28c3: Taking control over the Tor network

Download high quality version: bit.ly Description: events.ccc.de Eric Filiol, Seun Omosowon: Taking control over the Tor network This talk deals with weaknesses identified in the TOR network protocol and cryptography implementation. We manage to take control over users using this network and to access all your information and data exchanged despite cryptography. The TOR network is one of the most famous way to use Internet in a anonymous and secure way at least supposedly. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user’s location or usage from someone conducting network surveillance or traffic analysis. Aside protocol-oriented aspects, TOR security relies heavily on cryptography. The aim of this talk is to explain how it is possible to take over a significant part of the TOR network not to say over the whole network. We have identified two classes of weaknesses in the way Onion routers (Ors) are managed: a first class of weaknesses relates to the way the routes among Ors. It is possible to influence and to force users to use arbitrary Ors and hence control which route they take. A second class of weaknesses relates to the way cryptography is implemented. Bu using malware-based attacks and the concept of dynamic cryptographic backdoors we have succeeded to circumvent the cryptography in place without removing it. We present different possible attack scenarii which are malware-based or not (depending …