Tor and the Silk Road
This lecture was all about Tor and anonymous communication and then briefly talks about the Silk Road. Instead of just looking at the Silk Road, I expanded my view. I’ve been looking at the Whisper protocol which is a communication protocol that allows decentralized apps communicate with each other. In addition, one can use Signal if you’re trying to communicate as well. Irrespective, the lecture gave a good overview on how it can be used.
Questions answered in this Post:
- What is anonymous communication?
- At a high level, how does a message move in Tor?
- How do you hide routing information?
- Where does the term “onion network” come from?
- What is a hidden service?
- Reading recommendations
Anonymous Communication
Here’s a breakdown of the initial communication network. You have a bunch of senders and receives. For a message to get to a recipient, it has to pass through a communication network where multiple parties will propagate the message forward to the recipient.
Similar to how a Mix worked, a sender wants to send a message to a particular recipient but they do not want to be linked. There are adversaries who are considered the threat model. Any edge or node can be considered an attacker. The lecturer claims that there must exist at least one honest sender, communication network path, and recipient though for the message to get sent.
Tor: high level
Now how does Tor allow the message to pass through safely? Tor does this by picking a chain of intermediaries to find the route. The route can be random but it is fixed in the Tor protocol to be 3. The sender will pre-select a path of (3) x intermediaries for how the message will pass. The security guarantee is thus, as long as one of the nodes is not compromised then the sender is safe. By safe, I’m referring to the unlinkability is maintained. There are some attacks on Tor specifically “end to end traffic correlation attack”. People will look at timing to see when the nodes may communicate with each other. One key challenge is how do you hide routing information?
Tor: hiding router information
To send a message, the destination (IP address) has to be present. However, if we think any of the routers are compromised, we do not want the router being able to see the destination. Arvind mentions that the answer is encryption, specifically layered encryption. Layered Encryption resembles an onion which is where the term onion routing comes from. Alice and the first router share a symmetric key. Alice and the second router share another key. Alice and the third router also share a key. The symmetric keys are ephemeral just to be used when needed. The only long term keys are the keys held by the routers where each would have a public key and such. The last leg from the third router to Bob is unencrypted. However up until that point the message is encrypted. As the message passes along the routers, there are layers of keys that gets peeled off which indicates the next place to send it and the encrypted message. If you use secure web browsing of https, you’re able to encrypt the final message to Bob.
Silk Road: Challenges
According to the lecturer, Silk Road was an anonymous market place that sold illicit items and run by Dread Pirate Roberts. Also, the Silk Road was a hidden service. Thus it’s not something you can quick “Google”. To connect you’d need to find a “rendez-vous” point (Tor router) through Tor. Then it will publish the mapping between it’s name and the address of the rendez-vous point. Thus clients can connect to the rendez-vous point and then get access to your website. The addresses are usually random strings of characters and numbers but they end with a .onion address. The closing for this was brief so no nice wrap up, but I’ve listed some readings below.
Reading Recommendations
If you really want to look more into the topic of Silk Road, I have two more recommendation for reading material that I truly enjoyed. The Silk Road portion was usually just portions of the overall books but worth reading the rest of the book as well. I got them both from Overdrive connected to my local library but I’m sure you can also just buy them somewhere too. The first one was Digital Gold. The second one was Dark Net which again really liked. I haven’t gotten to the lecture that they cover the Silk Road and thus I’ll probably recommend that as well.