SlideShare a Scribd company logo

Introduction to Tor

Jaskaran Narula, profile picture
Jaskaran Narula

Tor is an anonymity network that allows users to browse the web anonymously. It works by routing traffic through a series of volunteer servers, or relays, that encrypt and then randomly route data in an attempt to make it untraceable. The Tor browser bundles this routing technology to allow users to access the open web as well as "hidden services" anonymously. While Tor provides anonymity, it has some weaknesses including potential traffic analysis of autonomous systems and exit node eavesdropping. The presentation provides an overview of how Tor works and relays, how to use Tor safely, and some common services found on Tor.

Internet
1 of 26
1
2
3
4
5
6
7
8
9
10
11
Most read
12
13
14
15
16
17
18
Most read
19
Most read
20
21
22
23
24
25
26
Introduction to Tor BY JASKARAN NARULA
About Me Blogger Security Enthusiast Intern @Techilaw.com Engineer
Agenda to Cover 1) Why do we need anonymity ? 2) Introduction to tor Network 2) What is Tor Browser(onion Browser ) 3) How tor Works 4) Concept behind Tor 5) What is tor relay ? How to be safe with tor 6) How to be safe with tor 7) Deep Links on Tor 8) Deep Sources about Tor 9) Tor Services
Why Do we Need Anonymity?
• To hide user identity from the website we visit • To hide our Internet usage from hacker • To circumvent out Censorship • To hide browsing pattern from Employer or ISP • To hide data packers even if they get captured.
What is Onion Routing ?? Onion is a flexible communications infrastructure that is resistant to both eavesdropping and traffic analysis. Onion routing was a method developed where the transparency of what is getting transferred was removed and messages and communication was done in a encrypted form. Onion routing was havinga lot of drawbacks due to which we need to develop a lot of new and advance features so as we can't even get tracked/monitored resulting we developed Tor Browser.
Onion/Tor Browser  The Onion Router (Tor) is an open-source software program that allows users to protect their privacy and security against a common form of Internet surveillance known as traffic analysis. Tor was originally developed for the U.S. Navy in an effort to protect government communications. The name of the software originated as an acronym for the Onion Router, but Tor is now the official name of the program.  It is the most used software, due to the services it hosts, in addition to its reliability over the years.
Introduction to Tor
How Tor Works??  Tor uses the same methodology and concepts which onion routing was using in it but tor also handles problems like traffic analysis, which has become a big issue. For which tor network sends the data packets by distributing your data over server places on the internet.  Now with this your connection is not directly established to any web server along with you data packets do not take any common route to that particular web server.  When we make a tor network, the tor software make a network where there a different servers and which have the information that from where the data is coming and to which next node/relay it needs to transfer.  No one individual server or the node knows the full path of the packet that transfers through it.
Introduction to Tor Network  Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing.  This is done by passing the data through a circuit of at least three different routers with packing the message packets with multiple IPs.  The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
Tor Routing
What is Tor Relay? In a normal language you can call tor relays as normal routers, but with some differences as well. In normal routing our path can be captured from where the request is generated and till where it will be going. Messages over this path are not encrypted. Messages over tor network are always encrypted from end-to-end, but there are some places where our request is not encrypted I.e the starting relay and (if possible in most cases) end relay.
DNS and DNS LEAK DNSLEAK is a website through which you can keep a track that what DNS you are giving to a web server and what is your actually DNS. How to use DNSLEAK • To to www.dnsleak.com from a normal web browser check your current ip and ISP's dns • Now go to tor browser and then go this website and check your ip and ISP's dns. Both the results will have a huge change.
Alternatives to Tor Browser  There are no. Of alternatives other than tor which helps you to be anonymous over the web.  I2P  Trails  Subgraph OS  Freenet  Freepto
Do Tor has Weakness?!
Weakness of Tor  Autonomous System(AS)eavesdropping  Exit node eavesdropping  Traffic-analysis attack  Tor exit node block  Bad Apple attack  Sniper attack  Heartbleed bug
Autonomous System(AS) Eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LAST or proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL or TLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
Bad Apple attack This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
Heartbleed bug  Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed.  The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
How to be Safe with Tor  Close your Camera/mic (Physical Awareness)  Be aware of Fraud websites (Bitcoins), and many other websites.  Don't use Windows. Just don't.  Do not use JavaScript over tor browser, Be very reluctant to compromise on JavaScript, Flash and Java. Disable them all by default.
• Do Encrypt your Data Storage • Do delete Cookies and site’s Local Data • Don’t use your Real Email • Don’t use Tor Browser Bundle • Do Update your System
Tor Services  Shopping Sites(Silk Road)  Search Engines  Illegal Sites  Forums  Hacking Communities  Bitcoin Mixers  Anonymous mail services  Tutorials Sites  Defense sites  Data dumps  Fake documents, fake passports, fake visa  Highly confidential documents
References :-  https://www.eff.org/torchallenge/what-is-tor.html  http://kpynyvym6xqi7wz2.onion/  Youtube vedios  Duck Duck go searches
Questions & Answers??!!
Thank you Find me @ Mail me @ :- jaskaran@rootcrack.com Twitter :- @JaskaranNarula Linkedin :- https://www.linkedin.com/in/jaskaran-narula/

More Related Content

PPT
Tor Presentation
Hassan Faraz
 
PPTX
Tor Network
Muhammad Jabir A C K
 
PPTX
TOR NETWORK
Rishikese MR
 
PPTX
Tor the onion router
Ashly Liza
 
PPTX
The Dark Web
Suraj Jaundoo
 
PPTX
Onion protocol
Anshu Raj
 
PPTX
Dark Web and Privacy
Brian Pichman
 
PPTX
Tor the onion router
n|u - The Open Security Community
 
Tor Presentation
Hassan Faraz
 
Tor Network
Muhammad Jabir A C K
 
TOR NETWORK
Rishikese MR
 
Tor the onion router
Ashly Liza
 
The Dark Web
Suraj Jaundoo
 
Onion protocol
Anshu Raj
 
Dark Web and Privacy
Brian Pichman
 
Tor the onion router
n|u - The Open Security Community
 

What's hot (20)

PPTX
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
PPTX
Investigating Using the Dark Web
Case IQ
 
PPTX
Dark web markets: from the silk road to alphabay, trends and developments
Andres Baravalle
 
PPTX
Dark web
Safwan Hashmi
 
PDF
Darknet
Shubham Dwivedi
 
PPTX
Tor: The Second Generation Onion Router
Mohammed Bharmal
 
PPTX
The Dark side of the Web
Paula Ripoll Cacho
 
PDF
Dark Web Forensics
Deepak Kumar (D3)
 
PPTX
Journey To The Dark Web
MiteshWani
 
PPTX
PPT dark web
jitiyaashwin
 
PPTX
The Dark Web
Connor Willer
 
PPTX
Introduction to anonymity network tor
Khaled Mosharraf
 
PDF
ABOUT DARK WEB
VenkatVs7
 
PPTX
Packet sniffing
Shyama Bhuvanendran
 
PPTX
Dark web presentation
To Mal
 
PPTX
Firewall and Types of firewall
Coder Tech
 
PPTX
Dark wed
AraVind Pillai
 
PPTX
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
PPTX
Aircrack
MuhammadHanzalah6
 
PPTX
The Deep Web, TOR Network and Internet Anonymity
Abhimanyu Singh
 
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
Investigating Using the Dark Web
Case IQ
 
Dark web markets: from the silk road to alphabay, trends and developments
Andres Baravalle
 
Dark web
Safwan Hashmi
 
Darknet
Shubham Dwivedi
 
Tor: The Second Generation Onion Router
Mohammed Bharmal
 
The Dark side of the Web
Paula Ripoll Cacho
 
Dark Web Forensics
Deepak Kumar (D3)
 
Journey To The Dark Web
MiteshWani
 
PPT dark web
jitiyaashwin
 
The Dark Web
Connor Willer
 
Introduction to anonymity network tor
Khaled Mosharraf
 
ABOUT DARK WEB
VenkatVs7
 
Packet sniffing
Shyama Bhuvanendran
 
Dark web presentation
To Mal
 
Firewall and Types of firewall
Coder Tech
 
Dark wed
AraVind Pillai
 
Tools for Open Source Intelligence (OSINT)
Sudhanshu Chauhan
 
Aircrack
MuhammadHanzalah6
 
The Deep Web, TOR Network and Internet Anonymity
Abhimanyu Singh
 
Ad

Similar to Introduction to Tor (20)

PPTX
Onion routing and tor: Fundamentals and Anonymity
anurag singh
 
PDF
Anonymity in the web based on routing protocols
Biagio Botticelli
 
PDF
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
IRJET Journal
 
PPTX
.Onion
KajolPatel17
 
PDF
Anonymity Network TOR
A.K.M Bahalul Haque Pallob
 
PDF
Control the tradeoff between performance and anonymity through end to-end t (2)
IAEME Publication
 
PDF
Anonymity in the Web based on Routing Protocols
Biagio Botticelli
 
PPTX
Lesson 1. General Introduction to IT and Cyber Security.pptx
Jezer Arces
 
PDF
A framework for practical vulnerabilities of the tor (the onion routing) anon...
IAEME Publication
 
PDF
A framework for practical vulnerabilities of the tor (the onion routing) anon...
IAEME Publication
 
PPTX
Cyber_Threat_Intelligent_Cyber_Operation_Contest
nkrafacyberclub
 
PPTX
tor
Sunil Agarwal
 
PPT
Tor
Bharat Sabne
 
PDF
(130727) #fitalk anonymous network concepts and implementation
INSIGHT FORENSIC
 
PPT
Hacking Tor ( How does Tor work ?)
Saprative Jana
 
PDF
TOR Packet Analysis - Locating Identifying Markers
Brent Muir
 
PPT
Tor
STIinnsbruck
 
DOCX
Firewall configuration
Nutan Kumar Panda
 
DOCX
Tor Browser
Hamza Khan
 
PPTX
Anonymous traffic network
Apurv Singh Gautam
 
Onion routing and tor: Fundamentals and Anonymity
anurag singh
 
Anonymity in the web based on routing protocols
Biagio Botticelli
 
Comparison of Anonymous Communication Networks-Tor, I2P, Freenet
IRJET Journal
 
.Onion
KajolPatel17
 
Anonymity Network TOR
A.K.M Bahalul Haque Pallob
 
Control the tradeoff between performance and anonymity through end to-end t (2)
IAEME Publication
 
Anonymity in the Web based on Routing Protocols
Biagio Botticelli
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Jezer Arces
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
IAEME Publication
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
IAEME Publication
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
nkrafacyberclub
 
tor
Sunil Agarwal
 
Tor
Bharat Sabne
 
(130727) #fitalk anonymous network concepts and implementation
INSIGHT FORENSIC
 
Hacking Tor ( How does Tor work ?)
Saprative Jana
 
TOR Packet Analysis - Locating Identifying Markers
Brent Muir
 
Tor
STIinnsbruck
 
Firewall configuration
Nutan Kumar Panda
 
Tor Browser
Hamza Khan
 
Anonymous traffic network
Apurv Singh Gautam
 
Ad

Recently uploaded (20)

PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PPTX
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
PPT
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PPT
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
Database Information System - Management Information System
faizhossain3
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Internet___Basics___Styled_ presentation
poonam62133
 
Funds Management Learning Material for Beg
NKKumar16
 
Database Information System - Management Information System
faizhossain3
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
artificial intelligence overview of it and more
yafotin445
 

Introduction to Tor

  • 1. Introduction to Tor BY JASKARAN NARULA
  • 3. Agenda to Cover 1) Why do we need anonymity ? 2) Introduction to tor Network 2) What is Tor Browser(onion Browser ) 3) How tor Works 4) Concept behind Tor 5) What is tor relay ? How to be safe with tor 6) How to be safe with tor 7) Deep Links on Tor 8) Deep Sources about Tor 9) Tor Services
  • 4. Why Do we Need Anonymity?
  • 5. • To hide user identity from the website we visit • To hide our Internet usage from hacker • To circumvent out Censorship • To hide browsing pattern from Employer or ISP • To hide data packers even if they get captured.
  • 6. What is Onion Routing ?? Onion is a flexible communications infrastructure that is resistant to both eavesdropping and traffic analysis. Onion routing was a method developed where the transparency of what is getting transferred was removed and messages and communication was done in a encrypted form. Onion routing was havinga lot of drawbacks due to which we need to develop a lot of new and advance features so as we can't even get tracked/monitored resulting we developed Tor Browser.
  • 7. Onion/Tor Browser  The Onion Router (Tor) is an open-source software program that allows users to protect their privacy and security against a common form of Internet surveillance known as traffic analysis. Tor was originally developed for the U.S. Navy in an effort to protect government communications. The name of the software originated as an acronym for the Onion Router, but Tor is now the official name of the program.  It is the most used software, due to the services it hosts, in addition to its reliability over the years.
  • 9. How Tor Works??  Tor uses the same methodology and concepts which onion routing was using in it but tor also handles problems like traffic analysis, which has become a big issue. For which tor network sends the data packets by distributing your data over server places on the internet.  Now with this your connection is not directly established to any web server along with you data packets do not take any common route to that particular web server.  When we make a tor network, the tor software make a network where there a different servers and which have the information that from where the data is coming and to which next node/relay it needs to transfer.  No one individual server or the node knows the full path of the packet that transfers through it.
  • 10. Introduction to Tor Network  Tor aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing.  This is done by passing the data through a circuit of at least three different routers with packing the message packets with multiple IPs.  The data that passes through the network is encrypted, but at the beginning and end node, there is no encryption.
  • 12. What is Tor Relay? In a normal language you can call tor relays as normal routers, but with some differences as well. In normal routing our path can be captured from where the request is generated and till where it will be going. Messages over this path are not encrypted. Messages over tor network are always encrypted from end-to-end, but there are some places where our request is not encrypted I.e the starting relay and (if possible in most cases) end relay.
  • 13. DNS and DNS LEAK DNSLEAK is a website through which you can keep a track that what DNS you are giving to a web server and what is your actually DNS. How to use DNSLEAK • To to www.dnsleak.com from a normal web browser check your current ip and ISP's dns • Now go to tor browser and then go this website and check your ip and ISP's dns. Both the results will have a huge change.
  • 14. Alternatives to Tor Browser  There are no. Of alternatives other than tor which helps you to be anonymous over the web.  I2P  Trails  Subgraph OS  Freenet  Freepto
  • 15. Do Tor has Weakness?!
  • 16. Weakness of Tor  Autonomous System(AS)eavesdropping  Exit node eavesdropping  Traffic-analysis attack  Tor exit node block  Bad Apple attack  Sniper attack  Heartbleed bug
  • 17. Autonomous System(AS) Eavesdropping If an Autonomous System (AS) exists on both path segments from a client to entry relay and from exit relay to destination, such an AS can statistically correlate traffic on the entry and exit segments of the path and potentially infer the destination with which the client communicated. In 2012, LAST or proposed a method to predict a set of potential ASes on these two segments and then avoid choosing this path during path selection algorithm on client side. In this paper, they also improve latency by choosing shorter geographical paths between client and destination.
  • 18. Exit node eavesdropping As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it that does not use end-to-end encryption such as SSL or TLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data
  • 19. Bad Apple attack This attack against Tor consists of two parts: (a) exploiting an insecure application to reveal the source IP address of, or trace, a Tor user and (b) exploiting Tor to associate the use of a secure application with the IP address of a user (revealed by the insecure application). As it is not a goal of Tor to protect against application-level attacks, Tor cannot be held responsible for the first part of this attack. However, because Tor's design makes it possible to associate streams originating from secure application with traced users, the second part of this attack is indeed an attack against Tor. The second part of this attack is called the bad apple attack. (The name of this attack refers to the saying 'one bad apple spoils the bunch.' This wording is used to illustrate that one insecure application on Tor may allow to trace other applications.)
  • 20. Heartbleed bug  Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security(TLS) protocol. The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed.  The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor's multi-hop design minimizes the impact of exploiting a single relay.
  • 21. How to be Safe with Tor  Close your Camera/mic (Physical Awareness)  Be aware of Fraud websites (Bitcoins), and many other websites.  Don't use Windows. Just don't.  Do not use JavaScript over tor browser, Be very reluctant to compromise on JavaScript, Flash and Java. Disable them all by default.
  • 22. • Do Encrypt your Data Storage • Do delete Cookies and site’s Local Data • Don’t use your Real Email • Don’t use Tor Browser Bundle • Do Update your System
  • 23. Tor Services  Shopping Sites(Silk Road)  Search Engines  Illegal Sites  Forums  Hacking Communities  Bitcoin Mixers  Anonymous mail services  Tutorials Sites  Defense sites  Data dumps  Fake documents, fake passports, fake visa  Highly confidential documents
  • 24. References :-  https://www.eff.org/torchallenge/what-is-tor.html  http://kpynyvym6xqi7wz2.onion/  Youtube vedios  Duck Duck go searches
  • 26. Thank you Find me @ Mail me @ :- [email protected] Twitter :- @JaskaranNarula Linkedin :- https://www.linkedin.com/in/jaskaran-narula/