A Torifying Tale

0 views

Formal Metadata

Title
A Torifying Tale
Subtitle
Our experiences of building and running Tor servers
Title of Series
Number of Parts
85
Author
Bjorksten, Gustaf
License
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Chaos Computer Club e.V.
Release Date
2015
Language
English

Content Metadata

Subject Area
Abstract
In the spirit of “Failosophy” we would like to give a brief talk about the mistakes we made, and lessons we learned, in running Tor bridge, relay, and exit nodes.
Loading...
Telecommunication Server (computing) Building Chaos (cosmogony) Extension (kinesiology)
Server (computing) Channel capacity Server (computing) Chemical equation Multiplication sign Chemical equation Digital signal Expected value Computer network Normal (geometry) Configuration space Right angle Office suite Digitizing Vulnerability (computing) Tunis
Telecommunication Chaos (cosmogony) Right angle Digital signal Pressure Digitizing Units of measurement Tunis
Point (geometry) Slide rule Ferry Corsten Channel capacity Online help Mereology Goodness of fit Telecommunication Bridging (networking) Computer network Software Diagram Information security Area Channel capacity Software developer Physical law Chaos (cosmogony) Digital signal Incidence algebra Line (geometry) Telecommunication Blog Computer network Vertex (graph theory) Right angle Information security Pressure Digitizing Separation axiom
Point (geometry) Mobile app Greatest element Spacetime Point cloud Internetworking Bridging (networking) Computer network Oval Computer network Bridging (networking) Website Resultant
Ferry Corsten Cellular automaton Finitary relation Chaos (cosmogony) Word Cross-correlation Internetworking Telecommunication Bridging (networking) Computer network Oval Computer network Bridging (networking)
Point (geometry) Mapping Total S.A. Number Uniform resource locator Arithmetic mean Goodness of fit Population density Internetworking Internetworking Term (mathematics) Hypermedia Vertex (graph theory) Diagram
Point (geometry) Fiber Default (computer science) Server (computing) Building Service (economics) Mapping Server (computing) Operator (mathematics) Price index Position operator Uniform resource locator Internetworking Optics Computer network Band matrix Operator (mathematics) Cuboid Right angle Subtraction Position operator
Band matrix Position operator Optical disc drive Telecommunication Ferry Corsten Server (computing) Band matrix Internet service provider Vertex (graph theory) Operator (mathematics) Chaos (cosmogony) Identical particles
Server (computing) Process (computing) Ferry Corsten Server (computing) Multiplication sign Shared memory Operator (mathematics) Denial-of-service attack Solid geometry Mereology Band matrix Position operator Term (mathematics) Band matrix Internet service provider Vertex (graph theory) Website Resource allocation
Server (computing) Integrated development environment Ferry Corsten Internet service provider Chemical equation Multiplication sign Vertex (graph theory) Central processing unit Information systems Number
Socket-Schnittstelle Read-only memory Musical ensemble Spacetime Server (computing) Chemical equation Attribute grammar Virtual reality Resource allocation Read-only memory Band matrix MiniDisc Central processing unit Central processing unit MiniDisc Subtraction
Process (computing) Information Chemical equation Server (computing) Direction (geometry) Vertex (graph theory) Virtual machine Configuration space Backup Error message Number Twitter
Suite (music) Personal digital assistant Operator (mathematics) Oval Self-organization Bit Electronic mailing list Office suite Incidence algebra Lie group Number
Process (computing) Strategy game Chemical equation Multiplication sign Vertex (graph theory) Quicksort Average Resultant
Word Process (computing) Ferry Corsten Chemical equation Operator (mathematics) Dependent and independent variables Online help Digital signal Information security Resultant Formal language
Expected value Writing Category of being Thread (computing) Operator (mathematics) Data management Perspective (visual) Inference Vulnerability (computing)
Email Video game Multiplication sign Shared memory Self-organization Error message Reading (process)
Bridging (networking) Ferry Corsten Projective plane Vertex (graph theory) Point cloud Proxy server Field (computer science)
Point (geometry) Information Ferry Corsten Combinational logic Cartesian coordinate system Disk read-and-write head Uniform resource locator Cross-correlation Roundness (object) Bridging (networking) Term (mathematics) Square number Vertex (graph theory) Quantum Quicksort Family Metropolitan area network Fiber (mathematics)
Quicksort
Musical ensemble Ferry Corsten Multiplication sign Sound effect Connected space Message passing Cross-correlation Integrated development environment Strategy game Internetworking Bridging (networking) Computer network Linearization Vertex (graph theory) Right angle Communications protocol Proxy server
Multiplication sign Chemical equation Computer network Mathematical analysis Right angle Data type
Hypermedia Ring (mathematics)
OK please around them at the ghost of the extent OK thank you an if months because that gets the from the Chief Technologist at the international
Digital Rights and you're access and we've been running for servers since 2009 and in the in the spirit of philosophy I had to tell you about some of our experiences it's going to be fairly high level and in this talk I hope to encourage some of you to participate in providing picture capacity to the tall normalization network so what this talk will cover how give you a quick introduction to access And then I'll talk about now
experiences with hosting issues serve balance I would actually be talking about configuration tweaks I just put in there to let you know that that's proble what everyone else would talk about all talk about handling of abuse claims and managing vulnerabilities and user expectations so access is as a set of international had digital human rights NGO we have offices in New York or Washington DC a Brussels in Belgium and Tunisia in North Africa Miller in the Philippines San Jose in costa rica where I'm currently based and we have members in India Kenya Argentina and Australia and were expanding all the time so l mission is to defend and extend the digital rights abuses that risk around the world and we do that
through 3 approaches we have a policy approach which it hopes to that influence legislators and policymakers around the world or to put in place the legislation that a fundamentally protects the digital rights of users we also have we haven't advocacy and that I really have to approaches 1 is to run campaigns and
try and get grassroots support to put pressure on and governments or corporations to do the right thing and the 2nd thing which we've started doing is a lobbying and so we have to lobbying units 1 is in DC for the the US
domestic area and the other is in Brussels hopefully to the lobby and put pressure on the European commission to to get them to do the right thing there but what we've found is that those 2 those 2 Assange's so DC for the U.S. area and Brussels all European Commission whatever whatever legislation goes in place there will use the then filter at out to other parts around the world so you know don't be data retention no laws put in place and then you know you'll see them pop up in Sub-Saharan Africa or or was Southeast Asia and lastly we have a technology and also bit bit more about what the tech does so the main thing is that we run a 24 by 7 by 365 a digital security help Qantas' was society and so that is a primarily assisting
journalists human rights defenders bloggers activists around the world and to have anything to do with in a in tips a securities so you helping them set up secure communications and helping them if so very the victim of a security incident and we help them recover from that and so on we do a small amount of separate development you see that in support of the help line that the last thing that we do as I mentioned before is capacity for the Tor network so what is the perfidy look like an old go through some diagrams in the following slides to to illustrate but the tool network is made up of bridges were entry point into the network and realize and then exit nodes and as it says there we have decided not to be in the in the business of goods
the and as with everything in the deliberation technologies spies in this place that we operate in a trust is the killer app and there's nothing like it there's no app that's gonna come close to being able to have trust in this space and I'll show you how that applies in the Tor network so this is the hat or analyzing network you have a user when that
user uses the Tor network that allocated a bridge is that entry point to the network the traffic will bounce around through realize in the in normalizing cloud there and then the traffic will pop out the eggs node to the results that the user wishes to go to as you'll notice there of marking down the bottom some rogue nodes road bridge and a road we assume that entities that want to defeated the anon
mising the purpose of the of the Tor network are running you know rise of of bridges and a rise of eggs at the shrine the compromise the network and so if a user users of a road bridge and they are also attended word eggs that thing you can do a correlation attack our between those and possibly identify that that traffic a belongs to that user which we don't want that diene normalizes the network so we're looking for and is this scenario where the you know if if the user is allocated 1 that bridge that's compromise or endanger this compromise that correlation attack should not be able to return so the quizzes wrestler trust is secure and
what's really needed is trusted bridges and trusted exits we don't want anyone learning bridges and exhibits because then you destroy the trust for access 1 run bridges and exits because then we could be accused of all been never do that correlation attack ourselves cells and obviously we don't want that so we've chosen just concentrate on exits and to to to to to defeat this this attack so
the learning so the 1st thing is hosting issues and the 1st hosting issue is location what location that's to to put your 2 nodes in now this is a higher credit commons diagram which shows a 2 things that shows the wrong number up all Tor users from countries and it also shows the mean of the density of users in those countries using talk so how many per 100 thousand as in Internet users in that country what what we're looking at really here is the raw numbers as you can see there's a lot of and the Tor users in the U.S. of as a lot of in Europe
in Germany and Italy France and spine and and the thing is I don't know you have the evidence to to know directly point this but my got feeling is that that Tories good for those users because what we see is that the vast majority of tall infrastructure is in those countries they in Europe that in your side particularly in terms of Europe here in Germany and so everything is going fine we try and tell someone in and the media to use tall and they tell you it's 2 slot and that's probably a fair thing because if you look at Africa up on that map it's tiny is a tiny number of Tor users there that is that because they don't know about it is it because they're not connected but certainly there's no shortage of need that for tall in Africa and and and likewise in Inner Asia and Southeast Asia that's a region of the world that has more than half the world's total population the ends it has more than half the total Internet users and yet we see a very small number of Tor
users from there so I think the thing is that we need more infrastructure in different places in places where it currently is isn't so if you got around or nodes let's try and put them in those locations that all matter this is a terribly simplified map of submarine cables around the world of a what does show is that you know if you wanted
to have tall service that was servicing as a West Africa it'll give you an indication of where might be good places to locate the so you know there's certain points on this map of that I think would be ideal to add more to service like in a Brazil as Singapore at places like that so I keep that in mind so more hosting issues commercial operators when you know approach them and so I wanna run on the right of a tall servers alike right he comes to money so the default position is always going to be to say yes yes we can serve you will take your money and then you know you got through all effort of building boxes configuring and tweaking them learning about the environment and and then suddenly they tell them off and because their consequences that
2 running at 2 1 odds particularly at Tor exit nodes the 1st of those is abuse crimes where we know that
wild 4 is a fantastic tool of for protecting identity of users at risk that it is obviously also used but by people care for nefarious purposes and so the when you run exit nodes that people will be attacked and unify contact the hosting provider then that can become an issue that sustained bandwidth is another issue so normally when you know get some hosting and you put up a
website you know might be concerned about the speed of that website and get a large share bandwidth with allocation and but the reality is that most little time to think not getting anywhere near that mark if you take you know just after lunch and so on about for the most part in terms of the hosting Provider modern issue but if you run the Tor exit nodes for example it's just going to be all of at is going to be a solid bandwidth stock and if the hosting providers not prepared for that
than that can cause an issue is obviously also retribution attacks so someone gets attacked through your exit node and instead of going to the normal process of notifying the hosting provider and so on they will just no far up DOS attack something and they can also be pressure from law-enforcement sorry no sometimes we run up a Tor servers and it gets shut off by the Housing divided and they won't tell you why and become a suspect that that might have some to do it so what can you do it and I can certainly explain to them up from and explain to them what Tor is explained to them what the consequences might be than but you know we're without again the trust relationship between you and the
hosting provider it's very very very frustrating is you can put in an enormous amount of work to get your tool nodes are
running well I need to have and turned off you need to monitor access to both servers
you know the the the thing is that everyone make sure that those those servers not compromised so you need to monitor them to set the balance is the next challenge we started out by taking bare-metal servers and just running 1 node on and you know and working with that and then we realized at the time that it seemed to go much much better where we took a bare-metal server with a lot of credibility and then ran a huge number of a virtual a Tor exit nodes on top of that so I can't I can't tell you what you know what how much RAM compared to how much CPU molecular thing you need have because every environment is different but you can you know use a systematic approach that to that problem that to work out
what is best so there is no war you know more resources bandwidth latency so if you memory disk space and so on but what you find is that you start to optimize something that's a problem so that's it's band with so you work on that get that so that that's can optimize then you'll start finding that there's a CPU problem or a disk problem so just dedicate working at the
but the problem that's the closest the pen and and hopefully you will get a nasty the optimized mission that as I said before if you virtualize it gives you more stroke intensive juggling those resources and I think that's what made or a difference for us so we start to get it right it just means know the bottleneck move somewhere else but just keep going and then you went to get a good mission so you mark resources on the
machine Monteverde the tall performance that's obviously important because that's what it's all about so the when you have that information and then you can use trial and error when something starts to work to keep going in that direction and documents document everything that we do that we had a massive the right away failure and we lost the very large number of nodes and then you know we quickly scrambling to rebuild and I looked at 1 of my colleagues and said right so get out the nights and nights and I consider this thing really create things like I didn't take notes a phoneme is taking notes and it turned out that none of us had taken notes and so that was you know a year of fine-tuning there we then had to go to the process of learning
again so be prepared for catastrophic failure so that you can run them up a really quick configuration tweets as I said before that's something that gets talked about a lot of Gigo is your friend up to come and talk to me afterward but I do want to talk about the
handling of abuse crimes so when we thought of this in 2009 and up to probably at the end of 2012 we were frequently visited by men in dark suits and dark glasses they would come to the office of I received some attack against the government or something and they were looking for the culprits we even had 1 where the incident where we were all the whole organization was a lie on a retreat show up in the mountains and that obviously been trying for die is coming to office and no 1 was there so they decided that they would go to the operations directors
apartment in New York at 3 AM in the morning but of course he wasn't there but as you know apartments in New York that's valuable spice and so he had they been invaded up to someone and some 380 and there was 6 guys in dark suits and dark glasses knocking on the door and he was a bit freaked out that no longer happens but we really haven't had any of that happen since the end of 2012 so clearly for whatever reason the agency's now blocked at whether it's just by a number of cases or whether it's the that toward or deny but that seems to be the situation so for all they're the recipients of the victims of attacks but that a perpetrated through your eggs nodes it's very important how you handle bars because I've seen them handled really poorly and and I think we did Empoli initially and we've gotten much much much better at it so you need to explain to them what toward is you need to acknowledge that tool is the harbinger of malicious attacks they need to tell
them and spend the time going through some of what can be done about it so mitigating the tax and this those things that
outbound walking at the Georgia node or there's various strategies like in use to prevent traffic data from just your AUTOEXEC or from all talk we it's going to the results and that is the
human side to this and and we've definitely the experience that human side you know we've had people contact us signed up being stalked that been threatened with right or no or do you have now death threats and all that sort of thing and they use the very very upset so that you need to treat them with the utmost respect you need to take the time that to listen to them to work with them to understand their situation to explain to them why you're doing it I to them know what it means to someone in Syria you know for them it's a life-and-death situation so well any if you go through that process the result he really good at resoundingly good these people usually if you take that time who completely do a 180 and that will become no
supporters of tall words before but I was thinking it was the worst thing that Monod ever created you do have to obviously do the legal bid of of covering so and you know when you have legal people right these things up their very called so you need to find this balance that we have ever mentioned 24-by-7 by 365
did history help 1 that it has the ability to respond to those abuse complaints really quickly which I think is very effective in you know letting those people know that that we care about the situation that they're in a hopefully we are able to respond in a language that I speak so that also helps and you know this is really become now if crank the handle activity we're all lot exits and so we get a lot of abuse complaints about were able to just crank the handle and get that process moving and explain to them what they can do and so on that's usually the result is disparate is also the possibility maybe in the future of new using a facility like a house of phi of operators out the handle where abuse complaints about have to do it themselves and lastly this the
managing of the vulnerabilities in user expectations when taught is a fantastic tool but it is not the silver bullet for every thread that needs to be understood the birth in from the operators perspective but you also need to educate users as to when it's appropriate and when it's not appropriate OK thank you OK and now we have some minutes left
for questions please use this opportunity we have 2 microphones next to the B most on the left side and on the right side if you have a question please come to the microphone and ask thank you yes please and so thoroughly questions what France from using only on properties of innovation in Gaussian inference I using some advice assortment says but we get a lawyer how will you walk you through entrance on nose never it's
always knows as an all I think it's way to get much much better crops reaction itself legal body has a world organization then this is an individual we have also the use of reading and concise like fax mind because cops sends faxes can assist the voice mail of the ladies who had no life our visit in person and you know I don't know what that would that would be powered errors excellent thank you same blinking fantastic devices the get
below you can have thank you and somebody else wants to share experience or ask questions now it's the time higher I'm sorry this is not exactly
and maybe your field but you know of anybody running the entry nodes like many many entry nodes he said so the opposite of what you doing yes there are projects that to run lots of entry nodes and that there was certainly some projects I know what the status of someone is is now we ran 1
before we were running exits which was called the the Global Proxy cloud which was a cloud of entry notes I know that the Tor Project themselves did a similar thing where di encourage people to run out of bridge nodes on the Amazon Web Services that
society you thank you for your question somebody else of on the matter of correlation texting mentioned that you don't wanna be running commentary on an existing noted in the sand and entity is that true for any combination the have made a joint for only and drink on the axis on the relay yeah I mean you know this is like modern physical location which not just an entities access as an entity should not run entry points and exit points because then we could be accused of having the capability of of doing correlation and there's no man combinations in every square
you involve relates on and regional relay on really out now it's really the entry and exit the the matters to map it out because you can see certain information at either end today in fiber user and the other end to what they're going to it so that's that's the dangerous for entry and exit and not in the middle and you could still another round of private bridges for on your own people off friends that know super trust you and that sort of thing but in terms of you know out in the head and the public steel should pick 1 or the other David thank you very much thank you another question please yes you can see the you insist is fairly heavily on suffice so the and to point out once the entry quantum 62 which would not belong to the same person obviously but if I am an honest so nonprofits at the upper end of tall nodes I'm really setups of my family fights and told we know is that all of these notes I
belong to the same person and it will not select who into same-sex so I'm sorry but that makes no sense a OK from let's talk about it afterwords and sort that 1 out now a question from the left microphone please thank you I had developed when you store in Europe it works perfectly but when I had to use it and I was in China it was a very
slowly could not in lake exploited I had to turn to the P and I had to pay for everything and so on do you have any suggestions about how to overcome these do you think
that with the passing of time and the situation we get there well I mean you the this is essentially an arms rights and but instead of you know with missiles it's an arms race on the Internet works and that the fact is that the Chinese have worked out ways to identify that toward traffic and and you know they kept connections down before and you can get anything through them so there there are strategies to deal with that there is the OBS proxy modules puts of other protocols to conceal it you know your mileage We varied and it's it's you know a couple places where Tor very difficult to get to work so China and around Bangor to environments thank you very much and now question from the microphone and you make on under the question about of the correlation effects on no I don't know if you will as of linearity of lots of other Astoria if you've million that know which is I have and I correct if we have time for 2 more questions last 2 questions on Monday yes please if you're considering
contributing to the Tor network and you have the band went out to his back what does a network need more of exit nodes reading dates of bridges that is a very good question
and I would love to know so what we what we definitely do alienated may have needed for a very long time is more analysis of this exact problem so that we can encourage people to be running up the right types of things to get the right balance of the network and I encourage you all to jump into that research because I want thank you and to somebody in the last question use the opportunity of asking questions share your experience but India ideas
OK it seems nobody so have 1st special requests it you can talk to an to go staff and yeah injured that Khot and to the Contras and the yet thank you very much that
Loading...
Feedback

Timings

  510 ms - page object

Version

AV-Portal 3.10.1 (444c3c2f7be8b8a4b766f225e37189cd309f0d7f)
hidden