[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] r25736: {} add my presentation from today. (in projects/presentations: . images)
Author: phobos
Date: 2012-08-01 01:25:30 +0000 (Wed, 01 Aug 2012)
New Revision: 25736
Added:
projects/presentations/2012-07-31-DHS-Tor-Overview.pdf
projects/presentations/2012-07-31-DHS-Tor-Overview.tex
projects/presentations/images/security-blocks-dec2011.png
Log:
add my presentation from today.
Added: projects/presentations/2012-07-31-DHS-Tor-Overview.pdf
===================================================================
(Binary files differ)
Property changes on: projects/presentations/2012-07-31-DHS-Tor-Overview.pdf
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: projects/presentations/2012-07-31-DHS-Tor-Overview.tex
===================================================================
--- projects/presentations/2012-07-31-DHS-Tor-Overview.tex (rev 0)
+++ projects/presentations/2012-07-31-DHS-Tor-Overview.tex 2012-08-01 01:25:30 UTC (rev 25736)
@@ -0,0 +1,301 @@
+\documentclass{beamer}
+\mode<presentation>
+\usetheme{Boadilla}
+\title{DHS Tor Overview}
+\author{Andrew Lewman \\ andrew@xxxxxxxxxxxxxx}
+\date{July 31, 2012}
+\begin{document}
+
+\begin{frame}
+\maketitle
+\begin{center}
+\includegraphics[height=3cm]{./images/2009-tor-logo}
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{What are we talking about?}
+\begin{itemize}
+\item Crash course on anonymous communications
+\item Quick overview of Tor
+\item Quick overview of Tor Hidden Services
+\item Future directions
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{The Tor Project, Inc.}
+501(c)(3) non-profit organization dedicated to the research and development of technologies for online anonymity and privacy
+\begin{center}
+\includegraphics[height=5cm]{./images/2009-oval_sticker_new}
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{What is anonymity?}
+\includegraphics[width=10cm]{./images/2llg3ts}
+\end{frame}
+
+\begin{frame}
+\frametitle{Anonymity isn't cryptography}
+\begin{itemize}
+\item Cryptography protects the contents in transit
+\item You still know who is talking to whom, how often, and how much data is sent.
+\end{itemize}
+\begin{center}
+\includegraphics[width=5cm]{./images/encryption-cc-by-sa}
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Anonymity isn't steganography}
+Attacker can tell Alice is talking to someone, how often, and how much data is sent.
+\bigskip
+
+\begin{center}
+\includegraphics[width=5cm]{./images/steganography-cc-by-sa}
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Anonymity isn't just wishful thinking...}
+\begin{itemize}
+\item "You can't prove it was me!"
+\pause \item "Promise you won't look"
+\pause \item "Promise you won't remember"
+\pause \item "Promise you won't tell"
+\pause \item "I didn't write my name on it!"
+\pause \item "Isn't the Internet already anonymous?"
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{..since "weak" isn't anonymity.}
+\begin{itemize}
+\item \textit{"You can't prove it was me!"} Proof is a very \textbf{strong} word. Statistical analysis allows suspicion to become certainty.
+\pause \item \textit{"Promise you won't look/remember/tell"} Will other parties have the abilities and incentives to keep these promises?
+\pause \item \textit{"I didn't write my name on it!"} Not what we're talking about.
+\pause \item \textit{"Isn't the Internet already anonymous?"} Nope!
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Anonymous communication}
+\begin{itemize}
+\item People have to hide in a crowd of other people ("anonymity loves company")
+\item The goal of the system is to make all users look as similar as possible, to give a bigger crowd
+\item Hide who is communicating with whom
+\item Layered encryption and random delays hide correlation between input traffic and output traffic
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Low versus High-latency anonymous communication systems}
+\begin{itemize}
+\item Tor is not the first system; ZKS, mixmaster, single-hop proxies, Crowds, Java Anon Proxy.
+\item Low-latency systems are vulnerable to end-to-end correlation attacks.
+\item High-latency systems are more resistant to end-to-end correlation attacks, but by definition, less interactive.
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Low-latency systems are generally more attractive to today's user}
+\begin{itemize}
+\item Interactive apps: web, instant messaging, VOIP, ssh, X11, cifs/nfs, video streaming (millions of users)
+\item Multi-hour delays: email, nntp, blog posting? (tens of thousands of users?)
+\pause \item \begin{center}\begin{Large}And if anonymity loves company...\end{Large}\end{center}
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{What is Tor?}
+\begin{itemize}
+\item online anonymity software and network
+\pause \item open source, freely available (3-clause BSD license)
+\pause \item active research environment: \\
+Drexel, Univ of Waterloo, Georgia Tech, Princeton, Boston University, University College London, Univ of Minnesota, National Science Foundation, Naval Research Labs, Cambridge UK, Bamberg Germany, MIT...
+\pause \item increasingly diverse toolset: \\
+Tor, Tor Browser Bundle, Tails LiveCD, Tor Weather, Tor auto-responder, Secure Updater, Orbot, Torora, Tor Check, Arm, Nymble, Tor Control, and so on.
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Other Systems}
+\begin{itemize}
+\item VPN - Virtual Private Network, 1 to 1 connection, can redirect all traffic, generally encrypted
+\pause \item Proxy - 1 to 1 connection, per application traffic redirection, sometimes encrypted
+\pause \item I2P - Garlic routing, closed network, anonymity and reputation
+\pause \item Freenet - closed network, anonymity, distributed file storage and sharing
+\pause \item GNUnet - closed network, anonymity, distributed file storage and sharing
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{How is Tor different from other systems?}
+\begin{overlayarea}{9cm}{6cm}
+\only<1>{\includegraphics[height=7cm]{./images/single_hop_relay}}
+\only<2>{\includegraphics[height=7cm]{./images/evil_single_hop_relay}}
+\only<3>{\includegraphics[height=7cm]{./images/data_snooping_single_hop_relay}}
+\end{overlayarea}
+\end{frame}
+
+\begin{frame}
+\frametitle{Who uses Tor?}
+\parbox{8cm}{\sloppy \setbeamercolor{background}[\includegraphics[scale=0.35]{./images/anonymousman}}
+\parbox{3cm}{\sloppy
+\begin{flushleft}
+\begin{itemize}
+\begin{small}
+\item Normal people
+\item Law Enforcement
+\item Human Rights Activists
+\item Business Execs
+\item Militaries
+\item Abuse Victims
+\end{small}
+\end{itemize}
+\end{flushleft}
+}
+\end{frame}
+
+\begin{frame}
+\frametitle{Who uses Tor?}
+\begin{itemize}
+\item <1> \textit{Normal users} \\ linking sensitive information to their current identities, online advertising networks, search engines, censorship circumvention
+\item <2> \textit{Law enforcement}\\ accidental disclosure to targets, family and friend concerns, separating work from home life
+\item <3> \textit{Rights Activists}\\ Personal safety, family safety, narrowly-defined publicity, censorship circumvention
+\item <4> \textit{Business Execs}\\ separating work from home life, competitor research, censorship circumvention
+\item <5> \textit{Abuse Victims and Survivors}\\ complete separation of past abuse and current life, finding help and safety, need to help others anonymously
+\item <6> \textit{Militaries}\\ intelligence gathering, separating work from home life, other activities
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Doesn't Tor enable criminals to do bad things?}
+\begin{quotation}
+\noindent \includegraphics[width=1cm]{./images/opquo}\quad Criminals can already do bad things. Since they're willing to break laws, they already have lots of options available that provide better privacy than Tor provides.
+\end{quotation}
+\flushright
+\small source: https://www.torproject.org/docs/faq-abuse.html.en\#WhatAboutCriminals
+\end{frame}
+
+\begin{frame}
+\frametitle{Breakdown of suspect traffic on the Internet}
+\begin{center}
+\begin{tabular}{|c|r|}
+\hline
+\textit{Category} & \textit{Percent}\\
+\hline Botnets & 79.59 \\
+\hline Malicious URLS & 14.32\\
+\hline Antivirus & 3.40\\
+\hline XSS & 1.21\\
+\hline Cookie Stealing & 1.07\\
+\hline Phishing & 0.20\\
+\hline Browser Exploits & 0.10\\
+\hline Adware \& Spyware & 0.07\\
+\hline WRI & 0.02\\
+\hline Anonymizers & 0.02\\
+\hline
+\end{tabular}
+\end{center}
+\flushright
+\tiny source: http://research.zscaler.com/2011/12/web-threats-trends-and-statistics.html
+\end{frame}
+
+\begin{frame}
+\frametitle{estimated 500k to 900k daily users}
+\includegraphics[scale=0.4]{./images/huge-crowd}
+\end{frame}
+
+\begin{frame}
+\frametitle{Tor hides communication patterns by relaying data through volunteer servers}
+\begin{center}
+\begin{overlayarea}{9cm}{6cm}
+\only<1>{\includegraphics[width=9cm]{./images/tor-network}}
+\only<2>{\includegraphics[width=9cm]{./images/tor-safe-selection}}
+\only<3>{\includegraphics[width=9cm]{./images/tor-safe-path}}
+\only<4>{\includegraphics[width=9cm]{./images/tor-keys1}}
+\end{overlayarea}
+\flushright
+\tiny Diagram: Robert Watson
+\end{center}
+\end{frame}
+
+\begin{frame}
+\frametitle{Vidalia Network Map}
+\includegraphics[scale=0.4]{./images/vidalia-network-map}
+\end{frame}
+
+\begin{frame}
+\frametitle{Metrics}
+\begin{itemize}
+\item Measuring metrics anonymously
+\item NSF grant to find out
+\item Archive of hourly consensus, ExoneraTor, VisiTor
+\item Metrics portal: \\ \url{https://metrics.torproject.org/}
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Tor hidden services allow privacy enhanced hosting of services}
+\includegraphics[scale=0.5]{./images/hidden-federalist}
+\end{frame}
+
+\begin{frame}
+\frametitle{dot onion you say?}
+\includegraphics[scale=0.6]{./images/hidden-federalist-zoom}
+\end{frame}
+
+\begin{frame}
+\frametitle{Hidden Services, in graphics}
+\begin{overlayarea}{9cm}{6cm}
+\only<1>{\includegraphics[scale=0.5]{../../website/trunk/images/THS-1}}
+\only<2>{\includegraphics[scale=0.5]{../../website/trunk/images/THS-2}}
+\only<3>{\includegraphics[scale=0.5]{../../website/trunk/images/THS-3}}
+\only<4>{\includegraphics[scale=0.5]{../../website/trunk/images/THS-4}}
+\only<5>{\includegraphics[scale=0.5]{../../website/trunk/images/THS-5}}
+\only<6>{\includegraphics[scale=0.5]{../../website/trunk/images/THS-6}}
+\end{overlayarea}
+\end{frame}
+
+\begin{frame}
+\frametitle{Operating Systems leak info like a sieve}
+\parbox{5cm}{\sloppy \setbeamercolor{background}[\includegraphics[height=7cm]{./images/cropped-hijack-sign-south-africa}}
+\parbox{5cm}{\begin{itemize}
+\item Applications, network stacks, plugins, oh my....
+\pause some call this "sharing"
+\pause \item Did you know Microsoft Word and OpenOffice Writer are browsers?
+\pause \item \url{www.decloak.net} is a fine test
+\end{itemize}
+}
+\end{frame}
+
+\begin{frame}
+\frametitle{Mobile Operating Systems}
+\begin{itemize}
+\item Entirely new set of challenges for something designed to know where you are at all times.
+\item Orbot: Tor on Android. \url{https://guardianproject.info/apps/}
+\item Tor on iphone, maemo/meego, symbian, etc
+\item Tor on Windows Mobile, \url{http://www.gsmk.de} as an example.
+\item Guardian Project, \url{https://guardianproject.info/}
+\end{itemize}
+\end{frame}
+
+\begin{frame}
+\frametitle{Thanks!}
+\includegraphics[scale=0.6]{./images/thankyou_img}
+\flushright
+Visit \url{https://www.torproject.org/} for more information, links, and ideas.
+\end{frame}
+
+\begin{frame}
+\frametitle{Credits \& Thanks}
+\begin{itemize}
+\item who uses tor? \url{http://www.flickr.com/photos/mattw/2336507468/siz}, Matt Westervelt, CC-ÂBY-ÂSA.
+\item danger!, \url{http://flickr.com/photos/hmvh/58185411/sizes/o/}, hmvh, CC-ÂBY-ÂSA.
+\item 500k, \url{http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/}, Luka Skracic, used with permission.
+\item zscaler research, http://research.zscaler.com/2011/12/web-threats-trends-and-statistics.html
+\end{itemize}
+\end{frame}
+
+\end{document}
Property changes on: projects/presentations/2012-07-31-DHS-Tor-Overview.tex
___________________________________________________________________
Added: svn:mime-type
+ text/x-tex
Added: projects/presentations/images/security-blocks-dec2011.png
===================================================================
(Binary files differ)
Property changes on: projects/presentations/images/security-blocks-dec2011.png
___________________________________________________________________
Added: svn:mime-type
+ image/png
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits