion routing to conceal information about user activity. The TOR Browser is made on top of Firefox platform which makes it very secure and stable browser. Mozilla Firefox & Tor browser shares almost equal set of features. The Tor Browser Bundle (TBB) uses Mozilla Firefox Extended Support Release (ESR). Since TBB has the goal to be secure and stable, it uses the ESR version, not the latest and greatest Firefox. The TBB is regularly updated with the latest version of Firefox ESR.

Background

Why The Internet is not secure

As the tech got more advanced, engineers were able to physically link computers together, creating early networks. These networks still required the computers to be relatively near each other, however. Eventually, advances in fiber optics enabled networks to connect across continents, allowing for the Internet to be born. Some computers house the data stored on the Internet, including web pages like Google. These computers are known as “servers.” A device used to access this information, such as a smartphone or PC, is known as a client. The transmission lines that connect clients to servers come in a variety of forms, whether fiber optic cables or wireless signals, but they are all connections. Although clients initiate connections to get information from servers, the flow goes both ways. Data is exchanged across the Internet in packets. These packets contain information about the sender and the destination, and certain individuals and organizations can use this data to monitor who is doing certain things or accessing certain information on the Web. It is not just the server that can see this data. Traffic analysis is big business, and many organizations, both private and governmental, can monitor the messages flowing between clients and servers.

Background Why The Internet is not secure As the tech got more advanced, engineers were ablebusiness , and many organizations, both private and governmental, can monitor the messages flowing between clients and servers. " id="pdf-obj-3-10" src="pdf-obj-3-10.jpg">
Background Why The Internet is not secure As the tech got more advanced, engineers were ablebusiness , and many organizations, both private and governmental, can monitor the messages flowing between clients and servers. " id="pdf-obj-3-12" src="pdf-obj-3-12.jpg">

Surface Web

This is the easy one. It’s the common Internet everyone uses to read news, visit Facebook, and shop. Just consider this the “regular” Internet.

Surface Web This is the easy one. It’s the common Internet everyone uses to read news,Internet that is inaccessible to conventional search engine s, and consequently, to most users. According to researcher Marcus P. Zillman of DeepWebResearch.info, as of January 2006, the deep Web contained somewhere in the vicinity of 900 billion pages of information. In contrast, Google, the largest search engine, had indexed just 25 billion pages. Deep Web content might include information in private databases that are accessible over the Internet but not intended to be crawled by search engines. For example, some universities, government agencies and other organizations maintain databases of information that were not created for general public access. Other sites may restrict database access to members or subscribers. Deep web sites are not indexed because they use dynamic databases that are devoid of hyperlinks and can only be found by performing an internal search query. " id="pdf-obj-4-6" src="pdf-obj-4-6.jpg">

Deep Web

Figure 1 - Example of Surface Web

The deep Web is the part of the Internet that is inaccessible to conventional search engine s, and consequently, to most users. According to researcher Marcus P. Zillman of DeepWebResearch.info, as of January 2006, the deep Web contained somewhere in the vicinity of 900 billion pages of information. In contrast, Google, the largest search engine, had indexed just 25 billion pages.

Deep Web content might include information in private databases that are accessible over the Internet but not intended to be crawled by search engines. For example, some universities, government agencies and other organizations maintain databases of information that were not created for general public access. Other sites may restrict database access to members or subscribers.

Deep web sites are not indexed because they use dynamic databases that are devoid of hyperlinks and can only be found by performing an internal search query.

Figure 2 - Example of Deep Web Dark Web The Dark Web (also called darknet) is

Figure 2 - Example of Deep Web

Dark Web

The Dark Web (also called darknet) is a subset of the Deep Web that is not only not indexed, but that also requires something special to be able to access it, e.g., specific proxying software or authentication to gain access. The Dark Web is often associated with criminal activity of various degrees, including buying and selling drugs, pornography, gambling, etc. While the Dark Web is definitely used for those things more than the standard Internet or the Deep Web, there are many legitimate uses for the Dark Web as well.

Figure 2 - Example of Deep Web Dark Web The Dark Web (also called darknet) is

Figure 3 - Example of Dark Web Sites

Dark Web or Deep Web

Although all of these terms tend to be used interchangeably, they don't refer to exactly the same thing. An element of nuance is required. The 'Deep Web' refers to all web pages that search engines cannot find. Thus the 'Deep Web' includes the 'Dark Web', but also includes all user databases, webmail pages, registration-required web forums, and pages behind paywalls. There are huge numbers of such pages, and most exist for mundane reasons.

We have a staging version of all of our websites that is blocked from being indexed by search engines, so we can check stories before we set them live. Thus for every page publicly available on this website (and there are literally millions), there is another on the Deep Web. The content management system into which I am typing this article is on the Deep Web. So that is another page for every page that is on the live site. Meanwhile our work intranet is hidden from search engines, and requires a password. It has been live for nearly 20 years, so there are plenty of pages there.

Dark Web or Deep Web Although all of these terms tend to be used interchangeably, they

Figure 4 - Diagram of Web Levels

Chapter II: Objective

What is TOR Project?

How dark web works

How TOR protects users and servers identity

Research why we cannot access the dark web directly.

How to access dark web?

Chapter III: Research

Why Dark Web Cannot be Accessed Directly?

Chapter III: Research Why Dark Web Cannot be Accessed Directly? Basically, all kinds of website (Internet,

Basically, all kinds of website (Internet, Deep Web, Dark Web) rides on the same infrastructure, but due to encryption method on data transfer and domain naming, dark webs doesn’t appear in most search engines and cannot be opened on conventional web application. TOR browser will be needed in order to access the dark web since TOR browser can decrypt the data from TOR network.

In Short, you need to set your connection protocol using TOR network because the dark web (.onion) only be accessed through a hidden network called TOR.

How to access dark web?

We can’t just access the dark web from a normal web browser like Firefox for example since you can only access the dark web through a dark web browser. The most famous of these dark web browsers is called Tor and this is the one we recommend you get if you’re looking to get onto the dark web. Downloads of Tor soared in August by almost 100% as the general population became more and more concerned about their privacy amid revelations about US and UK intelligence agencies monitoring web traffic. In short, more and more people are turning to the dark web to get their internet fix and protect their information.

What is TOR Project?

TOR - The Onion Router - known by its acronym TOR- refers to the process of removing encryption layers from internet communications, similar to peeling back the layers of an onion. TOR offers an anonymous connection to the Deep Web. It is, in effect, the Deep Web search engine. TOR was developed by US Naval Intelligence to allow for anonymous and untraceable communication via the internet. Intelligence agents, law enforcement officers, and political dissidents in foreign countries with oppressive governments are trained in its use by the State Department.

The Tor Project was originally developed by the United States Naval Research Laboratory, along with a mathematician Paul Syverson and computer specialists Michael Reed and David Goldschlag in the 1990’s as a way to protect sensitive intelligence communications. It was during this time that the core principle behind Tor–onion routing–was originally developed. This same technique, which protects users’ anonymity by protecting online activity through a series of encrypted layers, is how Tor still works today.

The anonymity offered through TOR created a breeding ground for criminal elements who are taking advantage of the opportunity to hide illegal activities. Silk Road (Shut down by the FBI just last year) forged the illicit online structure and business model for how an illegal marketplace could operate via its own anonymous currency (Bitcoin) in the deep web with the certainty of anonymity. Everything from murder-for-hire, to hackers, to child sex crimes, once limited to back alleys could now move freely throughout a global marketplace. Since the shutdown of Silk Road, many other black-market bazaars have sprung up in its place: TOM, Agora Beta, and Evolution to name a few.

The TOR Project is a non-profit organization that conducts research and development into online privacy and anonymity. It is designed to stop people, including government agencies and corporations, from learning your location or tracking your browsing habits. Based on that research, it offers a technology that bounces internet traffic through "relays" which are hosted by thousands of volunteers around the world. This makes it extremely hard for anyone to identify the source of the information or the location of the user.

TOR makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using Tor "rendezvous points," other Tor users can connect to these hidden services, each without knowing the other's network identity. A hidden service needs to advertise its existence in the Tor network before clients will be able to contact it. Therefore, the service randomly picks some relays, builds circuits to them, and asks them to act as introduction points by telling them its public key. Note that in the following figures the green

links are circuits rather than direct connections. By using a full Tor circuit, it's hard for anyone to associate an introduction point with the hidden server's IP address. While the introduction points and others are told the hidden service's identity (public key), we don't want them to learn about the hidden server's location (IP address).

Who Uses TOR? The TOR project team say its users fall into four main groups:

Normal people who want to keep their internet activities private from websites and advertisers Those concerned about cyber spying Users evading censorship in certain parts of the world Those engaged in black-market commerce (illegal, drugs, weapons, gambling, hacking, child porn, etc.)

What are .onion sites?

links are circuits rather than direct connections. By using a full Tor circuit, it's hard for

They are sites that do not have a real domain name or IP address that exists on the "regular" internet. The TOR network arranges anonymity for the server and its visitors. The things you can find on .onion sites include image and file hosting, whistleblower websites (Wikileaks), forums offering complete freedom of speech, search engines, hacking, programming, and so on. Some of these websites (such as search engines) are completely legal, some would be considered illegal in some countries (hacking tutorials), others are completely illegal (drugs, weapons, child pornography, credit card fraud and other scams).

How do .onion sites work?

Computers in the TOR cloud work together to encrypt data and pass it on between each other for the purpose of providing anonymity to you. Whether you want to visit a website or BE a webserver on the internet, normally you need an IP address. If you have an IP address, you can be traced. On the TOR network however, your IP address is hidden behind the IP address of other TOR nodes, so finding the real one is much harder

Chapter IV: Type of Transparency

Access transparency Nobody can retrieve the information how the

resource is accessed since all connection might be done under different relay paths Location transparency Users does not know where all the relays are exactly

located, all users and server location are also unknown.

Migration

transparency

Because TOR is a bridge of internet connection so you do

not need to worry about the location. If the resource are available in multiple servers, if at least 1 server is connected to the internet then you should be able to be able to retrieve the resources. Relocation transparency When user can’t connect using particular relay, user just

need to wait like waiting to connect to the domain however what happened behind it is the application is looking for other relay. Replication transparency An user won’t know if the website(resources) have 1 or several servers

Concurrent

transparency

Since under TOR network every party are anonymous, an

user will not be able the know who is using the resources they also had in the dark web. Failure transparency The user will not be notified if any of the relay nodes broken

during usage, it will use another relay node.

Chapter V: System Architecture

System Architecture that is used in the TOR system is hybrid, since there are

a lot of clients to use services from servers. However there is a little bit difference where in TOR network, there are upper layer of architecture which is between relays and both client and web server, both client and web server needs to connect to the relay in order to communicate securely. The way the relay connect to each other is random and all relays are in the same level Client in this network means the one that using internet to browse either

surface or deep or even dark web Relays are provided by voluntary who supports this network around the world. Currently, there are 7000 routers that supports TOR Project.

Figure 5 - TOR Architecture Chapter VI: Process / Communication In this TOR Network, all the

Figure 5 - TOR Architecture

Chapter VI: Process / Communication

In this TOR Network, all the communication between each relay is encrypted however the connection between the exit funnel and the destination is not encrypted by TOR, but do not worry because if the website is having a good security standard like HTTPS or SSL and also although the data is not encrypted the only things that could be seen by the exit funnel is meta data or the basic information about data.

Below, we provide the basic process of how TOR connect us to the destination

Below, we provide the basic process of how TOR connect us to the destination First, the

First, the client’s Tor-enabled software determines the list of available Tor nodes that are present in the network. By doing so, it ensures a random node selection each time so that no pattern can be observed by anyone spying, ensuring that you remain private throughout your activities. Random path selection also leaves no footprints, as no Tor node is aware of the origin or destination other than the terminal ones receiving from the clients. And since, from the millions of Tor nodes available, anyone can act as the first receiving node, therefore it is virtually impossible to trace the origin.

Below, we provide the basic process of how TOR connect us to the destination First, the

Now, the client generates an encrypted message which is relayed to the first Tor node. The Onion router on this node would peel off one layer of encryption and read the information identifying the second node. The second node would repeat the same process and pass on to third. This would go on until the final node receives the location of the actual recipient, where it transmits an unencrypted message to ensure complete anonymity.

Finally, when the client computer wants to establish another path, supposed to visit another website, or

Finally, when the client computer wants to establish another path, supposed to visit another website, or even the same one, the Tor network will select an entirely different, random path this time.

Chapter VI: Fault Tolerance

Fault Prevention Whenever user use TOR network, the application would check the active router / relay and it would choose the path who gave the fastest response. Fault Tolerance When the current middleman or exit funnel is got down, the TOR network would create another path which is random and impossible to be same as before. Right at that time, the browser would pretend like there was a slow response from the destination.

Chapter VII: Security

Availability It is high because there is more or less 7000 relays around this world Reliability It has high reliability in case of privacy however if it’s about speed we could not measure the bandwidth of each relay. Safety Obviously it is secure because the actual person who request the data is could not be located however it’s kind of dangerous if we act as the exit funnel because the exit funnel could be traced (connected directly with the destination). Besides, the TOR Browser could disabled certain capability of HTML such as

Finally, when the client computer wants to establish another path, supposed to visit another website, or
 Integrity  The exit funnels could see your packet metadata, however it does not have

Integrity The exit funnels could see your packet metadata, however it

does not have any privilege to change or alter it. Confidentiality The packet header is encrypted lots of time (or at least 3

times) Security mechnisms

Encryption The Encryption is done by onion routing using their own algorithm called Onion routing. Why it is called onion routing? Because the encrypted data is transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer, uncovering the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.

 Authentication  No authentication is happened because anonymity is the key of this system DDoS attack targeted at the TOR node software, as well as defenses against that attack and its variants. The attack works using a colluding client and server, and filling the queues of the exit " id="pdf-obj-16-2" src="pdf-obj-16-2.jpg">

Authentication No authentication is happened because anonymity is

the key of this system Authorization Once you set your router or server become one of the

TOR Project relay you can’t disallow anyone to connect to you. Auditing No one could auditing the data.

Chapter VIII: Current Weaknesses

Exit node eavesdropping

You have to remember that TOR exit node is the most vulnerable part of the system, and government might act as exit node to snoop data transaction. Several researches and experiments had shown that whoever operating the exit nodes are able to mine whatever data is passing by. That means if you’re a TOR user, you better hope your exit node is operated by legitimate ‘good guys’.

Sniper attack

Jensen et al., describe a DDoS attack targeted at the TOR node software, as well as defenses against that attack and its variants. The attack works using a colluding client and server, and filling the queues of the exit

node until the node runs out of memory, and hence can serve no other (genuine) clients. By attacking a significant proportion of the exit nodes this way, an attacker can degrade the network and increase the chance of targets using nodes controlled by the attacker.

Bandwidth Hogging

It is considered impolite to transfer massive amounts of data across the TOR network, the onion routers are run by volunteers using their own bandwidth at their own cost.

Email

Anonymous usage of SMTP (i.e., e‐mail) can result in spam. Consequently the default exit policy of TOR nodes rejects outgoing connections to port 25, the port used for SMTP.

Chapter IX: Conclusion

Here we presented a protocol called Onion Routing. The purpose of Onion Routing is to protect the anonymity of a user who wants to communicate over a network. In particular, it will hide the destinations of all communications initiated by the user. Any outside observers will not be able to tell whom the user is communicating with and for how long. To achieve this goal, Onion Routing uses Public Key Encryption to put multiple layers of encryption around the original data packet, thus creating an object called an onion. This onion will follow a specific route through the network, and at each route a layer of encryption will be peeled off. Once the onion reaches its destination it will have been reduced to the original data packet. When a router decrypts the onion using its private key it will only get the address of the next router along the path. So no router will ever know

the full path that is travelled by the onion. Since no outside observer will be able to follow an onion while it is travelling through the network, the communication is completely anonymous.