31
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter
| Date post: | 15-Jan-2016 |
| Category: |
Documents |
| Upload: | benedict-mccormick |
| View: | 216 times |
| Download: | 0 times |
236349 Project in Computer Security
Integrating TOR’s attacksinto the I2P darknet
Chen AvneryAmihay Vinter
Outline
1 The Problem
2 DarkNets (TOR & I2P)
3 BitTorrent Protocol
4 BitTorrent over I2P Volnurability
5 Setting up the lab
6 Results
Outline
1 The Problem
2 DarkNets (TOR & I2P)
BitTorrent Protocol
BitTorrent over I2P Volnurability
Setting up the lab
Results
3
4
5
6
The problem
• Since the first designs of the World Wide Web, it was never supposed to support anonymity of users or servers.•Today, users and servers find the need to hide their identity in
order to give or receive services.•A known example is giving true information to people in
totalitarian nations.•To help users and servers hide their identity, new methods were
developed like TOR and I2P.•TOR and I2P are Darknets that can create anonymity for users
and servers, but of course, there are holes that make them vulnerable.
Outline
2 DarkNets (TOR & I2P)
1 The Problem
BitTorrent Protocol
BitTorrent over I2P Volnurability
Setting up the lab
Results
3
4
5
6
TOR• TOR is a Darknet network that uses nodes (computers
that are registered in the TOR network) to create its anonymity.
• When Alice (a user) wants to connect to Bob’s server, she create a random and encrypted path (of 3 nodes) while using a DH keys.
• The connection to Bob’s server is via the “exit” node (the third node in the path) and this connection is the only connection that is not encrypted.
• Alice can now communicate with Bob via 3 nodes and Bob will not be able to find Alice’s Identity.
TOR (Cont.)
• TOR attacks:– Browser-Based Attacks on Tor
http://web.mit.edu/tabbott/www/papers/tor.pdf– A New Replay Attack Against Anonymous Communication Networks -
http://www.cs.uml.edu/~xinwenfu/paper/ICC08_Fu.pdf– Compromising Tor Anonymity Exploiting P2P Information Leakage -
http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf
• Our goal is to find a way to use TOR’s vulnerabilities to I2P’s Darknet.
I2P
• I2P supplying the anonymity through the application layer.• Servers in the darknet of I2P are called eepsites.• A user that wishes to get a service from an eepsite, needs to
know the eepsite’s name and it can be obtained from the web easily enough.
• Easily enough means going to a fixed URL and fetching “routerinfo” files.
• Once Alice (a user) gets the eepsite’s information, a tunnel from her to the eepsite is created automatically once she tries connecting to it.NOTE: Both sides need to install I2P service.
I2P (Cont.)
• Once the tunnel is up, Alice will communicate with the eepsite via proxies that the I2P configured or she configured manually.
• The methodology of the darknet itself (through whom and how Alice is actually connecting to the eepsite) is less important for our goal and therefore will not be explained here.
Outline
3 BitTorrent Protocol
2 DarkNets (TOR & I2P)
The Problem
BitTorrent over I2P Volnurability
Setting up the lab
Results
1
4
5
6
The Torrent World
• The torrent world consist of two elements:– A BitTorrent Client: Each user that wants to download or
upload a file - needs a client.– A BitTorrent Tracker: The tracker is a server that holds all
the peers of a torrent in a DHT (Distributing Hash Table).• BitTorrent is a peer-to-peer application client that users use to
download/upload files from each other.• When a user wants to download a file, his BitTorrent client
asks for the list of peers from the Tracker. The peers that are sent are the peers that registered for that torrent in the tracker.
Outline
4 BitTorrent over I2P Volnurability
2 DarkNets (TOR & I2P)
BitTorrent Protocol
The Problem
Setting up the lab
Results
3
1
5
6
BitTorrent Encryption?• The BitTorrent protocol supports
encryption by it’s own, it’s not used by most clients and not tested thoroughly.
• I2P allows a client to download/upload files from/to peers via the I2P darknet.• Too good to be true? Because it is.
Downloading via the I2P darknet is extremely slow (4KB/s instead of 1.5MB/s) so most users don’t use this feature.
THIS IS WHERE WE COME IN…
Most Users Encryption Style
• Most users that use I2P, use it only for connecting to the tracker and asking for a peers list.
• Once a client received the peers list, it connects to each peer in a NON-ENCRYPTED fashion.
• We need to find a way to map the peers list’s request (via I2P) from the tracker to the connection of the sent peer (Real IP).
BitTorrent ProtocolEncrypted via I2P
Connection not Encrypted
Work plan
• Our plan is to set up a tracker, proxy server and an optional peer to host the data.
• Controlling them is simply enough and will help us map those I2P hosts that tried to download the file we have set up.
• The peer that hosts the data is optional because the mapping can be done without it. However, having it and letting others download from it is a proof of download.
Work plan (Cont.)
Alice asks for a peers list from
the tracker (using I2P)
The tracker sends the
proxy’s IP and some port To
Alice’s I2P address
Alice tries to connect to the proxy IP at the
given port from her REAL IP
The proxy identifies Alice’s REAL IP
while she’s trying to connect to the
given port
The proxy passes the
message to bob (as a real proxy)
End of session - Alice’s REAL IP
is found
The anonymous host (via I2P) that asked the tracker for the peers list and got the proxy’s ip and port X, is the REAL IP that tried to connect to the proxy at port X.
Alice
tracker.i2p
Bob
ProxyServer
Proxy’s IP, Port X
Connecting to Port X
Forwarding to Bob in order for Alice to download the file (proof)
• Let the proxy listen to ports 1000-30000.
• Each time the tracker gets a request for the peers list, it picks a port that wasn’t used for some time and send it (along with the proxy’s IP)
• We can use multiple proxies if there are too many peers list requests.
• Alice’s REAL IP is found when she’s connecting via an unencrypted fashion to the proxy at the given port.
1
2
3
Work plan (Cont.) Encrypted via I2P
Not Encrypted
(Optional)
Outline
5 Setting up the lab
2 DarkNets (TOR & I2P)
BitTorrent Protocol
BitTorrent over I2P Volnurability
The Problem
Results
3
4
1
6
Tracker
• We found an open source Tracker (called MonoTorrent)
• We’ve added a feature so it will receive I2P connections (from IP Address 127.0.0.1).
Tracker
Tracker (Cont.)
• We programmed the tracker to send any IP and port of our liking to a peers list request – We use this so it will send the proxy’s data.
• 107.21.175.171 is the proxy’s IP Address.• 10000 is the designated port.
Torrent
• When a client wants to use a service via I2P, it connects to it via a proxy – IP: 127.0.0.1 , Port: 4444.
• This is the I2P proxy installed on the local machine, waiting for connections.
• When connecting through the I2P proxy, all hosts must be of I2P’s nature (***.i2p).
• The translation is done by a global directory service (The routerinfo files we talked about earlier).
Torrent (Cont.)
Torrent (Cont.)
• In case you missed the checkboxes, have a look again:
• Most users use the proxy (I2P encryption/anonymity) for hostname lookups ONLY and NOT for the connection themselves.
Torrent (Cont.)
• Downloading the file – “Talking” to the tracker via I2P and the seeder via Non-Encrypted way.
Back To The Tracker
• Alice is downloading now – The Tracker sent the peers list of our demand.
• UT3200… is Alice’s client Peer-ID.
Victory – Alice’s IP found
Outline
6 Results
2 DarkNets (TOR & I2P)
BitTorrent Protocol
BitTorrent over I2P Volnurability
Setting up the lab
The Problem
3
4
5
1
Results
• Alice’s Real IP is found.• Port maximum range is 65,535.
There is no problem, because we can use 100 proxies, each of them will use 30,000 ports.
• That gives us 3,000,000 clients at peek time while all ports are in use.
• The clients have no idea that their real IP is hacked.
Further Reading
• Articles:– One Bad Apple Spoils The Bunch– Compromising
Tor Anonymity Exploiting P2P Information Leakage• Projects:– MonoTorrent project
• Standards (RFC):– BitTorrent Protocol -- BTP/1.0 RFC– BitTorrent Specification
