Placeholder Image

字幕列表 影片播放

  • We've talked about Onion Routing and TOR, and

  • now i'd like to address the prickly subject of

  • hidden services, right? AKA the "dark web".

  • So Max has done a good video on the Dark Web,

  • and so you should definitely watch that one first,

  • so you know what it is. But it's quite a controversial topic,

  • because a lot of what happens on the Dark Web

  • is illegal, right? There's no two ways about it, that is true.

  • Some of it isn't, right, and a lot of what happens on TOR

  • in general--in fact the majority of what happens on TOR

  • in general, you know high Into the 90%

  • and that, and above--is perfectly fine, right?

  • it's just anonymous users browsing the web,

  • doing regular things but the TOR Hidden Services

  • are ones that the debate is about because

  • they're the ones where you sort of say

  • 'well, look, is it worth this bit of encryption?

  • Is it worth, you know, all the criminality that's on there and so on?'

  • So here's my Cloud--my TOR Cloud

  • and in essence, we've got lots of people going into

  • the network. lots of encrypted layers and things

  • happening, bouncing around, and then people

  • coming out of the network to servers, right?

  • Now the issue, from a security standpoint

  • Is what happens if There's someone Sniffing?

  • Here and

  • someone's Sniffing here

  • and They Can Correlate Traffic between the in and The out

  • and Work out what it is that I am Doing

  • Specifically Right then the whole Report the whole Point of Tor Which is Anonymization?

  • Has been defeated, Right? We already have encryption, so that isn't the point of talk,

  • that's just how, They do the anonymous communication

  • so the Dark web. or a hidden service to use the Proper Term, is

  • in Essence Where This server Moves inside this Cloud right so now We have a hidden service Running Inside this Cloud and

  • There is no B that's the Idea right so it Makes it very very difficult to find so there is Now a circuit that goes

  • Somewhere Between A

  • Around the Place

  • To this Hidden Service

  • and at no point has that left the network so there's no traffic correlation that can be done, Right?

  • All of these are just TOR sale messages that all look exacly the same.

  • Now, the way that TOR does this Is very very clever.

  • Euh, and I Look I will look into a little bit of detail on the protocol that it uses

  • But It's managed to form a

  • protocol where neither I nor the server

  • know who each other are, but we can still have a conversation which Is kind of nifty?

  • Okay

  • So then, let's start again with Onion routing

  • So, Onion routing is a protocol that could theoretically be implemented elsewhere.

  • There are other Mixing networks and things and other anonymization networks

  • But Hidden Services Is put predominately in the domain of TOR.

  • And TOR got the most users and the most nodes and it's the biggest and is in the News the most.

  • Let's Draw a little bit of a Network again, so

  • I shouldn't Have Drawn These Boxes Like This Because Now it takes me ages

  • So here's my server

  • Here's my Client and these

  • I'm Just going to Drawn with Boxes Because otherwise it's going to take far too long

  • These are Onion routers, so remember in normal Onion routing

  • The Client will Produce some

  • [Circuits] [or] some Hops and then they will Just Talk to the server but A server will be out on the normal Web Doing normal

  • Server Things

  • and won't be Anonymous what Hidden Services do Is

  • Anonymize This Server so they Allow Both the Server and The Client to talk to each other Despite the fact that

  • No One Knows who each other is Which Is quite Impressive

  • [Now] of Course if You then use [that] service Connection to Log in You're going to know you are but You get the idea

  • The Server Has To lay some Groundwork Down before A client Connects use a hidden Service Right so there's protocols in the Tor

  • Specification for doing This but [what] the server will do when they come online Is they will pick Three Onion Routers at Random and

  • Name Them as Introduction Points so let's Pick Them at Random now These are just normal Onion Routers They're very Likely to be Just doing

  • Regular

  • Normal Routing Tasks Like Circuits Through other Clients Into Servers and Things Some of These might be Exit Nodes

  • Entry Nodes and so on but As far as I know all Onion Routers Can, also act as

  • Introduction Points it's not A big Job [I] didn't Require A Huge Amount of Bandwidth the server will Make Connections

  • Circuits

  • to These introduction Points They've Either Full on tour Circuits with Three hops in Between Them the idea being That These introduction Points Know They're

  • Going to be introducing People to this server

  • But they don't know who it Is

  • Why it's Already the server is Hiding behind A layer of Anonymity here it will send Them a message to say I'd like you to

  • Act As an Introduction Point and Then

  • It will Create something Called A server Hidden Service Descriptor which I was [write] Down here that will Include the service Public key for

  • Occasion Purposes But I won't dwell on that Particularly but

  • Also Crucially the ip Addresses [of] These introduction Points Here Now These are all public Anyway they will Publicly Listed

  • Now it will Publish This Descriptor to something Called a Distributed hash Table that is to [Say] all [of] the Routers on Tor

  • will Hold Some in Some Part of the Information [on] all of These hidden Services

  • And the idea Is that if I try and Look up a hidden Service

  • The [Roots] Are Responsible for it will Give Me Back the Descriptor by including the Addresses

  • [Over] The Introduction Points Now the key for this Hash table is the Onion Address

  • Right so the Onion dress that Everyone Knows about

  • Is actually derived from the public key [of] this Server and Is in Essence the key but Gets

  • These ips Out of the Distributed hash table the whole Point of this Is [that] the Onion Address isn't publicized on the Global Tor Network

  • You Just find it other Ways like on A net

  • On an Internet or your friend tells you or?

  • in an Email or something like this the [Waiver] [the] Distributed hash Table Is

  • Programmed The vast Majority of Nodes Won't know what the description Is for A given Key I?

  • Only want more Probably or couple so there's an Inherent Security here it doesn't until Recently it's

  • Also Made it Quite difficult to Work at how Many Hidden services There were so this Is all set up now the server sits There

  • And Waits for [Internet] [Connections] [Or] People to ask for A, web web file Now

  • and These Onion Routers These ips the

  • Introduction Points Just sit There Being in Being normal Routed and Waiting here me I want to connect to this Hidden Service and Someone gave

  • Me the Onion Address so that's Really, what I need so what I do is I?

  • Request The descriptor off the hash Table and it gives it back that has the Three ip

  • And i pick one At random right let's Say This Top

  • One here what I'm going to do in Essence The Short Version

  • Is i'm going to ask this ip to Introduce me to a server and Then

  • We're Going to meet in The Middle at someone [debut] Point that's the idea so let's Work out How it Works

  • I'Ve Sort of run out of colors so i'm going to go?

  • Over the Orange Pen Here it's A bit bright I choose A

  • Rendezvous Point at Random and I create A [tour] Circuit to that Rendezvous Point Remember that Essentially all of These Arrows are the full

  • Connections This One has Two Hops on it not Three Because the Rendezvous Point is a third Hop

  • So it Goes on like this Now I send a message to the one 7-Point Saying I'd like you to Introduce me [to] the server

  • By This Introduction Point and I want you to send it the word

  • Cookie Right now that Could Be Any string [it's] not Important [the] point Is sort of like a One-Time Password Kind of Thing to verify

  • but no One Else has got Involved in This Conversation the Rendezvous Point Creates a circuit to this IP and sends it the Word Cookie it

  • Also sends its Own Address Because of Course this, doesn't know it because the Circuit and We [need] to be at a rendezvous Here

  • so this ip

  • Forwards The Cookie On to the Server and At this Point the Server Can Either Accept it and Decide to try and Make a Connection

  • Or do Nothing right so you Can Imagine a situation where Instead of A cookie Some kind of special Password

  • But you need to be able to connect to this Website and

  • The Server Just Does Nothing that's that's One Thing that Could happen right They Have an Authentication Token I think but at

  • This Point the Introduction Points Job is done There is no more

  • These Would be the serve Their Purpose all they do is Forward the Cookie [Onto] the server right

  • Bear in Mind, We don't know where it Is and

  • Eat the server Decides Whether it's going to connect

  • Let's Assume because Otherwise this will

  • Be a much Shorter Video that the server does want to talk said he to the Rendezvous Point so it creates

  • Another Circuit I don't know How Many 1 2 3 4 5 but at

  • [5] we've got [Six] Circuit right Across the Tor Network to the one David point Which is the cookie of The Wrong very Important Details

  • yes That Rendezvous Point Details will be

  • Well [it] be attached to the same message with the Cookie and yes Good Question now

  • The Server Sends The One They've Appoint A

  • Rendezvous Please Essentially Message [Weave] the Cookie in it and the Mod Labelled Point Looks at These Two cookies and Goes

  • Well I was requested of [One] They [blew] by this guy With this Cookie I've Received a Connection from some server

  • Also with the cookie They must be Talking About each other right that's the Idea it Could be doing Lots of on the Moves at

  • The Same Time With Different Cookies and it will then

  • Act as Just Another Hop on This Network and Connect These two up so this Comes over here like this and

  • This Comes Down Here and They Kind of get Bridged by this Rendezvous Point here Convened

  • On the Rendezvous Point [Acts] like A normal [Onion] mu 2 and Just decrypt Messages

  • Passes Them out the other Side like Always

  • so

  • for Anyone That's Sort of Lost count

  • There are at

  • Least six Hops here Right There Two intermediate Node on this Circuit then the Rendezvous Point in Three Intermediate Nodes on

  • This Circuit Right it's Just Part of the Protocol [that] There's only [Two] this Side that's Obviously going to be quite A lot slower than

  • Normal Talk These Could

  • Be all over the World like this it's going to Take quite a long Time

  • But There is no real Way of getting in on this Conversation

  • Right if You're Sniffing here or sniffing here all you're Seeing Is encrypted [tor] cells all of 512 bytes Long Jumping Around this Place

  • She's got, no Idea what any of Them are right very very difficult to track that's why, it's so difficult to find

  • Hidden Services okay Because They're Hidden yeah kind of the Point they, wouldn't Have Couldn't They?

  • [did] Something Else no they did in Term

  • They Didn't Name it Incorrectly to Say

  • Sometimes Were Vulnerabilities Found in The Protocol right or Compromised knows Which Allow Hidden Services to be Found this happened for example Silk Road -

  • But that's not [That] Common right and There's the bigger the Network Gets The more beautiful no Combinations are The heart of That Process Gets

  • Now as an Aside

  • Some Servers don't need Anonymity and this Many hops is too slow [all] right so they want to protect Their Clients but

  • They don't Care About but if People know who they are Facebook for example so Facebook Work

  • Foot-Tall Recently to Introduce Something Called Single Onion in That case the only Difference is the bit Server

  • Doesn't bother With These Three hops it just goes straight to the Rendezvous Point

  • Now That Obviously [Forgoes]

  • Servers Anonymity Because [The] One Living Point knows what it Is but it Takes a puppy

  • We know [Whether] servers are I think right so they don't mind about that Their Business Is protecting Their Customers

  • They don't Care but We know Where Their servers are so that's an Alternative and you it's quite A lot faster because you've Removed Three

  • Possibly Global Hops from There What Benefit Is [that] Facebook - you know some of Just using A normal tor

  • Connection Facebook There's a small Chance if You're using a normal tor Connection that some will be Sniffing Here and Sniffing Here and do Traffic

  • Correlation and Work out what's going on?

  • Right [There's] no chance About happening when it's a hidden server it Never leaves the Tor Network that's the thing if you Imagine that Cloud

  • You're Talking to Facebook Entirely Inside That Cloud very Hard to get in but on the other Hand

  • Facebook Server Location is Actually Known because if you

  • Were Operating the Rendezvous Point and Facebook said we'd like to connect back to the Client you'd immediately know that Because it's [Facebook's] Server so

  • it's like a Halfway Compromise

  • And i think a fairly reasonable Compromise so it's Facebook Putting one Foot, Inside the Cloud yeah yeah one Foot

  • Inside did to Talk Loud

  • With messages Encrypted Once With K3 it's encrypted Another Time with K2 and

  • When it's encrypted a final Time

  • With K1 Now Let's Think about what that means it Means that only This Routes are Here

We've talked about Onion Routing and TOR, and

字幕與單字

單字即點即查 點擊單字可以查詢單字解釋

B1 中級

TOR隱藏服務 - Computerphile (TOR Hidden Services - Computerphile)

  • 1 0
    林宜悉 發佈於 2021 年 01 月 14 日
影片單字