DEF CON 27 Hacking Conference Presentation
1
The Tor Censorship
Arms Race:
The Next Chapter
2
● Online Anonymity
– Open Source
– Open Network
● Community of
researchers,
developers, users and
relay operators.
● U.S. 501(c)(3) non-
pro%t organization
3
Estimated 2,000,000 to 8,000,000
daily Tor users
4
Threat model:
what can the attacker do?
Alice
Anonymity network
Bob
watch (or be!) Bob!
watch Alice!
Control part of the network!
5
Anonymity isn’t encryption:
Encryption just protects contents.
Alice
Bob
“Hi, Bob!”“Hi, Bob!”
attacker
6
7
Anonymity serves different
interests for different user groups.
Anonymity
Private citizens
“It’s privacy!”
8
Anonymity serves different
interests for different user groups.
Anonymity
Private citizens
Businesses
“It’s network security!”
“It’s privacy!”
9
Anonymity serves different
interests for different user groups.
Anonymity
Private citizens
Governments Businesses
“It’s traffic-analysis
resistance!”
“It’s network security!”
“It’s privacy!”
10
Anonymity serves different
interests for different user groups.
Anonymity
Private citizens
Governments Businesses
“It’s traffic-analysis
resistance!”
“It’s network security!”
“It’s privacy!”
Human rights
activists
“It’s reachability!”
11
12
13
14
15
16
Tor’s safety comes from diversity
● #1: Diversity of relays. The more relays
we have and the more diverse they are,
the fewer attackers are in a position to do
traffic confirmation. (Research problem:
measuring diversity over time)
● #2: Diversity of users and reasons to use
it. 50000 users in Iran means almost all of
them are normal citizens.
17
Transparency for Tor is key
● Open source / free software
● Public design documents and
specifications
● Publicly identified developers
● Not a contradiction:
privacy is about choice!
18
Tor censorship epochs
● Background / Phase 1 (2006-2011):
Bridges, pluggable transports
● Phase 2 (2011-2019):
Active probing, obfsproxy, domain
fronting, many more countries
● Phase 3 (2019-?):
Snowflake, obfs4, decoy routing, …
19
Relay versus Discovery
There are two pieces to all these
“proxying” schemes:
a relay component: building circuits,
sending traffic over them, getting the
crypto right
a discovery component: learning what
relays are available
20
The basic Tor design uses a simple
centralized directory protocol.
R2
R1
Alice
Trusted directory
Trusted directory
R3
cache
cache
Relays publish
self-signed
descriptors.
Authorities
publish a consensus
list of all descriptors
Alice downloads
consensus and
descriptors from
anywhere
21
Early blocking
● 2006: Thailand blocks our website
by DNS
● 2007: Iran/Saudi Arabia/others use
websense/smartfilter to block Tor’s
http directory fetches.
The fix: put everything inside TLS.
22
23
24
Iran throttles SSL (June 2009)
● We made Tor’s TLS handshake look
like Firefox+Apache.
● So when Iran freaked out and
throttled SSL bandwidth by DPI in
summer 2009, they got Tor for free
25
Attackers can block users from
connecting to the Tor network
1) By blocking the directory authorities
2) By blocking all the relay IP addresses in
the directory, or the addresses of other Tor
services
3) By filtering based on Tor’s network
fingerprint
4) By preventing users from finding the
Tor software (usually by blocking website)
26
R4
R2
R1
R3
Bob
Alice
Alice
Alice
Alice
Alice
Blocked
User
Blocked
User
Blocked
User
Blocked
User
Blocked
User
Alice
Alice
Alice
Alice
Alice
Alice
Alice
Alice
Alice
Alice
27
How do you find a bridge?
1) https://bridges.torproject.org/ will tell
you a few based on time and your IP address
2) Mail from a gmail
address and we’ll send you a few
3) I mail some to a friend in Shanghai who
distributes them via his social network
4) You can set up your own private bridge and
tell your target users directly
28
29
30
China (September 2009)
● China grabbed the list of public
relays and blocked them
● They also enumerated+blocked one
of the three bridge buckets
(https://bridges.torproject.org/)
● But they missed the other bridge
buckets.
31
32
33
China (March 2010)
● China enumerated the second of our
three bridge buckets (the ones
available at
via Gmail)
● We were down to the social
network distribution strategy, and
the private bridges
34
Iran (January 2011)
● Iran blocked Tor by DPI for SSL and
filtering our Diffie-Hellman parameter.
● Socks proxy worked fine the whole time
(the DPI didn’t pick it up)
● DH p is a server-side parameter, so the
relays and bridges had to upgrade, but not
the clients
36
37
Iran (September 2011)
● This time, DPI for SSL and look at our TLS
certificate lifetime.
● (Tor rotated its TLS certificates every 2
hours, because key rotation is good, right?)
● Now our certificates last for a year
● These are all low-hanging fruit. Kind of a
weird arms race.
38
39
40
41
Tunisia (October 2011)
● First country to announce officially that they
censor
● Using Smartfilter
● Outsourced to a foreign corporation
● And Tunisia got a discount!
42
Pluggable transports
43
The two currently successful PTs
● obfsproxy (2012): add a layer of
encryption on top so there are no
recognizable headers.
● meek (2014): “domain fronting” via
Google, Azure, Amazon
44
Tor censorship epochs
● Background / Phase 1 (2006-2011):
Bridges, pluggable transports
● Phase 2 (2011-2019):
Active probing, obfsproxy, domain
fronting, many more countries
● Phase 3 (2019-?):
Snowflake, obfs4, decoy routing, …
45
China (October 2011)
● Started its active probing campaign by
DPIing on Tor’s TLS handshake, and
later on obfs2 and obfs3
● Spoofed IP addresses from inside China
● The fix: obfs4 requires the client to
prove knowledge of a secret, else it
won’t admit to being an obfs4 bridge.
46
47
China (March 2015)
● “Great Cannon” targets github
● Greatfire declaring war, “you can’t block
us”
● Huge difference from previous “let them
save face” approach
50
51
China (pre 2018)
● China also shifted to blackholing
the entire IP address (not just the
offending port).
● Any old probers are enough to get
bridges blocked (0.2.9, ORPort, etc)
52
China (mid 2018)
● Lantern uses obfs4 proxies for its
own circumvention tool
● After a while, the proxies they give
their users don’t work so well.
^ another example of tough feedback
loop
53
China (mid 2019)
● 0.3.2 Tor clients, talking to 0.3.5
Tor bridges, don’t trigger active
probing anymore.
● We guess it has to do with changes
in advertised ciphersuites on the
client side.
54
55
56
57
58
Tor censorship epochs
● Background / Phase 1 (2006-2011):
Bridges, pluggable transports
● Phase 2 (2011-2019):
Active probing, obfsproxy, domain
fronting, many more countries
● Phase 3 (2019-?):
Snowflake, obfs4, decoy routing, …
59
New pluggable transport: Snow✓ake
60
61
62
Streamlined obfs4 deployment
● https://community.torproject.org/
relay/setup/bridge
● The future: “apt install tor-servers” ?
63
BridgeDB needs a feedback cycle
● Measure how much use each bridge
sees
● Measure bridge blocking
● Then adapt bridge distribution to
favor efficient distribution channels
● Need to invent new distribution
channels, eg Salmon from PETS 2015
64
Measuring bridge reachability
● Passive: bridges track incoming
connections by country; clients self-report
blockage (via some other bridge)
● Active: scan bridges from within the
country; or measure remotely via indirect
scanning
● Bridges test for duplex blocking
65
ooni.torproject.org
66
explorer.ooni.torproject.org
● I
67
Other upcoming designs
● FTE/Marionette: transform traffic
payloads according to a regexp or
a state machine
● Decoy routing: run a tap at an
ISP, look for steganographic tags,
inject responses from the middle
68
Arms races
● Censorship arms race is bad
● Surveillance arms race is worse
– And centralization of the Internet
makes it worse still
69
How can you help?
● Run an obfs4 bridge, be a Snowflake
● Teach your friends about Tor, and privacy
in general
● Help find – and fix – bugs
● Work on open research problems
(petsymposium.org)
● donate.torproject.org
70
71
72
Slide 1
Slide 2
Slide 3
Slide 4
Slide 5
Slide 6
Slide 7
Slide 8
Slide 9
Slide 10
Slide 11
Slide 12
Slide 13
Slide 14
Slide 15
Slide 16
Slide 17
Slide 18
Slide 19
directories
Slide 21
Slide 22
Slide 23
Slide 24
Slide 25
Slide 26
Slide 27
Slide 28
Slide 29
Slide 30
Slide 31
Slide 32
Slide 33
Slide 34
Slide 35
Slide 36
Slide 37
Slide 38
Slide 39
Slide 40
Slide 41
Slide 42
Slide 43
Slide 44
Slide 45
Slide 46
Slide 47
Slide 48
Slide 49
Slide 50
Slide 51
Slide 52
Slide 53
Slide 54
Slide 55
Slide 56
Slide 57
Slide 58
Slide 59
Slide 60
Slide 61
Slide 62
Slide 63
Slide 64
Slide 65
Slide 66
Slide 67
Slide 68
Slide 69
Slide 70
Slide 71
Slide 72