Darknets

Transcript

1.  Welcome

2. Dark Nets ( Anonymity Networks ) by Venu Gopal Kakarla

   (vgk8931), for course 4055.780

3. Darknet: Original Definition  Originally coined in the 1970’s 

   To designate networks which were isolated from ARPANET  Which evolved into the Internet  They were isolated  Mainly for security purposes

4.  Darknets were able to receive data from ARPANET 

   But had addresses which did not appear in the network lists.  And would not answer pings or other inquiries  They were something like a black box  A system or device whose contents were unknown

5. MILNET – Military Network  Part of the ARPANET internetwork

   designated for unclassified United States Department of Defense traffic  Was split off from the ARPANET in 1983  Direct connectivity between the networks was severed for security reasons.  Gateways relayed electronic mail between the two networks  In the 1990s, MILNET became the NIPRNET  Non-classified Internet Protocol Router Network

6. Darknet: The term’s re-emergence  “The Darknet and the Future

   of Content Distribution”  A 2002 article  By Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman  Four employees of Microsoft  http://msl1.mit.edu/ESD10/docs/darknet5.pdf

7. Formal Definition  The idea of the darknet is based

   upon three assumptions: 1. Any widely distributed object will be available to a fraction of users in a form that permits copying 2. Users will copy objects if it is possible and interesting to do so 3. Users are connected by high-bandwidth channels

8. Formal Definition Contd.  The darknet is the distribution network

   that emerges from  The injection of objects according to assumption 1  How new objects enter the system  And the distribution of those objects according to assumptions 2 and 3  How the objects in the system are distributed

9. Infrastructure requirements 1. facilities for injecting new objects into the

   darknet (input) 2. a distribution network that carries copies of objects to users (transmission) 3. ubiquitous rendering devices, which allow users to consume objects (output) 4. a search mechanism to enable users to find objects (database) 5. storage that allows the darknet to retain objects for extended periods of time  Functionally, this is mostly a caching mechanism that reduces the load and exposure of nodes that inject objects

10. Similar terms  Darknet  a closed private network of

    computers used for file sharing  machines unreachable by other computers on the internet  is also used to refer collectively to all covert communication networks  Darkweb / Deepweb  website content not indexed by search engines  Dark fiber  unused optical fiber communications infrastructure

11. Books on the topic  More about  Copyright wars

     Future of digital media  Less about  Actual networks  What's interesting  The implications of these dark networks.

12. More Books

13. Examples

14. Tor  Tor is a free tool that allows people

    to use the internet anonymously.  Basically, by joining Tor you join a network of computers around the world that pass internet traffic randomly amongst each other before sending it out to wherever it is going.

15. Tor - real world analogy (Chaum Mixes)  Imagine a

    tight huddle of people passing letters around.  Once in a while a letter leaves the huddle, sent off to some destination.  If you can't see what's going on inside the huddle, you can't tell who sent what letter based on watching letters leave the huddle.

16. Tor – The Onion Routing  Developed by  Michael

    G. Reed  Paul F. Syverson  David M. Goldschlag  At the  Naval Research Laboratory, United States Navy

17. Tor – The Onion Routing  Onion routing is a

    technique for anonymous communication  Messages are repeatedly encrypted and then sent through several network nodes called onion routers.  Each onion router  removes a layer of encryption  Symmetric keys are pre shared between each pair of routers  This uncovers routing instructions for the next hop  sends the message to the next router  where this is repeated
18. None

19.  Intermediate nodes can not know  the origin 

    destination  and contents of the message  Only starting (ingress) node knows the origin  And ending (egress) node knows the destination and the clear text message.

20. One interesting incident about Tor  Dan Egerstad a Swedish

    security researcher  ran five Tor nodes  and collected a list of  100 e-mail credentials  server IP addresses  e-mail accounts  and the corresponding passwords  for embassies and government ministries around the globe  all obtained by sniffing exit traffic for usernames and passwords of e-mail servers.

21.  The list contains mostly third-world embassies  Kazakhstan 

    Uzbekistan  Tajikistan  India  Iran  Mongolia

22.  More interesting finds in the list  a Japanese

    embassy  the UK Visa Application Center in Nepal  the Russian Embassy in Sweden  the Office of the Dalai Lama  several Hong Kong Human Rights Groups  more than 1,000 corporate accounts with passwords

23. Tor website says this. “Yes, the guy running the exit

    node can read the bytes that come in and out there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the internet.”

24. Tor anonymizes, nothing more. - Bruce Schneier  It does

    not encrypt or authenticate.  Therefore it provides no confidentiality  Intresting Fact  More than 90 percent of Tor users don't encrypt.

25.  Dan Egerstad was not the first to do this

     “The Faithless Endpoint: How Tor puts certain users at greater risk”  By Len Sassaman1

26.  Tor does provide for a strong degree of unlinkability

     the notion that an eavesdropper cannot easily determine both the sender and receiver of a given message  The degree of privacy is generally a function of the number of participating routers versus the number of compromised or malicious routers.

27. Garlic routing  Variant of onion routing  that encrypts

    multiple messages together  to make it more difficult for attackers to perform traffic analysis  Implemented in projects like  I2P - Anonymizing overlay network which allows applications to run on top of it  Perfect Dark

28. Other Darknets Technology involved

29. Other darknet projects  DarkNET Conglomeration  anoNet  Dn42

    - Decentralized network 42  Freenet  GNUnet  I2P/IIP – Invisible Internet Project  WASTE

30. How do they work  Overlay Networks  They work

    at Layer 8  Overlaid on top of the 7 layers  Just like VPN tunnels  IP inside IP  Built using  VPN’s  OpenVPN, Openswan, Vyatta  Routers running BGP  Quagga, GNU Zebra, OpenBGPD, Vyatta

31. Lookups and routing  Lookups and routing is done by

    using DHTs  DHT - Distributed hash tables  Apache Cassandra  BitTorrent DHT - based on Kademlia  CAN (Content Addressable Network)  Chord  Kademlia  Pastry  Tapestry

32. I2P / IIP  This is a layer on which

    present applications can use.  I2P / IIP fits in between layer 6 and layer 7  Below the application layer  Uses garlic routing  Currently these services are running over I2P  Usenet, E-mail, IRC, Ftp, Http, Telnet  Bittorrent, eDonkey, Gnutella  It seems all the present network services can run over I2p  But the project is still in alpha state

33. Freenet and GNUnet  Freenet is designed by Ian Clarke

     GNUnet is developed by the FSF  Free Software Foundation  Official GNU project  Unlike I2P which is layered Freenet and GNUnet, implement their own applications  Currently only file sharing is supported  And a trivial chat protocol, not compatible with IRC or XMPP.

34. anoNet  This is an interesting example.  Reason being,

    no special software  Just uses VPN’s and BGP

35. WASTE  On important thing of WASTE is  It

    constantly send garbage data  To prevent traffic analysis

36. Other minor things

37. Alternate top level DNS roots  .bbs - bulletin board

    systems  .dyn - resolve dynamic DNS  .free - non-commercial use  .geek - anything geeky  .indy - Independent news and media  .ing - fun TLD  .null - miscellaneous non-commercial individual sites  .oss - Open source software  .eco - ecological and environment

38. Bitcoin - Crypto currency  one of the first implementations

    of a concept called cryptocurrency  first described in 1998 by Wei Dai  implemenetd in 2009 by Satoshi Nakamoto  uses a distributed database over a p-p network to journal transactions  uses cryptography to ensure that bitcoins  can only be spent by the person who owns them  and never more than once  therefore transactions are atomic and irreversible

39. Conclusion

40. What darknets try to achieve  Crypto Anarchism  The

    use of strong public-key cryptography to bring about privacy and freedom  It was described by Vernor Vinge as a cyberspatial realization of anarchism  relies heavily on plausible deniability to avoid censorship

41. So why bother  Why bother with something which is

     Unreachable and isolated  The point is  Even though darknets are unreachable from the internet  The internet is reachable from these darknets

42. Interesting paper  “Trends in Denial of Service Attack Technology”

     published in 2001  work by many security organizations  available from CERT  http://www.cert.org/archive/pdf/DoS_trends.pdf

43. This is what the paper concludes  “Identified rogue dark

    networks as a potential farm for denial-of-service attacks and other illegal activity”

44. Conclusion  So this is where our threat lies, 

    Attacks on our infrastructure originating from these darknets are possible  They are more of a threat to the government than corporations or individuals  Anarchy is against government  How to defeat these darknets …  Traffic analysis, stuff like that

45. Writeprint  Funded by the National Science Foundation  Tried

    to identify anonymous writers by their style  Used a technique called Writeprint  which automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating "anonymous" content online.  can look at a posting on an online bulletin board, for example, and compare it with writings found elsewhere on the Internet.  by analyzing these certain features, it can determine with more than 95 percent accuracy if the author has produced other content in the past.

46. Thank You.  Any Questions?  Please send them over

    by email.