Cipherspaces/Darknets: An Overview Of Attack Strategies (Hacking Illustrated Series InfoSec Tutorial Videos) Cipherspaces/Darknets: An Overview Of Attack Strategies

Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it can be hard to follow attack strategies that have been used against them as the papers written on the topic have been academic and abstract. What this talk will attempt to do is step back and give an overview of the topic in a manner hopefully more conducive to the understanding of security practitioners, giving more concrete examples. While little to nothing in this talk will be "new and groundbreaking" it should lead to a better understanding of how encrypted anonymizing networks can be subverted to reveal identities. Download Slides Defcon 19 Live Version:

Download:

http://www.archive.org/download/CipherspacesdarknetsAnOverviewOfAttackStrategies_700/CipherspacesdarknetsAnOverviewOfAttackStrategies.mov Canned Version: Download Video:

http://www.archive.org/download/CipherspacesdarknetsAnOverviewOfAttackStrategies/Adrian-Crenshaw-darknet-weaknesses.wmv Text from presentation: Cipherspaces/Darknets: An overview of attack strategies

Adrian Crenshaw

About Adrian

I run Irongeek.com

I have an interest in InfoSec education

I don�t know everything - I�m just a geek with time on my hands

(ir)Regular on the ISDPodcast

http://www.isdpodcast.com

Researcher for Tenacity Institute

http://www.tenacitysolutions.com

A little background�

Darknets: There are many definitions, but the one I�m working from is �anonymizing networks�

Use of encryption and proxies (some times other peers) to obfuscate who is communicating to whom

Sometimes referred to as Cipherspace

(I love that term)

Tor and I2P will be my reference examples, but there are others

�and some notes

Things get subtle

Terms vary from researcher to researcher

Many weaknesses are interrelated

Other anonymizing networks: Morphmix/Tarzan/Mixminion/Mixmaster/JAP/

MUTE/AntsP2P/Haystack

Focus on Tor and I2P for illustrations when needed

Academic vs. real world

Threat Model and Adversaries matter

Threat Model: You can�t protect against everything!

Some protocols may be lost causes

Users may do something to reveal themselves

Does an attack reveal the Client/Host or just reduces the anonymity set?

Active vs. Passive attackers

Location, Location, Location:

Internal vs. External

Adversaries: Vary by power and interest

Nation States

Western Democracies vs. Others

Government agency with limited resources

ISP/Someone with a lot of nodes on the network

Private interests groups (RIAA/MPAA)

Adrian (AKA: Some shmuck with time on his hands)

Tor: The Onion Router

Layered encryption

Bi-directional tunnels

Has directory servers

Mostly focused on out proxying to the Internet

More info at https://www.torproject.org

I2P

Unidirectional connections: In tunnels and out tunnels

Information about network distributed via distributed hash table (netDB)

Layered encryption

Mostly focused on anonymous services

More info at http://www.i2p2.de/

I2P Encryption Layers

EIGamal/SessionTag+AES from A to H

Private Key AES from A to D and E to H

Diffie�Hellman/Station-To-Station protocol + AES

Silly Garlic Routing

Animation

Un-trusted exit points

You are only as anonymous as the data you send!

Overview

Mostly Tor centric:

Is the exit point for traffic looking at the data?

Traffic may be encrypted inside the network, but not once it is outbound!

Incidents

Dan Egerstad and the �Embassy Hack�

http://www.wired.com/politics/security/news/2007/09/embassy_hacks

Tons of passwords sent via plain text protocols (POP3/SMTP/HTTP Basic/Etc)

Moxie Marlinspike did something similar with SSLStrip

http://intrepidusgroup.com/insight/2009/02/moxie-marlinspike-un-masks-tor-users/

Do you trust your exit node?

Mitigation

Tor is for anonymity, not necessarily security

Use end-to-end encryption/Don�t use plain-text protocols

Plain text protocols that send usernames/email addresses in the clear are not very anonymous now are they?

DNS Leaks, Other Protocol leaks and application layer problems

Overview

Does all traffic go though the proxy?

DNS Leaks are a classic example

Badly configured proxy setting could lead some types of traffic to go elsewhere (outside of cipherspace)

Snooper can use web bugs to figure out your location

http://www.irongeek.com/i.php?page=security/webbugs

HTTPS is a good example, but plugins can also be an issue

Application level stuff in general is a problem

Javascript is just hosed as far as reducing you anonymity set

See: Gregory Fleischer, DEFCON 17: Attacking Tor at the Application Layer

DNS Leaks

Mitigating DNS Leaks

Sniff for traffic leaving your box on port 53. The libPcap capture filter:

port 53

should work in most cases.

In Firefox, under about:config set network.proxy.socks_remote_dns to true

Torbutton should help

Other applications vary

May have to firewall off 53 in some cases

May want to edit torrc, and add:

DNSPort 53

AutomapHostsOnResolve 1

Then set your box�s DNS to point to 127.0.0.1

Grabbing content outside of the Darknet

Slightly Related: Cookies/Supercookies/Etc

Make hidden server contact you over public Internet

Another example, Bittorrent Issues

Yet Another Example:

IRC Ident

General Mitigations

Client wise:

Make sure your browser is set to send all traffic though the darknet, or none at all

Look into firewall rules

Limit plugins used

Use a separate browser

Check against:

http://decloak.net/

http://panopticlick.eff.org/

Hidden server wise:

Patch your stuff

Don�t run on a box that routes to the Internet

Attacks on centralized resources/infrastructure attacks/DoS attacks

Overview

Not so much against individual nodes, but the network in general

Whole bunch of categories, not comprehensive:

Starvation attacks

Partition attacks

Flooding

Standard DDoS attacks against resources inside and outside of the network (if going though the network) are likely to be soaked by other peers

Shared known infrastructure can be a problem

Total (or at least severe) blocking of the Internet

Incidents

China blocked access to the core directory servers of Tor on September 25th 2009

https://blog.torproject.org/blog/tor-partially-blocked-china

Other blocking of Internet access. (Egypt, Libya, Iran)

DoS of directory servers

Mitigation

Bridge nodes (Tor)

Distributed infrastructure (I2P)

Taking out dev site would still be an issue

Distributed Hash Table

Protocol obfuscation

Total/Severe blocking will take a bit more:

(see next slide)

Mesh/Store and forward

For more info on mesh networks

Needs a clear front runner for setting up such a system

Wikipedia if nothing else

http://en.wikipedia.org/wiki/Wireless_mesh_network

Village Infrastructure in a Kit-Alpha (VIKA) Project

http://www.cuwin.net/node/325

U.S. Underwrites Internet Detour Around Censors

http://www.nytimes.com/2011/06/12/world/12internet.html?_r=2&pagewanted=all

Clock based attacks

Overview

Some protocols allow you to check the remote system�s clock

Clock difference could be an issue

Major difference are easy to spot

Minor clock issues may need statistical analysis

Incidents

For skew, see:

Steven J. Murdoch, "Hot or Not: Revealing Hidden Services by their Clock Skew"

University of Cambridge, Cambridge, 2006

http://www.freehaven.net/anonbib/cache/HotOrNot.pdf

I2P Clock differences in I2P

http://www.irongeek.com/i.php?page=security/darknets-i2p-identifying-hidden-servers

Clock Issues

Clock Differences

Mitigation

Attack can be hard to pull off because of network jitter

Set clocks with a reliably and often used NTP server

Some mitigation may take place in the darknet protocol itself

Metadata in files

Overview

Metadata is data about data

Just a few files types that contain metadata

JPG

EXIF (Exchangeable image file format)

IPTC (International Press Telecommunications Council)

PDF

DOC

DOCX

EXE

XLS

XLSX

PNG

Too many to name them all

Things stored: User names, edits, GPS info, network paths, MAC addresses in odd cases. It all depends on the file format.

Incidents: Pwned by Metadata

Mitigation

Well, clean out the metadata, duh!

Apps vary on how to do it

local attacks

(at this point, it is already probably a lost cause)

Overview

If they have access to the local box, your hosed

Comes down to mostly traditional forensics

Data on hard drive

Cached data and URLs

Memory Forensics

Mitigations

Anti-forensics

http://www.irongeek.com/i.php?page=videos/anti-forensics-occult-computing

Live CD/USB, but see Andrew Case�s work:

https://media.blackhat.com/bh-dc-11/Case/BlackHat_DC_2011_Case_De-Anonymizing_Live_CDs-wp.pdf

Full hard drive encryption

Sybil attacks

Sock puppetry

Overview

Ever heard of Sybil attacks?

Think sock puppet, one entity acting as many

May allow for control of routing, elections, etc.

Makes many of the other attacks easier

Sock puppetry/Sybil

Mitigation

No absolute fixes

Make it cost something to have nodes (hashcash)

IP restrictions:

Both Tor and I2P restrict peering between IPs on the same /16

Central infrastructure may be more resilient against Sybil attacks (but has other issues)

Peering/Profiling strategies

SybilLimit/SybilGuard/SybilInfer

Traffic Analysis Attacks

First/Last in chain attacks

Tagging attacks

Timing attacks

Overview

There�s much focus on this in academia, but I imagine application layer flaws are more likely to snag someone

So many subtle variation on profiling traffic

Could be:

Timing of data exchanges

Amount of traffic

Tagging of traffic by colluding peers

Generally takes a powerful adversary

Hard to defeat in �low latency� networks

I2P one-way tunnel mesh network: Logical view

I2P one-way tunnel mesh network:

ISP view

End point and exit point

Timing Correlation

Mitigation

More routers

More cover traffic

(smaller needle in a larger haystack)

Entry Guards for first hop

One way tunnels

Short lived tunnels may help

Better peer profiling

Signing of the data

Fixed speeds

Padding and Chaff

Non-trivial delays and Batching

Intersection/Correlation Attacks

Overview

Could be as simple as knowing who is up when a hidden service can be accessed

Techniques can be used to reduce the search set

Application flaws and information leaks can narrow the anonymity set

Harvesting attacks

Correlation

Cut down needed checks

Mitigation

More nodes

Give less data that could be used to reduce the anonymity set

Make harvesting/scrapping attacks harder

Checkout �De-anonymizing I2P� paper and talk I�ll link to later

Links

Selected Papers in Anonymity

http://www.freehaven.net/anonbib/

I2P�s Threat Model Page

http://www.i2p2.de/how_threatmodel.html

General Darknets Talk

http://www.irongeek.com/i.php?page=videos/aide-winter-2011#Cipherspace/Darknets:_anonymizing_private_networks

De-anonymizing I2P

http://www.irongeek.com/i.php?page=security/darknets-i2p-identifying-hidden-servers

http://www.irongeek.com/i.php?page=videos/identifying-the-true-ip-network-identity-of-i2p-service-hosts-talk-adrian-crenshaw-blackhat-dc-2011

Thanks

Conference organizers for having me

Tenacity for helping get me to Defcon

By buddies from Derbycon and the ISDPodcast

Open Icon Library for some of my images

http://openiconlibrary.sourceforge.net

Events

DerbyCon 2011, Louisville Ky

Sept 30 - Oct 2

http://derbycon.com

Louisville Infosec

http://www.louisvilleinfosec.com

Other Cons:

http://skydogcon.com

http://hack3rcon.org

http://phreaknic.info

http://notacon.org

http://outerz0ne.org

Questions?

42





Printable version of this article