doc/codecon04.mgp

   1 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
   2 %%deffont "standard" xfont "comic sans ms-medium-r"
   3 %%deffont "thick" xfont "arial black-medium-r"
   4 %%deffont "typewriter" xfont "courier new-bold-r"
   5 %%deffont "type2writer" xfont "arial narrow-bold-r"
   6 %%deffont "standard"   tfont "standard.ttf",   tmfont "kochi-mincho.ttf"
   7 %%deffont "thick"      tfont "thick.ttf",      tmfont "goth.ttf"
   8 %%deffont "typewriter" tfont "typewriter.ttf", tmfont "goth.ttf"
   9 %deffont "standard" xfont "helvetica-medium-r", tfont "arial.ttf", tmfont "times.ttf"
  10 %deffont "thick" xfont "helvetica-bold-r", tfont "arialbd.ttf", tmfont "hoso6.ttf"
  11 %deffont "italic" xfont "helvetica-italic-r", tfont "ariali.ttf", tmfont "hoso6.ttf"
  12 %deffont "typewriter" xfont "courier-medium-r", tfont "typewriter.ttf", tmfont "hoso6.ttf"
  13 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  14 %%
  15 %% Default settings per each line numbers.
  16 %%
  17 %default 1 leftfill, size 8, fore "black", back "white", font "thick", hgap 1
  18 %default 2 size 8, vgap 10, prefix " ", ccolor "black"
  19 %default 3 size 6, bar "gray70", vgap 0
  20 %default 4 size 6, fore "black", vgap 0, prefix " ", font "standard"
  21 %%
  22 %%default 1 area 90 90, leftfill, size 9, fore "yellow", back "blue", font "thick"
  23 %%default 2 size 9, vgap 10, prefix " "
  24 %%default 3 size 7, bar "gray70", vgap 10
  25 %%default 4 size 7, vgap 30, prefix " ", font "standard"
  26 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  27 %%
  28 %% Default settings that are applied to TAB-indented lines.
  29 %%
  30 %tab 1 size 5, vgap 40, prefix "     ", icon arc "red" 50
  31 %tab 2 size 4, vgap 35, prefix "            ", icon delta3 "blue" 40
  32 %tab 3 size 3, vgap 35, prefix "                        ", icon dia "DarkViolet" 40
  33 %%
  34 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  35 %page
  36 %nodefault
  37 %center, size 9, font "thick", back "white", fore "black"
  38
  39 Tor:
  40 %size 8
  41 Next-generation Onion Routing
  42
  43
  44 %size 7
  45 Roger Dingledine
  46 Nick Mathewson
  47 Paul Syverson
  48
  49 The Free Haven Project
  50 %font "typewriter", fore "blue"
  51 http://freehaven.net/
  52
  53 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  54 %page
  55
  56 Low-latency anonymity system
  57
  58 %leftfill
  59 Deployed: 20 nodes, hundreds (?) of users
  60
  61 Many improvements on earlier design
  62
  63 Free software -- available source code
  64
  65 Design is not covered by earlier onion routing
  66 patent
  67
  68 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  69 %page
  70
  71 Talk Overview
  72
  73 A bit about Onion Routing
  74
  75 Improvements we've made
  76
  77 Some related work
  78
  79 Some lessons learned
  80
  81 Ask me questions
  82
  83 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  84 %page
  85
  86 Anonymity: Who needs it?
  87
  88 Private citizens
  89         advocacy, counseling, whistleblowing, reporting, ...
  90 %size 6
  91 Higher-level protocols
  92         voting, e-cash, auctions
  93 %size 6
  94 Government applications
  95         research, law enforcement
  96 %size 6
  97 Business applications
  98         hide relationships and volumes of communication
  99         Who is visiting job sites?
 100         Which groups are talking to patent lawyers?
 101         Who are your suppliers and customers?
 102         Is the CEO talking to a buyout partner?
 103
 104 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 105 %page
 106
 107 Anonymity is a network effect
 108
 109 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 110 %page
 111
 112 Onion Routing is...
 113
 114 An overlay network
 115
 116 Users build virtual circuits through the network
 117
 118 One layer of encryption at each hop
 119
 120 Fixed-size cells
 121
 122 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 123 %page
 124
 125 Tor's goal
 126
 127 Conservative design (minimize new design work needed)
 128
 129 Support testing of future research
 130
 131 Design for deployment; deploy for use
 132
 133 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 134 %page
 135
 136 Threat model
 137
 138 Protect against curious Bob
 139
 140 Protect against somebody watching Alice
 141
 142 Protect against a few curious nodes in the middle
 143
 144 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 145 %page
 146
 147 Differences / limitations
 148
 149
 150 We're TCP-only, not all IP (but we're user-space and very portable)
 151
 152 Not peer-to-peer
 153
 154 No protocol normalization
 155
 156 %%Not unobservable
 157
 158 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 159 %page
 160
 161 Perfect forward secrecy
 162
 163
 164 Telescoping circuit
 165
 166         negotiates keys at each hop
 167
 168 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 169 %%page
 170 %%
 171 %%Separation from "protocol cleaning"
 172 %%
 173 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 174 %page
 175
 176 No mixing, padding, traffic shaping (yet)
 177
 178
 179 Please show us they're worth the usability tradeoff
 180
 181 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 182 %%page
 183 %%
 184 %%Many TCP streams can share one circuit
 185 %%
 186 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 187 %page
 188
 189 Congestion control
 190
 191
 192 Simple rate limiting
 193
 194 Plus have to keep internal nodes from overflowing
 195
 196 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 197 %page
 198
 199 Directory servers
 200
 201
 202 Approve new servers
 203
 204 Tell clients who's up right now
 205
 206         plus their keys, location, etc
 207
 208 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 209 %page
 210
 211 Variable exit policies
 212
 213
 214 Each server allows different outgoing connections
 215
 216 E.g. no servers allow outgoing mail currently
 217
 218 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 219 %page
 220
 221 End-to-end integrity checking
 222
 223
 224 In previous onion routing, an insider could change
 225 the text being transmitted:
 226
 227 "dir" => "rm *"
 228
 229 Even an external adversary could do this!
 230
 231 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 232 %page
 233
 234 Rendezvous points
 235
 236
 237 allow hidden services
 238
 239 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 240 %page
 241
 242 Related work
 243
 244 c/n vs c^2/n^2 vs 2
 245
 246 freedom, peekabooty, jap
 247
 248 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 249 %page
 250
 251 Future work
 252
 253 Threshold directory agreement
 254
 255 Restricted-route (non-clique) topology
 256
 257 Morphmix/p2p extensions?
 258
 259 Location-hidden servers via rendezvous points
 260
 261 Make it work better
 262
 263 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 264 %page
 265
 266 We have working code
 267
 268
 269 Plus a design document,
 270 and a byte-level specification
 271
 272 %size 9
 273 http://freehaven.net/tor/
 274
 275 %size 6
 276 Privacy Enhancing Technologies workshop
 277
 278 %size 9
 279 http://petworkshop.org/
 280