From fd4dc9de39e5f86cfebdf73abd10a718231274fb Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Thu, 19 Feb 2004 06:19:58 +0000 Subject: [PATCH] commit some partial slides in case i get hit by a bus svn:r1113 --- doc/codecon04.mgp | 280 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 280 insertions(+) create mode 100644 doc/codecon04.mgp diff --git a/doc/codecon04.mgp b/doc/codecon04.mgp new file mode 100644 index 0000000000..d78191edb6 --- /dev/null +++ b/doc/codecon04.mgp @@ -0,0 +1,280 @@ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%deffont "standard" xfont "comic sans ms-medium-r" +%%deffont "thick" xfont "arial black-medium-r" +%%deffont "typewriter" xfont "courier new-bold-r" +%%deffont "type2writer" xfont "arial narrow-bold-r" +%%deffont "standard" tfont "standard.ttf", tmfont "kochi-mincho.ttf" +%%deffont "thick" tfont "thick.ttf", tmfont "goth.ttf" +%%deffont "typewriter" tfont "typewriter.ttf", tmfont "goth.ttf" +%deffont "standard" xfont "helvetica-medium-r", tfont "arial.ttf", tmfont "times.ttf" +%deffont "thick" xfont "helvetica-bold-r", tfont "arialbd.ttf", tmfont "hoso6.ttf" +%deffont "italic" xfont "helvetica-italic-r", tfont "ariali.ttf", tmfont "hoso6.ttf" +%deffont "typewriter" xfont "courier-medium-r", tfont "typewriter.ttf", tmfont "hoso6.ttf" +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% +%% Default settings per each line numbers. +%% +%default 1 leftfill, size 8, fore "black", back "white", font "thick", hgap 1 +%default 2 size 8, vgap 10, prefix " ", ccolor "black" +%default 3 size 6, bar "gray70", vgap 0 +%default 4 size 6, fore "black", vgap 0, prefix " ", font "standard" +%% +%%default 1 area 90 90, leftfill, size 9, fore "yellow", back "blue", font "thick" +%%default 2 size 9, vgap 10, prefix " " +%%default 3 size 7, bar "gray70", vgap 10 +%%default 4 size 7, vgap 30, prefix " ", font "standard" +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% +%% Default settings that are applied to TAB-indented lines. +%% +%tab 1 size 5, vgap 40, prefix " ", icon arc "red" 50 +%tab 2 size 4, vgap 35, prefix " ", icon delta3 "blue" 40 +%tab 3 size 3, vgap 35, prefix " ", icon dia "DarkViolet" 40 +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%center, size 9, font "thick", back "white", fore "black" + +Tor: +%size 8 +Next-generation Onion Routing + + +%size 7 +Roger Dingledine +Nick Mathewson +Paul Syverson + +The Free Haven Project +%font "typewriter", fore "blue" +http://freehaven.net/ + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Low-latency anonymity system + +%leftfill +Deployed: 20 nodes, hundreds (?) of users + +Many improvements on earlier design + +Free software -- available source code + +Design is not covered by earlier onion routing +patent + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Talk Overview + +A bit about Onion Routing + +Improvements we've made + +Some related work + +Some lessons learned + +Ask me questions + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Anonymity: Who needs it? + +Private citizens + advocacy, counseling, whistleblowing, reporting, ... +%size 6 +Higher-level protocols + voting, e-cash, auctions +%size 6 +Government applications + research, law enforcement +%size 6 +Business applications + hide relationships and volumes of communication + Who is visiting job sites? + Which groups are talking to patent lawyers? + Who are your suppliers and customers? + Is the CEO talking to a buyout partner? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Anonymity is a network effect + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Onion Routing is... + +An overlay network + +Users build virtual circuits through the network + +One layer of encryption at each hop + +Fixed-size cells + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Tor's goal + +Conservative design (minimize new design work needed) + +Support testing of future research + +Design for deployment; deploy for use + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Threat model + +Protect against curious Bob + +Protect against somebody watching Alice + +Protect against a few curious nodes in the middle + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Differences / limitations + + +We're TCP-only, not all IP (but we're user-space and very portable) + +Not peer-to-peer + +No protocol normalization + +%%Not unobservable + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Perfect forward secrecy + + +Telescoping circuit + + negotiates keys at each hop + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%page +%% +%%Separation from "protocol cleaning" +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +No mixing, padding, traffic shaping (yet) + + +Please show us they're worth the usability tradeoff + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%page +%% +%%Many TCP streams can share one circuit +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Congestion control + + +Simple rate limiting + +Plus have to keep internal nodes from overflowing + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Directory servers + + +Approve new servers + +Tell clients who's up right now + + plus their keys, location, etc + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Variable exit policies + + +Each server allows different outgoing connections + +E.g. no servers allow outgoing mail currently + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +End-to-end integrity checking + + +In previous onion routing, an insider could change +the text being transmitted: + +"dir" => "rm *" + +Even an external adversary could do this! + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Rendezvous points + + +allow hidden services + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Related work + +c/n vs c^2/n^2 vs 2 + +freedom, peekabooty, jap + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +Future work + +Threshold directory agreement + +Restricted-route (non-clique) topology + +Morphmix/p2p extensions? + +Location-hidden servers via rendezvous points + +Make it work better + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page + +We have working code + + +Plus a design document, +and a byte-level specification + +%size 9 +http://freehaven.net/tor/ + +%size 6 +Privacy Enhancing Technologies workshop + +%size 9 +http://petworkshop.org/ + -- 2.11.4.GIT