Onion Routing and Tor

Loading...

Del curso dictado por New York University Tandon School of Engineering

Enterprise and Infrastructure Security

95 calificaciones

New York University Tandon School of Engineering

Enterprise and Infrastructure Security

95 calificaciones

Curso 4 de 4 en SpecializationIntroduction to Cyber Security

This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. Emerging security issues in blockchain, blinding algorithms, Internet of Things (IoT), and critical infrastructure protection are also described for learners in the context of cyber risk. Mobile security and cloud security hyper-resilience approaches are also introduced. The course completes with some practical advice for learners on how to plan careers in cyber security.

De la lección

Blockchain, Anonymity, and Critical Infrastructure Protection

This module introduces several advanced topics in cyber security ranging from blockchain usage, user anonymity, and critical infrastructure protection.

Assignments and Reading2:29

Hashing Algorithms7:42

Blockchain - Part 16:26

Blockchain - Part 29:50

Cyber Attribution7:51

Onion Routing and Tor8:14

Chaum Binding Algorithm9:50

Critical Infrastructure - Part 1 - Requirements7:11

Critical Infrastructure - Part 2 - Protection Methods8:32

Welcome Roger Thornton (Part 2): CTO, AlienVault9:01

Conoce a los instructores

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC
Computer Science

Hi, everyone. Ed Amoroso here and I want to talk to you a little bit about

a topic known as Onion Routing,

something that enables anonymous communication.

Now, if you're here in the US,

kind of an interesting place to visit if you like to do cyber security,

is the Naval Research Lab down near Washington.

I've been there many, many times.

There's a wonderful group of researchers there that have just

made fundamental contributions to cyber security for so many years.

And it's a small group led by a guy named Paul Syverson.

He and I started our careers about the same time,

Paul and some of his colleagues,

but Paul kind of being the lead.

Working on this idea that as you're visiting resources on a network,

doesn't have to be the internet,

but for the most part,

it's browsing the internet.

That's kind of the concept that immediately springs to mind.

But again, there's nothing about Onion Routing

that necessarily makes it just browsers and the internet,

but we'll talk about it in that context.

The idea was, is it possible to go off and visit resources on

a network and not have it attributed to you? Do it anonymously.

You can think of folks who may be in a situation like

a domestic abuse who would like to ask for help or if you live in

a region where there may be some injustices and you want to make those injustices known,

and on and on and on.

And you think of a lot of different reasons, valid, reasonable,

society-friendly reasons for doing anonymity in network communications.

So, that was kind of the original concept.

What they came up with was the idea that,

let's assume it's a client and a server. Is that fair enough?

So a client-server, they said in between

the client and server they're going to put a network of nodes there.

I kind of think of these nodes in three different categories.

Like there would be sort of entry nodes,

intermediate nodes, and exit nodes.

And the idea being that I'm going to weave

some pattern through those nodes from client to server and make it really,

really hard for the server to kind of know who the client was.

Client will see where this is exiting,

but apart from that,

you're not going to be able to know that it's Billy buying baseball cards on this site.

You just won't know if you do this properly.

So, the way the thing works is you can think of

the anonymous communications as consisting of a bunch of routers,

like these intermediates, basic routers.

I don't mean router in the sense that you bought it from Juniper.

I mean router in the sense that these are

routable nodes that are supporting this protocol.

And the idea is that it's kind of quasi random.

It's not totally random because you have these different categories.

But you're picking a routing path and then enabling it by creating a bunch of envelopes.

So, what'll happen is,

in the envelope selection,

the way this works,

and I keep wanting to say the word Tor.

I think I'll just bring up the concept here,

that there is a browser that sort of lives and breathes this Onion Routing concept in

the context of an area of the internet we refer to

as Darknet that really does support this anonymity.

And the way the thing works is that the server will be sort of paired

up with an exit node in a "envelope".

So the exit node paired up with wherever it is you're trying to browse.

And then that, in some sense,

becomes embedded into an envelope that pairs up the exit node with an intermediate node.

And then that becomes embedded in

an envelope that pairs up the entry node with an intermediate.

And then finally, there's an envelope that pairs up the sender,

the client, with the entry node. That makes sense?

So it's like putting envelopes inside of envelopes.

In a sense, it's a wonderfully marvelous scheme because it works and

it provides sufficient anonymity that I think has kind of changed our world, right?

I'm sure you've heard of Tor and you've

probably heard of the Darkweb, the Darknet sometimes.

But I bet you heard of it in the context of kind of

maybe not all that societally-friendly stuff.

Let's look at this picture of kind of the Tor Browser here.

The image that we have of somebody using Tor

is that they're buying drugs or doing something nefarious or illegal.

The kind of stuff that we would say, "Don't do that."

Or maybe you would say, "Do it."

I would say, "Don't do it."

But the point is, this is kind of interesting when you go

back and look at Paul and his team's kind of invention,

a beautiful contribution to not just computer science but communications in general,

has been realized by an infrastructure that I

think does have a lot of sort of nefarious characteristic to it.

Again, it's by no means reflective of anything in the protocol the way this was designed.

But it's kind of interesting to sort of lament that you have kind of this bifurcated use.

Now, yes, there are legitimate and and excellent implications

of using Tor in order to, like I said,

if you live in an affected region where there may be some serious injustices,

then this is a way for you to be part of a community and

to be heard and to make your voice known.

But again, Darknet is usually where,

say, stolen credit cards would be posted for sale.

So what's happened is,

a lot of cyber security experts,

hunters, and analysts, and certainly law enforcement folks,

go dive into that sort of nefarious portion of the internet,

not in some sense indexed by Google,

and they use their Tor browser to go sort of hunt

around and find whether or not, for example,

Bank XYZ has had their credit cards stolen and is now up for sale on this Darkweb.

So these threat intelligence services have emerged that go and tunnel through and

look around and pull data from this portion of the internet that was set up for,

some sense, these nefarious purposes.

So in the context of cyber security,

there's two dimensions to all of this.

One is that clearly,

there's an anonymity component here that's interesting.

As computer scientists, it's interesting and fun to look at how that works.

But the second angle is that when attacks are made on businesses,

the effects are usually held in some sort of commerce,

illegal commerce, that's on the Darkweb that's accessible via Tor use anonymity.

So, what goes around comes around, doesn't it?

Really interesting stuff.

If you are interested in this,

I hope you go dig a little bit deeper.

I hope you read kind of the original seminal paper on kind of Bitcoin to learn

a little bit about how the commerce

is supported here because when you're buying something on the Darkweb,

you're probably using Bitcoin that's block chain supported.

Go back and look at some of the work that Paul and his team have done.

And subject to your own local considerations and and laws and policies and so on,

if it makes sense and it's appropriate for you to download Tor,

you may want to try and do that and see how that thing works.

But again, that's certainly subject to your local situation, local consideration.

It may not be appropriate,

maybe in your school, your business,

your country, for you to be doing this.

But if it is, and you're comfortable with that and you have appropriate legal cover,

then go ahead and do it and you may learn something through your use of Tor.

And again, it's very reflective of

the fine contributions not just of everyone

at the Naval Research Lab and other places here in the US,

but of Paul Syverson and his colleagues as well.

I hope this has been useful for you and I'll see you in a subsequent video.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.

© 2018 Coursera Inc. Todos los derechos reservados.

Descargar en la App Store

Consíguelo en Google Play