Educause Security Discussion mailing list archives

Re: this reading could be fun or serious

From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Thu, 13 Sep 2007 14:39:54 -0400

Most TOR connection go from the client computer through three TOR
nodes and finally to the destination computer. The Client libraries
actually encrypt the data three times, once for each of the three TOR
nodes. So data flows from your computer to the first TOR node in
effectively a triple encrypted fashion. So even the first TOR node
cannot decrypt the information you are sending.

However, the last TOR node, the Exit Server does not and cannot
encrypt the data flow from it to the ultimate destination because the
destination is not a TOR aware participant. I've included some
horrible ASCII Art below to depict what happens.

Of course if you use a normally encrypted protocol (such as https)
then it will provide the protection on the last hop (and all through
the TOR connection as yet another layer of encryption).

The researcher in the article was operating a TOR Exit Node (anyone
can) and was watching the data leave his computer. He might not have
the IP address of the originating client computer, but he does get the
content (which in many cases implies the source!).

                        -Jeff

P.S. Regular http connection to TOR hidden services *are* protected
by TOR and no additional encryption is needed for them (hidden
services are those where the destination address is something of the
form 879187298kcye.onion [domain name ends in .onion]).

      +-----------------------+
      |                       |
      |   Client Computer     |
      |                       |
      +----------+------------+
                 |
                 |  Encrypted by TOR
                 |
                 |
      +----------v------------+
      |                       |
      |   Tor Input server    |
      |                       |
      +----------+------------+
                 |
                 |  Encrypted by TOR
                 |
                 |
      +----------v------------+
      |                       |
      |   Tor Middle Server   |
      |                       |
      +----------+------------+
                 |
                 |  Encrypted by TOR
                 |
                 |
      +----------v------------+
      |                       |
      |   Tor Exit Server     |
      |                       |
      +----------+------------+
                 |
                 | NO TOR Encryption
                 |
                 |
      +----------v------------+
      |                       |
      |   Desination Site     |
      |                       |
      +-----------------------+

--
 =======================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
 =======================================================================

Attachment: _bin
Description:

Current thread:

this reading could be fun or serious Vuong Phung (Sep 11)
- <Possible follow-ups>
- Re: this reading could be fun or serious Pace, Guy (Sep 11)
- Re: this reading could be fun or serious Curt Wilson (Sep 11)
- Re: this reading could be fun or serious Jeffrey I. Schiller (Sep 13)