字幕表 動画を再生する 英語字幕をプリント Let's talk a bit about anonymization, more specifically onion routing, so Max has done a very good video on the Dark web And the deep web and the service web and the differences between them when people talk about the dark web They're mostly talking about Tor and specifically Tor hidden services. Now I'm not talking about that certainly today I might do that in a different video Tor literally stands for the onion router, right, it is an implementation of onion routing right which was developed in the mid 90s by US Naval research.The idea is It bounces around connections between different routers so that they're hard to track and it's and it provides anonymity So this is different from confidentiality which we usually associate with encryption right most of the time, we're encrypting messages So that even if people see that we've sent a message We, they can't read what it is like, but sometimes we don't even want people to see that we sent a message at all So what I'd like to do is focus on onion routing specifically bearing in mind, that Tor is a and implementation of it so in some sense I'm also talking about Tor, okay And maybe we'll focus a little bit more on what it is that Tor does differently a bit later. So this is me and which is my very well drawn computer as always and I want to talk to a server here Which doesn't have a monitor because in my view servers don't have monitors, so normally on this client server setup I want to talk to a server, but in this case I don't want anyone to know that I'm talking to a server at all I'd like to be remain completely anonymous, right, now if I then go onto the server and log on obviously that's not anonymous anymore Right so it's limits to this but this is the idea, now how this works is I'm going to bounce my connection around and Then it's going to go to the server and if in essence the last node on the hop, the last hop on the network is Is going to be the one actually visits that website on my behalf a bit like a proxy we're going to use multiple levels of encryption to try and Essentially confuse people who are trying to work out what's going on right now Tor in it in In its implementation uses three hops three intermediate nodes, so I'm going to limit: one That's not a very good computer Two. Hang on I thought servers didn't have monitors. Oh no, so well. Aw, don't. I mean yeah, so that's a good question right so you can run Tor and you can be an onion router on a client machine on a Laptop you know it doesn't really matter if your net connection is quite good you can do it. The software is free and they Very much want people to sign up and become these intermediate nodes because in some ways that's what the power tor is we'll get to that a little bit but in essence what happens here is I send a message to To this guy he forwarded on to this one he falls it on to this one who then forwards onto the server when a server Responds they simply pass the messages back now this haven't really solved any problems yet Because anyone sniffing here will know well ok we just need to sniff there and then sniff there. and they can kind of reassemble the communication It makes it a bit of a pain, but it doesn't stop anyone from finding out: What's going on? I, even if these were encrypted so what we need to do is have multiple layers of encryption What's clever about onion routing, Is that no one in this network knows anything about the whole connection. They just know what's before them, and what's after them. Alright? so let me show you how this works so I'm going to use different colored pen alright, so let's use this red pen. Let's imagine for a minute that I've established some shared symmetric keys with these three nodes here, right? So just like in previous videos where we talked about encryption We're talking about let's say an AES key And I have one shared with this guy and one shared with him and one shared with this guy no one else knows what they are. like because I used a key exchange to do this, so I had K1 K2 and K3 and this router knows K1 this router knows K2, and this router knows catering now that might seem implausible But actually that's quite easy to set up using modern key exchange right Diffie–Hellman for example performance is quite well If I encrypt something with K1 only this router Can see it all right and if I could encrypt some of K3 only this router can see it right there is no Encryption with the server at the Moment. Now onion Routing Essentially sends messages, encrypted multiple times with different keys in layers, so this message here is encrypted three times, right So this is where we sort of fast forward as I draw a bunch of lines on But we're going to say this [risk route] message here encrypted once with K3. It's encrypted another time with K2 And when it's encrypted a final time With K1 now let's think about what that means it means that only This router here Could unlock the first layer. That's the first thing it means it also means that when it's done that it's Got a totally garbled message, but because it's still encrypted twice already right, so it's gibberish it can't possibly know what's going on But what it can do is forward that message on to k2 so k2 takes a message, Which is encrypted by k3 and then again encrypted by k2 and it can strip off a layer as well But again, it then looks at the message And it doesn't make any sense because it's still encrypted by k3 so it forwarded on to this router Encrypted by K3 finally K3 Decrypts this message looks at it And it does make sense because it's not encrypted anymore, and it and it says the message says I'd like to go to Facebook please, and it goes I can do that and it connects to Facebook and receives a response now on the way back the exact reverse process happens. This router will add its encryption of k3 and forward the message onto router 2 - who will add K2 Route 1 adds k1 and only we can decrypt the whole message because we have all the keys What's really interesting is the property that this gives us, the first thing is that k 2 doesn't need to know anything, except the address of K1 and the address of k3 it doesn't need to know who I am right it receives a message from K1 and all it knows based on the protocol is this is a message that needs to be forwarded to k3 After I've removed my layer of encryption That's all it knows when it receives a message from k3 it adds its encryption And then passed it straight out the other door to router 1 so if this was compromised by an attacker They've learnt nothing right. They've learned that two of these guys and running Tor nodes or onion routing nodes They haven't learned who I am they haven't learned who the server is because both times it is encrypted with layers of encryption that they can't remove. This is kind of gives you an insight into what it is That's clever about onion routing they think about some of the other things that it does. K3 knows who the server is because it receives a message. That said I'd like to go to Facebook So it knows that someone on this network in visiting Facebook, and it knows that the next Hop is this chap this router here it knows nothing else. It doesn't know who this client is It doesn't know who router one is so there's no way for it to say: Ahh, Mike's visiting Facebook again, right? He's on there too often, because the way that the Tor protocol works. You don't actually know when you decrypt your layer How many more layers there are there could be 200 nodes and layers they don't tend to be but they could be. so the output node only knows what's going on on the server side and Similarly the input node my external is called a guard node is only aware that this client is browsing Tor any messages It receives are usually encrypted with two other layers of encryption that it can't decrypt so it just says well I've got this message. I need to forward it on to this router. That's all I know right I don't know, but they're on Facebook. I don't know that they are on a forum or they're doing amazon shopping I don't know anything about what they're doing, so this is what Tor does Tor is in essence an implementation of this approach, right? So it has a protocol with you know message lengths and structures that are well defined in its Documentation that specify how you establish these keys how you send these messages How each one should decrypt them and forward them on to the next one, but in essence what you do is This client here will create what we call a circuit Which is this three hops, by first establishing a shared key of him then instructing him to do the same and then him to do the same and adding extending the circuit each time they want to with new nodes on the end and Every time I do that all the previous messages have been encrypted. So nobody knows what's going on, so it's quite interesting Is it slower because of all these hops? It's a lot slower like you've got to consider that These nodes first of all they might be they might be serving a lot of clients at once so there might be other ca- uhh, keys shared with other people coming in here and leaving here and this one might be an exit node sometimes and he's talking to servers and browsing the web for people and so yes You don't want to be signing up to be an onion router if you haven't got quite a lot of bandwidth also consider that they? May not be located very close together, right? So this could be in Germany this one in the united states this over in Japan not really important but a point is that it's making you know large global hops which take in the order of Sub-second but not small amounts of time so you can expect to wait a Little bit longer for your messages to get through, all right, but the benefit you get is that no one knows? What what it is you're doing, right? We've got a situation here where no one really knows anything about what's going on at all, right? Which is very very clever and Has obvious benefits to people who want to remain anonymous. Now there's a few things we've missed out It's a lot of things I've missed out right because because the Tor protocol is quite complicated But this is the general idea the first thing is that if you go, if you if you create this circuit, And then you just go to Facebook and type in your username password and click it You know that's going to give away what you're up to, all right, Facebook will know who you are for a start But if you go to a website, that's not even encrypted at all. This is sent in the clear, right? So someone's sniffing in at this point Let me use my blue pen for sort of eavesdroppers like if someone's eavesdropping in at this position They'll know exactly what you're doing, right? And you type in username and password then they have your username and password. So you still have to use TLS or HTTPS, uhh, connections to the actual servers right, but that's really on you once you've set up this circuit You said normal HTTP requests and responses to servers as you would normally It's just instead of it going through your normal internet connection and your normal ISP router it goes through this circuit and with all the encryption happening so in actual fact the Implementation the Tor uses. It works essentially like a proxy you talk to your own proxy server which handles all this for you and then responses come back so yes your web connection is a little bit slower, but for all you know it's Just a normal connection to a server. That's basically how it works is really not a lot more to it than that right and it's quite elegant, and it works very very well is using tools that like just installing a different kind of browser? Yeah You use a Tor browser or you can use it as a service and then you know pipe other thi- other services through it But Tor is not illegal and nor should it be it's just encryption. There are a few downsides right the first aside from the speed The first is that people can sniff on this network and start to get the pieces of the puzzle the more positions You are you know the more pieces you get right? But so if I'm sniffing here at position A then what you see is you see that I'm using Tor you can't see anything else If I'm sniffing here or here I learn nothing right apart from this encrypted messages going on Tor these onion routers are listed publicly in the directory so finding their identity is not a Great concern of mine if I'm sniffing a position B at the exit node I find out that someone on Tor is visiting this website if it's encrypted Let's say using TLS Then that's all I find out the next question that people be asking is what happens if I control both A and B All right, if I'm at the front of the network going in and at the exit node Can I start to find out? What's going on? And the answer is yes, right? That's the weakness of Tor and something that basically is unsolvable apart from just to be very very vigilant So how would this work, well? You've got to remember that this is the big network. There's lots of users on it C is not the only person talking to this router, right? He's going to be the intermediary for conversations the third node the second node the first node He might be an exit node. He might also be talking to servers There's a lot of traffic going in and out like some of which is Tor some of which is not What we're talking about is looking at a lot of traffic coming from my machine to this router And a lot of traffic going from other routers to websites and trying to correlate them and work out what it was that I did Right, which is not an easy job, but you can imagine that if you've got some time signature of messages But let's say a sort of message, message, message, message, message Then talking to this server coming out here is going to be a kind of mess of lots of messages But you might be able to find the key points that match up With what I sent in like that's the idea this traffic. Analysis is the main Approach to essentially De-Anonymizing people if you found that I sent 15 messages of a certain size and a certain Sort of Tempo should we say and Then you found out that those 50 messages came out somewhere else on the network At the same just shortly after let's say a half a second after, at the exact same tempo That's a little bit interesting. With all these layers of encryption does that change the file size? No, which is a good thing right? This is cleverly designed with that in mind So Tor messages are called cells and cells are 512 bytes long. They're always 512 bytes long the way that a router works out whether it's Reading a message or whether it needs to forward it on it's basically based on a small hash or digest that's held in the message essentially it looks at the tail end of the message, calculates a hash on it and goes well that doesn't match the hash I've got at all it must still be encrypted because it's nonsense So then it knows to forward it on, see. And it does this by basically avoiding changing the size of the message it will be obvious as you say right if if three layers of Encryption added ahead of each time You would know how far along the hops were and the whole attack would be a lot easier Right so onion routing is based around the idea that any message between any node in the network looks like any other message Right it could be the first one could the last one it could be something in the middle Right it could have nefarious information on it. It could have perfectly benign information on it impossible to know all right Which is really really clever. There's a lot of research on Tor that goes into Working out how to minimize a chance for both A and B are nefarious That's the idea, so this is why they sometimes call these guard nodes because usually you select some trusted ones And you only use those for example. We don't pick at random because lots of
B1 中級 オニオンルーティング - コンピュータマニア (Onion Routing - Computerphile) 3 0 林宜悉 に公開 2021 年 01 月 14 日 シェア シェア 保存 報告 動画の中の単語