Video thumbnail (Frame 0) Video thumbnail (Frame 2124) Video thumbnail (Frame 2496) Video thumbnail (Frame 3631) Video thumbnail (Frame 4061) Video thumbnail (Frame 17133) Video thumbnail (Frame 18332) Video thumbnail (Frame 20697) Video thumbnail (Frame 22634) Video thumbnail (Frame 23489)
Video in TIB AV-Portal: CRYPTO AND PRIVACY VILLAGE - Opportunistic Onions

Formal Metadata

Alternative Title
Opportunistic Onions: More Protection Some of the Time
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Direct numerical simulation Server (computing) Service (economics) Information Computer configuration Multiplication sign Chain Valuation (algebra) Quicksort Extension (kinesiology) Event horizon
Server (computing) File format Transport Layer Security Client (computing) Public key certificate Connected space Data mining Exterior algebra Different (Kate Ryan album) Encryption Encryption Quicksort Communications protocol
Randomization Digital electronics Ferry Corsten Length Multiplication sign 1 (number) Archaeological field survey Client (computing) Public key certificate IP address Web 2.0 Facebook Direct numerical simulation Medical imaging Different (Kate Ryan album) Formal verification Encryption Physical system Email Touchscreen Instance (computer science) Connected space Process (computing) Exterior algebra Telecommunication Website Right angle Quicksort Freeware Point (geometry) Laptop Web page Domain name Server (computing) Service (economics) Valuation (algebra) Web browser Rule of inference Graph coloring Number Crash (computing) Internetworking String (computer science) Authorization Address space Dependent and independent variables Information Directory service Software Personal digital assistant Rewriting Point cloud
Point (geometry) Surface Domain name State observer Server (computing) Service (economics) Ferry Corsten Multiplication sign Client (computing) Web browser Information privacy IP address Web 2.0 Cross-correlation Internetworking Energy level Information Surface Structural load Content (media) Instance (computer science) Information privacy Connected space Uniform resource locator In-System-Programmierung Software Website Point cloud Quicksort
Point (geometry) Server (computing) Digital electronics Service (economics) Ferry Corsten View (database) Web browser Mereology IP address Revision control Friction Bit rate Reduction of order Physical system CAPTCHA Email Projective plane Denial-of-service attack Lattice (order) Digital electronics Friction Point cloud Quicksort Hacker (term) CAPTCHA
Point (geometry) Trail Server (computing) Randomization Service (economics) Digital electronics Identifiability Link (knot theory) Multiplication sign Client (computing) IP address Direct numerical simulation Descriptive statistics Address space Injektivität Email Multiplication Directory service Line (geometry) Connected space Process (computing) Internet service provider Configuration space Software testing Bijection Quicksort
by now herds say Rafi thank you thank you thanks for being here shortly after lunch or during lunch or I don't know what's exact timing of lunch doing DEFCON it's my first time so this talk everything about it started during an internship I had at CloudFlare Nick Sullivan who's sitting there over the summer essentially I joined a week or two after CloudFlare launched this consumer DNS pro at DNS service one-one-one-one you may have heard about it it was a small thing and one day Nick's Nick walks in and says okay we don't keep any lots of users and anything that we happen to have any sort of like the information we delete after 24 hours but what if we moved that over tor so we don't have any information about the use user requests so that's sort of the whole chain of chain of events that you know we started looking at how do we do this over tor how do we starting a onion service to serve as our DNS over HTTP server and ran into some problems one of them which I imagine if you run any onion services you might have noticed is if you want to add HTTPS to your onion service you have the option of paying a lot for extended valuation or using your
own certificate or 30 which is which is not a good idea generally so here's an alternative that I sort of connect back to to an older idea which is
opportunistic encryption so opportunistic encryption is an idea well not a not just one idea but but in general across many different protocols as far back as start TLS and very recent as upgrading HTTP over HTTP and things like that the idea is you can start the connection normally unencrypted but there's some sort of tag some sort of you know communication and if the server and client both support it they can upgrade their connection over a more secure format so the motto on the RFC that announced opportunistic encryption was some protection most of the time and the other hand mine is
journalistic onions more protection some of the time and here is a hide works ok so I'm gonna start with a short crash course of how tor works of course I'm not going to include all the details but it'll be the gist of it hopefully ok
so great nothing is out of the screen so on that side we have a client laptop on this side we have the origin web server in the middle we have the Tor cloud well we have the Tor network in the middle we have a bunch of different nodes someone tomorrow really notes exit nodes various kinds of parties in the in the Tor network we also have the hidden service directory which is sort of in which in between inside and out the the address Student Service directories are fixed and and the first time the client is trying to make some kind of a communication to get information about the rest of the nodes has to do some out of Tor network communication ok so the first step I number them the the zeroth step is getting some information from the hidden service directory then via some process the client establishes a circuit to an exit node somewhere in the world and this circuit passes through a gaurd node that may or may not be fixed and really annoying I really note and after that really the exit node essentially requests whatever final destination you final you know website you wanted from the internet and sends that back to you over the Tor network so but before that the exit node has to also make a DNS enquiry if the if the request was a was a domain name not an IP address and then make the request origin and and have sort of color coded this the green ones are encrypted the orange ones may or may not be encrypted if your urgent supports HTTP if you're you know going to say that supports HTTP over tor then you usually don't have any problem but if it doesn't if the destination doesn't support HTTPS or if the first request is not HTTP then that might introduce some problems okay so what is where this idea of onions come come from the idea is take this thickness image that we have this is sort of the way I intuitively think about it that look at the exit note cut it down there and mirror everything on the left to the right so essentially that RP in the middle of the rendezvous point you can think of it as an exit note on both sides that's not really an accurate description but but it does the job of you start with the client starts with connecting to a guard guard note you really know to run to a point that via some a number of steps established you can establish the connection with an onion service and the onion service note that in this case is inside the Tor network so no communication is is going outside of the Tor network on this side versus here this communication number five and four were going out of Tor network here everything is inside okay so what can we do with this first of all as I said one problem is that if you want to have an HTTPS certificate for an onion service if you have any if you've if you've seen any onion services the addresses look like a 56 character if randomly the random-looking 56 character domain name dot onion or for the older HSV 2 which is shorter but but still a semi random string of characters onion so one question is how do you how do you remember this this address some people like Facebook for instance I try to essentially mine looking address so they they generated Facebook www-core-css' rel even if you do if you want to have an HTTPS certificate for your website again you have to go to a certificate or 30s and you have to pay for extended valuation which costs a lot at least a few hundred dollars a year I think and I I personally think it's too much so the alternative is is this so imagine that the origin was partially in the Tor network and partially out okay so the first the very first connection the very first request that you make still goes through the the same steps through a guard relay sorry through a guard a relay exit note requesting the DNS information making connection to the origin so far everything is the same then the origin responds with an alt service header what is an alt service header an alt survey said there is a new HTTP well not not so new but it's a recent HTTP header that essentially tells the website that if you want to communicate with this host you can also use this other host that you know the origin tells the client that this is this has the same credentials this is has the same resources everything the same there's a there's a small difference that this this is not to be confused with you know the old like Apache rewrites rules this is different because watch you rewrite rules you could you could have for instance for a certain for certain pages you could have a rewrite role or something like this this is for the whole for the whole host so for instance if I you know if I owned I don't know and they say you can also reach via you know certain IP address then after a certain after a number of steps after a number of steps the browser makes sure that the two host names are you know can conserve the same website to have the same HTTP for a certificate and then instead of connecting to the two if for instance the network connection to the IP address is faster can make the connection to the a IP address so what we do is we send an all-service header and in it we put address for the onion service and so the point here is that you're making a connection to and you get the response that says you can also connect to me via this long string of characters onion this is also another address for me what the browser does the browser sends a request to that establishes a circuit with that onion service so here's where I go here after getting the out service the client establishes a circuit to the onion service and verifies that the onion service can serve the same exact certificate the same exact HTTP certificate as the origin in the in the very first request so the important point here is that the the certificate does not have to be does not have to have that onion address in it it can only have it can it only needs to have the you know that make sense so the main point that you needed extended valuation was that dot onion you know certificate certificate certificate authorities don't like giving free certificates to onions but with for instance lesson let's encrypt you can you can get a free certificate for certificate for your website and using this system you can use the same exact certificate to establish well to have an onion service okay so any any questions so far before I go into benefit and why why we did this trip right so yes so you notice here that from this picture to this picture the length of the circuit from the client to the onion service is shorter so the point is that this system
is for when the content provided the onion service wants to remain hidden but if you know we're talking about a website that already has a domain name that already has a publicly accessible IP address you know that there's nothing there's nothing to prevent the point at this point is to enable the people from the Tor network to connect to it instead of going through an exit node just connect directly all inside the Tor network right so there is no there's no privacy or anonymity cost for the for the web server because you know the through the you know the location was already public to begin with but that's a good point thank you thank you for your question okay so let's look at some
of the benefits first of all this is going to reduce the load and exit nodes because only the very first request has to go through an exit node after that the browser can you know for a certain amount of time perhaps you remember that this this host name can be accessed by this onion onion service and only make connections to the onion service another is that the attack surface from DEXA note is reduced because instead of every request curtain going through it the exit node only the very first one does does that and lastly because of that we think this improves privacy of the users for instance you know there are some papers on correlation at correlation attacks on the Tor network if someone could observe network traffic coming out of users client for instance at ISP level and coming into the tea onion service for instance if you were running an engine service on you know Google cloud and your internet was or your users internet was why a Google Fiber then Google would have information on both sides of the Tor network going in through Google Fiber and going out to onion service and at that point Google could have some you know information while some correlation attacks and this would hopefully prevent it because only one request is going through and you can't you can't do any sort of correlation of how much you know how much the size of the content is or anything like that okay but specifically why was CloudFlare interested in this
this is because we can because of the system instead of so from from the server's point of view for cloud fleurs point of view instead of all the requests coming from the IP address of the exit node we see specific circuits we can't you know identify who the user is but we can distinguish them we can say that this is this is a circuit for the first user this is a circuit for the second user and enter separate separate users I should note that users can have multiple circuits and we can't we have no way of linking those so it doesn't you know cause any unanimity for the user but it gives us the advantage of you know having more fine-grained rate limiting which means if if you know an exit node if there are a lot of DDoS attacks or something like that coming from an exit node we don't have to ban all of it and ban you know all the or you know capture all the good people using that that exit node we can look at the circuits individually and say oh this circuit is doing something you know funky or too many requests or they look like some sort of you know SQL attack or something like that we will capture that but anyone else can can carry through normally so this is going to hopefully reduce CAPTCHA friction for tor users let's see and I should mention many
thanks are owed to Mozilla people at Clark lair of course and the Tor project we had a meeting about a couple of months ago to discuss you know how could we make this actually usable and part of it was having the tor browser the newer new version of disrobe resort hopefully should be coming out soon be able to use this alt service header and also use HTTP two which was a requirement for for this system to work and and then I should mention if you want to test this
feel free to send an email to onion - better at CloudFlare comm this is also okay for free customers you don't have to be a paid customer and also on the on the client side if you want to test it you would have to go to the config and just change two things namely enable out service and enable HTTP - ok any questions I have one more thing - oh yes if you have questions we're going to bring questions up to the mic just very okay but you saw a few minutes so you could sure so one last thing that I promised in the description to offer was a caddy caddy is a HTTP - server plug-in to enable this this is currently on github if you find my github account I should perhaps put a link here it is called caddy - opportunistic onion or sorry caddy - alt onion and also if you send an email to this I'll make sure to publicize it why I that and then hopefully at some point it'll be published on caddies website thank you [Applause] all right any questions line up to the mic please we got five minutes for questions and after that if the speaker has time you can tag up with them outside I have two questions first one is what do you think of the implication of bootstrapping this process based on DNS and the second one is yeah how reliable is the circuit tracking to identify clients on hidden services right so the first question was so we've actually thought about ways of providing you know if we see a request okay we already have a DNS server on an onion service so we were thinking how can we have you know if your request is coming through this onion service which serves a DNS the client clearly supports tor so we can you might as well send maybe a cname or something like that directly to the dynein or address we're still you know we're trying to work out the kinks of it to make sure that you know there is no chance of us the server this the DNS provider or you know maybe not us but whoever is the DNS provider you know giving you a random onions onion address that's one problem the second one was it about fingerprinting the users know it is about like up to my understanding it's not a I didn't know there was a one-to-one mapping between the circuits hidden service builds with these clients and actual clients oh the this is not a one-to-one correspondence so each individual tour client can can establish multiple circuits in fact the circuits happen all over the time you know the the connection you make to the hidden service directory or maybe not that much the connection to each of the relays the rendezvous points all of these are to introduction points for the onion service all of these are circuits and all of the all of them have some sort of internal ID to you know to distinguish them so in a sense between a client and an onion service there can be multiple circuits but the point is that we can bat we can you know challenge each circuit individually instead of instead of just and massive per IP address or something like that all right thank you all right let's give it up for our esteemed speaker thank you [Applause]