 Going back in summary proxy with HTTP using HTTP our data is not encrypted So we generally would like to use HTTPS With a proxy and just HTTP we must trust the proxy the proxy can read our data as can others But if we use a proxy and HTTPS the others cannot read our data the firewall cannot but we still must trust the proxy and The proxy can read your data Because the proxy needs a way to be able to decrypt the data to see the destination server address And that's a key difference with a VPN server Here the proxy can read the data So if you're accessing your bank website via the web proxy You may assume that the proxy knows your username and password and knows your account information because Normally for a web proxy to work the proxy requires the ability to decrypt the data So that's not a good idea But with a VPN and HTTPS The data is encrypted on your computer using HTTPS And it's not decrypted until it gets to the final server So the VPN cannot read your data But we still must trust the VPN not to reveal who's communicating Before we look at the the last technique the server cannot identify you well We say that because the addresses the server receives a packet the source is V is not you But how else can the server identify you? How does a web server know it's you? That's accessing it How does Facebook know it's you that's accessing it based upon your IP address? Based upon some session which comes from what you logging in All right So if you log into a website and you supply that your username and password of course the website knows it's you So when we assume or say here the server cannot identify you I mean they cannot identify you by the source IP address But they may identify you via other means if there's a login for that website of course they can identify you or if Even if there's not a login, but there's some other information that the web server observes cookies And some tracking of your behavior based upon past access. They may still be able to identify you So it's just with respect to the address Let's see the last technique which will try to Provide all security features and we'll see how it does that and The last technique is called Tor to our or the onion router It uses onion routing. What's an onion look like round and if you open it up an onion You cry and often why you you peel off the layers So there's usually an outer layer on an onion and then you peel off an inner layer and another layer and and so on so The concept of an onion or the concept of the name of onion routing is that we'll send a packet Which will be encrypted multiple times and as we send via Multiple VPN servers each one will peel off a layer Will unencrypt and send the inner part to the next one which will peel off another layer and keep going until it gets to the destination so the name comes from this concept of peeling off layers Which is in our context decrypting the packet and sending what's inside Taking out the outer header and sending what's inside Tor was designed for anonymous communications in the public Internet and The way that it works is that computers in the Internet Whether it's your home computer or a special server. It can be any computer that runs the Tor software actors relay nodes and The Tor relays are really like VPN servers But in Tor instead of using one VPN server. We'll see we'll use multiple VPN servers and What your computer does your source computer is That when you want to access a website The Tor software on your computer selects some relays to send via And has some approaches for doing that and they will send to a special Tor node called an exit node And then that exit node will send the data using the normal Internet without using Tor We'll see that in a picture Between the nodes from your computer to the first Tor relay to the next Tor relay They use encryption SSL in particular There's some key exchange so that they can Decrypt correctly What else? We'll see this come up when with our example the last one so let's see how it works and then look at the advantages of the issues here's our Client you want to talk to the server s some normal website in the Internet. There are some Tor relays Think of them as some routers in the Internet, but they in fact can be any computing device that runs the Tor software and In my picture, I've identified t1 t2 and t3 is Tor relay nodes and E is a special Tor node called an exit node So that there are four other computers. We're going to send via in this case So how does it work and this is the simplest as I can give explanation of Tor You choose so your computer runs some Tor software and one thing it would do is choose a set of relays to send via and an exit node So my computer has chosen t1 2 3 and e I have a HTTP packet to send not HTTPS yet just HTTP I Take that original HTTP packet and I set So take the data I Encrypt that and I attach a header that says the destination will be e and Then I encrypt all of that and this is hard to show on this picture. We may draw it again We will encrypt all of this packet With a different key and say the destination is t3 and then encrypt all of that again and Attach the outer header t2 have that all encrypted again and then the final outer header sources you destination is t1 Let's try and draw that as we go So you can see the steps. What have we got? We have and you can use your same picture. We'll draw it on top. We have t1 here t2 t3 and the exit node I Create a packet and it's going to be big There's the original data the HTTP request and some header identifying e and that is all encrypted with a key Let's get it correct. Actually, we can have the data encrypted with a key Known by e and then All of that is encrypted with a key known by t3 we attach another header identifying t3 and that's encrypted With a key known by t2 There's the header to t2 All of that is encrypted with a key known by t1 and then there's the outer header Source is you destination t1 That's the packet. It's on the slide, but I've also shown the keys and we'll see how that works So you can draw the keys on the slide to make it clear. So this is the original packet sent by you Who do you send it to who gets this packet? t1 all right t1 is the first relay node and Can t1 decrypt this packet? Well, let's look. Let's say we throw away the header. We peel off a layer. This is our onion t1 receives this packet Let's get rid of the header. What have we got left? We've got something encrypted encrypted with which key a key Which I don't know k t1 meaning a key that's known by both you and t1 only by that pair So yes t1 receives this removes the header peels off a layer and decrypts the contents What do they see? They see the destination. So when I write the address t2 here, I mean the destination of the next packet is t2 So t1 sees I need to send this onion to t2 Can t1 see the data the data is encrypted in fact multiple times It's encrypted that inner part now is encrypted with a key known by t2 not t1 So what does t1 send on to t2? Across this and I won't squeeze everything in but across this link from t1 to t2 there's the data e t3 and The source is t1 and The destination t2 When I write t2 here, I mean the destination is t2 and what's encrypted? Well The header is no longer encrypted from t3 through to the data is encrypted this part with k t2 Here that's that part. So this is this the onion being sent from t1 to t2 what happened That relay node t1 received the first one they could decrypt the inner part So they remove the header they peel off a layer of the onion Decrypt the inner part and realize our I need to send this to t2 That's what the header indicates. So now t1 sends this onion to t2 t2 receives this Can t2 decrypt again t2 a Tor relay node receives this onion it peels off a Layer it removes the outer header And it then it decrypts inside it can because it was encrypted with the key of t2 t2 decrypts this Sends it to who t3 when we decrypt This packet we see the next destination is t3 and we send that on to t3 Can we squeeze it in maybe at the top? We have the data He and the destination of this packet is t3. Remember we remove the header decrypt the insides And we see the destination is t3 source is still the one who send it t2 and that Internal of that is encrypted with t3 this part here so this was This packet is sent to t3 T3 receives it peels off the outer header It is the destination fine It decrypts because it was encrypted with key known by t3 so it can decrypt and It gets the internal packet and then sends that on to e another tour relay or tour node What is it data? Destination is e So just to save space when I write just the letter here I mean that is the destination. I haven't written the source address and the data is still encrypted With ke T3 sends this on to e e receives and then peels off the outer header decrypts and The data in this case that we're left over with is the original packet Which is going to go to the web server for example the HTTP get request here. We're just using HTTP so By the data really what we're left with this data We can think it it's going to go Source is e Destination is s and maybe it's the HTTP packet HTTP TCP and so on Everyone get that a lot of steps involved, but each relay node is doing the same thing What happened at the start is the source computer you you generate this packet this onion which starts with the The data that you want to go to the server say the HTTP request and the source or yeah, it goes to the server and Then you say this needs to go to e The data is encrypted with a key that e knows Then all of that is encrypted with a key that t3 knows and then you add a header saying this needs to go to t3 All of that is encrypted with a key t2 knows We add a header saying this needs to go to t2 and Then encrypted with a key that t1 knows Add a header saying this needs to go to t1 We send it to t1 and The way that we've set up that onion at the start is such that each relay node can decrypt and See who the next relay node is T1 decrypts and sees ah send it to t2 t2 receives decrypts sends it to t3 and T3 to e and then e eventually gets that HTTP message Which is not encrypted. It's HTTP sends it to the real web server The web server sends it back to e and he does the opposite Sends the onion back to you so that's the simplest explanation I give how it works What security features do we get with this? Let's say you intercept the packet at the firewall What can you see? You're the firewall. You're an ISP. You want to intercept the user's data We see the source and destination. What do they identify? The source and destination address tell us tells the firewall you is you are accessing t1 All right, so they don't reveal that you are accessing the server It does reveal you're accessing some computer in the internet known as t1 So that's some privacy the firewall doesn't know you're accessing this server s Can they see the data? No, the data is all encrypted multiple times. So the firewall cannot see your HTTP request They don't know it's going to the web server s What if let's say you intercepted the packet between t2 and t3? It may not be a single link here despite what my picture shows T2 and t3 may be computers on the other side of the world But they send to each other so let's say someone intercepts a packet between t2 and t3 What do they see? Source t2 destination t3 data encrypted So no one can see it's you Talking to the server and no one can see the data. So we have data confidentiality so far and No one knows that it's you talking to s What if you intercept at this router between e and s? What can you see you can see the data Between the exit node and the final server Tor is not used. This is just the normal internet access So the HTTP message is in the clear But the source address is e and the destination is s If you intercept here, you don't know that it is you talking to s you think it's e talking to s the exit node So we have privacy of who is communicating But not privacy of the data How do I keep that HTTP message encrypted? HTTPS So the next slide shows use Tor and HTTPS and we get almost the same but in addition This data going from e to s is encrypted Meaning no one between you and the server can see the data and No one can identify who is communicating in particular you to s What about that relay nodes the Tor nodes here? There were four relay nodes t1 t2 t3 and exit node e What did they see? Does t1? Know that it's you contacting the server s You shake your head why why does it not know t does t1 know it's you to s They know it's from you or they know they've received something from you So t1 receives a Tor onion from you That was here, but they don't know that the destination is s What they do know it's coming from you and it's going to go to t2 But anything beyond that they don't know because it's all encrypted so t1 Doesn't know that it's you talking to s In fact t1 doesn't even know if you was the original source The way that it works is that maybe what t1 received Came from someone before you So maybe you is just a relay node so there's no way for t1 to identify that you as the original source or a relay node forwarding for another source Similar for t2 t2 receives a packet source is t1 destination t2 and then they send a packet to t3 so t1 t2 Knows an onion come from t1 and Going to t3 But they don't know it's going to s and they don't know it came from you So the relay nodes only know their next neighbors the one that it came from and the next one They don't know the original or the final and they don't even know if the one that they're sending to is the original or is the final Similar with the others What about the exit node? It doesn't know you The exit node receives a packet from t3 and sends it to the server It doesn't know it's you accessing the server. It knows someone is But it cannot identify the original source That was using HTTP This is using HTTPS where we encrypt that HTTP message and the end result The firewall cannot read your data. It's all encrypted. They cannot see that it's you talking to the server Again, those addresses are encrypted Anyone between you and the server cannot read the data. It's encrypted all the way to the end and They cannot see the pair of addresses you and s being together Including the relay nodes and the exit nodes So in fact, we have confidentiality of the data all the way across the path and Privacy of who is communicating from everyone. We don't need to trust the relay nodes or exit nodes With a VPN, we needed to trust the VPN server with a web proxy when it needed to trust the web proxy in tour We don't need to trust any of those So we get with respect to these three solutions the ultimate security We've achieved our aim Questions on tour We're going to keep going for five or ten minutes and we'll finish this topic Everyone uses tour on a daily basis anyone has used tour recently It's quite easy. You can install some software on your computer and It's similar way with I use the secure shell proxy with my browser I can set it up to use tour I'll show you in a moment or in fact an easier way is you download firefox Which is configured automatically to use tour and it immediately uses the network. I'll show you an example before I What do we do we accessed? This was using the secure shell client. Let's disable that Let's go to no proxy back to the original Try again. What is my IP address? Well, that's accessing. I'll stop my secure shell session slow Okay, back to normal internet access I access what is my IP address and it says that Thomas out one. That's normal Now I have the tour client software installed on my laptop and Now I configure my browser to instead of sending direct across the internet send to the tour client software and it's quite easy it's similar to the secure shell proxy, but the tour client commonly uses port 9050 You can change it, but that's the default port number What that means Whatever I do on my browser my browser sends the data to the tour software on my computer and then that Software sends it to t1 t2 t3 exit node and then to the website and The tour software on my computer chooses the relays and there are rules as to which ones to choose and how often to change them But since the software is sitting and running in the background. Let's see if this works While that's accessing I Will start some interface that shows us the tour statistics The software is called arm arm just shows us some Statistics of what we're sending through the tour network the uploads and downloads So it's actually uploading some data and it's actually downloading some data at some speed now So I've accessed that website. Where am I? Where does what is my IP address think I am? Somewhere in Europe, maybe in in I don't know the city. I don't know former Serbia or Croatia or something I don't know the exact location somewhere in Europe We see from Euro net and this is the ISP indicates maybe in that region and The IP address of course is not Thomas up. This is the IP address of the exit node So what I just did my tour client sent to one relay sent to another relay and Then eventually sent to the exit node and then the exit node sent the request to this website So the website thinks the person requesting is The exit node and that will be the address there So I've hidden who is communicating the statistics we can see something about the The connections so the relays in my case I This is my address the Thomas out address The current one I'm connected to this address this other this is a first relay node and Then it Well, sorry, let's be precise my address the first relay node in France the second relay node in the Netherlands and The last node here. We just have two relays and then an exit node in SK. What's that Slovakia? okay, so This example has two relay nodes and one exit node So my data went to France Netherlands and then the exit node in Slovakia and then to the what is my IP address? website So that's the the tour. It's called a tour circuit in this case And you can change that so you'll have a different path and on a regular basis your tour software will change the path If I connect it again or or at a later stage it would have a different path and I would show up as a different IP address here So let's close with a summary or comparison of these techniques I think this picture is hard to see on your slides because you only have black and white But you know it all already. It's just a summary see what it shows us on the rows. We have the four techniques basic means no extra technique and We consider either HTTP or HTTPS and Then using a web proxy either HTTP or HTTPS a VPN and tour So really three security techniques web proxy VPN tour, but we have two options HTTP only or HTTPS and the columns the first five Show some of the security features Do we have data secrecy? That is can anyone read my data? If there's a tick and a green box it means no no one can read my data. That's good We have data secrecy if it's a red and a cross it means that's bad for data secrecy Someone can read my data so for example With basic HTTP we have no data secrecy with HTTPS we do our data is encrypted with a proxy With HTTP again no data secrecy. That is someone can read my data with HTTPS We do actually have secrecy Except we must trust the proxy So I say there's a question mark here. That is it's not full secrecy because we must trust the proxy in that case With a VPN we must trust the VPN server If it's your server, you of course trust your own device So that's okay, but if it's someone else's VPN server you must trust that and With tour if we use HTTPS we have data privacy The next column can we bypass the firewall all three techniques? Yes without them. No Because all three techniques we changed the destination address If the firewall was simply looking at the destination IP address Then we can bypass it with a web proxy VPN or tour Network privacy and server privacy network privacy Can someone between you and the server identify it's you talking to the server? Server privacy can the server identify it's you talking to the server? That's the difference Well, they all do the three techniques provide privacy, but there are some exceptions in some cases for example a proxy Knows that it's you talking to the server the VPN server knows it's you talking to the server So you must trust them With tour there's no one to trust there. We have the the full network privacy Do we have privacy from the server? Yes, but be aware the server can still identify you if you log into that website Or use other techniques to try and track who you are So it's not perfect if you use other techniques to to identify you We didn't say much about log analysis, but the idea is that You use these techniques today and then in a month's time some law enforcement agency or some government comes to your VPN server your web proxy operator and Can they then look at the logs of those different companies and find out that you contacted the the website? so that's the idea here or What would that? Agency need to do to find out Well, if you use a web proxy They would need to contact the web server and the proxy server and get their permission to see their log files If you're using a VPN you must they must contact the VPN operator With tour it's quite hard for some other agency to try and find out based upon the past Access what happened the last three are not security, but cost which one's cheapest Which one's easiest to use and which one performs the best Basically tour is free the other two may be free or maybe a pay-per-month. There's different options Which one's easy to use with a web proxy is simply use your browser pretty much anyone can do that With a VPN you need to set up some software or set up some configuration on your operating system and With tour you need to install some software With performance tour is generally the worst because you go via multiple different nodes Okay, he is not just one VPN server to send via but multiple relays in an exit mode So the performance can be much worse than the others and the others that performance depends upon Where the servers are but generally tour is worse than the others none of them none of the techniques Will give you the best performance Which one's best? tour Unless you want good performance Then maybe you need to go back to a VPN Unless you don't want to pay money and maybe you go back to a free web proxy unless you don't trust that web proxy server then So there's no one best solution you need to consider your requirements But generally the speed of tour is improving so it's now considered one of the better options If you're prepared to install the software and sacrifice a little bit of performance This slide we will not go through talks about the different tunneling protocols We demonstrated secure shell, but there are others I'll let you explore them and find out how about how those different tunneling protocols compare