Solving the Cloudflare CAPTCHA (RWC2017)

702d182dc365825040b1ad0b85c0fa3c?s=47 George Tankersley
January 05, 2017
320

Solving the Cloudflare CAPTCHA (RWC2017)

Blind signatures to limit the number of CAPTCHAs presented to Tor users.

Video: https://vimeo.com/199228698

702d182dc365825040b1ad0b85c0fa3c?s=128

George Tankersley

January 05, 2017
Tweet

Transcript

  1. Solving the Cloudflare CAPTCHA Alex Davidson RHUL George Tankersley Cloudflare

    Filippo Valsorda Cloudflare
  2. Solving the Cloudflare CAPTCHA Don’t click the post!

  3. CAPTCHAs are actually hard Many assumptions: • Culture • Language

    • Vision/hearing • Mobility • Social class Define “house” or “storefront” for everyone?
  4. What’s a Cloudflare?

  5. Tor Browser obscures these signals

  6. Why do we serve CAPTCHAs? Mostly, IP reputation of the

    Tor exits Prior attack sightings lead to poor reputation Thus, traffic from exits gets a CAPTCHA
  7. Tor users get a lot of CAPTCHAs

  8. Feel the love Image credit:

  9. It’s getting better!

  10. Blocking innocent Tor users is a problem

  11. What we’ve tried • Intentionally blacklisted the office IP reputation

    • reCAPTCHA v2 (which backfired - sorry!) • Customer sites can whitelist Tor network as a “country” • Altered the internal treatment of Tor traffic • … some clever crypto thing?
  12. Requirements We need to meet security requirements of both Cloudflare

    and Tor Browser • CAPTCHA solutions allow a finite number of subsequent redemptions • Unlinkable tokens • Don’t require persistent client state / disk storage • Resists farming • Resists double-spend with minimal server state • Relatively efficient server computations • Deployable in a browser extension, in Javascript, in an auditable manner
  13. Look, a clever crypto thing!

  14. Blind signatures for rate-limiting Tor Browser plugin + an edge

    service User solves a CAPTCHA and submits many blinded tokens for signing Later, unblinds and submits a token instead of solving CAPTCHA Users solve only one challenge per N websites visited Tokens are unlinkable, work cross-domain over multiple circuits unlike cookies Maintains Tor Browser’s strong first-party isolation
  15. RSA? Really? Boring, reliable old Chaumian RSA plus elements from

    Google’s macaroons - not trying to innovate in algorithms Details here:
  16. Future Directions But really- RSA? • Suggestions welcome! But it

    must be practical to deploy in a browser Anonymous credentials: • BLAC/BLACR (pairings? in a browser?) • “Algebraic MACs and Keyed-Verification Anonymous Credentials” Standardization: • This is generalizable to VPNs and carrier-grade NAT
  17. Open Questions Deanonymization: does this create new vectors? Stockpiling: how

    do we limit token farming? Exhaustion: how to stop a malicious site from draining tokens?
  18. Questions? Alex Davidson alex.davidson2014@rhul.ac.uk George Tankersley gtank@cloudflare.com Filippo Valsorda filippo@cloudflare.com

    Comments? tor-access@lists.torproject.org Attacks? The next PETS deadline is February 28, 2017 Pull Requests?