Isilingo: Ungakufihla kanjani ukusetshenziswa kweTor ukuze udlule amabhlogo

Ukuhlolwa kwe-inthanethi kuyindaba ebaluleke kakhulu emhlabeni jikelele. Lokhu kuholela “ekuqhudelaneni kwezikhali” njengoba izikhungo zikahulumeni nezinkampani ezizimele emazweni ahlukene zifuna ukuvimba okuqukethwe okuhlukahlukene futhi zizabalaza nezindlela zokweqa imikhawulo enjalo, kuyilapho abathuthukisi nabacwaningi belwela ukwakha amathuluzi asebenzayo okulwa nokuhlolwa.

Ososayensi abavela eCarnegie Mellon, Stanford University kanye namanyuvesi e-SRI International aqhutshwa ukuhlola, lapho bakha isevisi ekhethekile yokufihla ukusetshenziswa kwe-Tor, elinye lamathuluzi aziwa kakhulu okudlula amabhulokhi. Sethula kuwe indaba emayelana nomsebenzi owenziwe abacwaningi.

I-Tor ngokumelene nokuvinjwa

I-Tor iqinisekisa ukungaziwa kwabasebenzisi ngokusebenzisa ukudluliselwa okukhethekile - okungukuthi, amaseva aphakathi phakathi komsebenzisi nesayithi alidingayo. Ngokuvamile, ukudluliselwa okuningana kutholakala phakathi komsebenzisi nesayithi, ngayinye engakwazi ukufihla inani elincane kuphela ledatha ephaketheni elidluliselwe - okwanele ukuthola iphuzu elilandelayo kuchungechunge futhi ulithumele lapho. Ngenxa yalokho, ngisho noma i-relay elawulwa abahlaseli noma ama-censor ingezwa kuketango, ngeke bakwazi ukuthola ikheli nendawo yethrafikhi.

I-Tor isebenza ngempumelelo njengethuluzi lokulwa nokucwaninga, kodwa ama-censor asenamandla okuyivimba ngokuphelele. I-Iran ne-China benze imikhankaso yokuvimba ngempumelelo. Bakwazile ukuhlonza ithrafikhi ye-Tor ngokuskena ukuxhawula kwe-TLS nezinye izici ze-Tor ezihlukile.

Kamuva, abathuthukisi bakwazile ukulungisa isistimu ukuze idlule ukuvinjwa. Ama-Censors aphendule ngokuvimbela ukuxhumana kwe-HTTPS kumasayithi ahlukahlukene, kufaka phakathi i-Tor. Abathuthukisi bephrojekthi badale uhlelo lwe-obfsproxy, oluphinda lubethele ithrafikhi. Lo mqhudelwano uyaqhubeka njalo.

Idatha yokuqala yokuhlolwa

Abacwaningi banqume ukwenza ithuluzi elizofihla ukusetshenziswa kwe-Tor, okwenza ukusetshenziswa kwayo kwenzeke ngisho nasezifundeni lapho uhlelo luvinjelwe ngokuphelele.

• Njengokuqagela kokuqala, ososayensi babeke okulandelayo:
• I-censor ilawula ingxenye yangaphakathi ehlukanisiwe yenethiwekhi, exhuma ku-inthanethi yangaphandle, engahloliwe.
• Iziphathimandla ezivimbayo zilawula yonke ingqalasizinda yenethiwekhi phakathi kwengxenye yenethiwekhi ehloliwe, kodwa hhayi isofthiwe kumakhompyutha abasebenzisi bokugcina.
• I-censor ifuna ukuvimbela abasebenzisi ukuthi bafinyelele izinto ezingafuneki ngokombono wakhe; kucatshangwa ukuthi zonke izinto ezinjalo zitholakala kumaseva angaphandle kwesegimenti yenethiwekhi elawulwayo.
• Amarutha kupherimitha yale segimenti ahlaziya idatha engabetheliwe yawo wonke amaphakethe ukuze avimbe okuqukethwe okungafunwa futhi avimbele amaphakethe afanelekile ukuthi angangeni ku-perimeter.
• Konke ukudluliselwa kwe-Tor kutholakala ngaphandle kwe-perimeter.

Kanjani lo msebenzi

Ukufihla ukusetshenziswa kweTor, abacwaningi bakha ithuluzi leStegoTorus. Umgomo wayo oyinhloko ukuthuthukisa ikhono le-Tor lokumelana nokuhlaziywa kwephrothokholi okuzenzakalelayo. Ithuluzi litholakala phakathi kweklayenti kanye ne-relay yokuqala kuketango, lisebenzisa iphrothokholi yalo yokubethela kanye namamojula we-steganography ukwenza kube nzima ukukhomba ithrafikhi ye-Tor.

Esinyathelweni sokuqala, imojula ebizwa ngokuthi i-chopper iqala ukusebenza - iguqula ithrafikhi ibe uchungechunge lwamabhulokhi anobude obuhlukahlukene, athunyelwa ngaphandle kokuhleleka.

Idatha ibethelwe kusetshenziswa i-AES kumodi ye-GCM. Isihloko se-block siqukethe inombolo yokulandelana kwe-32-bit, izinkambu ezimbili zobude (d no-p) - lezi zibonisa inani ledatha, inkambu ekhethekile F kanye nenkambu yokuhlola engu-56-bit, inani layo okufanele libe yiziro. Ubude bebhulokhi obuncane bungamabhayithi angu-32, futhi ubuningi bungamabhayithi angu-217+32. Ubude bulawulwa amamojula we-steganography.

Uma uxhumo lusungulwa, amabhayithi ambalwa okuqala olwazi awumlayezo wokuxhawula, ngosizo lwawo iseva iyaqonda ukuthi ibhekene noxhumano olukhona noma olusha. Uma ukuxhumeka kungokwesixhumanisi esisha, iseva iphendula ngokuxhawula, futhi ngamunye wabahlanganyeli bokushintshana ukhipha okhiye beseshini kuyo. Ngaphezu kwalokho, isistimu isebenzisa indlela yokwenza kabusha ukhiye - ifana nokwabiwa kokhiye weseshini, kodwa amabhulokhi asetshenziswa esikhundleni semiyalezo yokuxhawula. Le nqubo ishintsha inombolo yokulandelana, kodwa ayithinti i-ID yesixhumanisi.

Uma bobabili abahlanganyeli ekuxhumaneni sebethumele futhi bathola i-fin block, isixhumanisi siyavalwa. Ukuze uvikele ekuhlaselweni kwe-replay noma ukulibaziseka kokulethwa kokuvimbela, bobabili ababambiqhaza kufanele bakhumbule i-ID isikhathi esingakanani ngemva kokuvala.

Imojula eyakhelwe ngaphakathi ye-steganography ifihla ithrafikhi ye-Tor ngaphakathi kwephrothokholi ye-p2p - efana nendlela iSkype esebenza ngayo ekuxhumaneni okuphephile kwe-VoIP. Imojuli ye-HTTP steganography ilingisa ithrafikhi ye-HTTP engabetheliwe. Uhlelo lilingisa umsebenzisi wangempela ngesiphequluli esijwayelekile.

Ukumelana nokuhlaselwa

Ukuze kuhlolwe ukuthi indlela ehlongozwayo ithuthukisa kangakanani ukusebenza kahle kwe-Tor, abacwaningi bathuthukise izinhlobo ezimbili zokuhlasela.

Esokuqala salokhu ukuhlukanisa imifudlana ye-Tor emifudlaneni ye-TCP ngokusekelwe ezicini eziyisisekelo zephrothokholi ye-Tor - lena indlela esetshenziswa ukuvimba uhlelo lukahulumeni wase-China. Ukuhlasela kwesibili kuhilela ukutadisha imifudlana ye-Tor eyaziwa kakade ukuze kukhishwe ulwazi mayelana nokuthi imaphi amasayithi umsebenzisi awavakashele.

Abacwaningi bakuqinisekisile ukuphumelela kohlobo lokuqala lokuhlasela olumelene ne- “vanilla Tor” - ngenxa yalokhu baqoqe iminonjana yokuvakasha kumasayithi kusuka ku-10 Alexa.com ephezulu izikhathi ezingamashumi amabili ngokusebenzisa i-Tor evamile, obfsproxy kanye ne-StegoTorus enemojula ye-HTTP steganography. Idathasethi ye-CAIDA enedatha ku-port 80 isetshenziswe njengereferensi yokuqhathanisa - cishe ngokuqinisekile konke lokhu ukuxhumana kwe-HTTP.

Ukuhlolwa kubonise ukuthi kulula kakhulu ukubala i-Tor evamile. Iphrothokholi ye-Tor icace kakhulu futhi inezici eziningi okulula ukuzibala - isibonelo, uma uyisebenzisa, ukuxhumana kwe-TCP kuhlala imizuzwana engama-20-30. Ithuluzi le-Obfsproxy nalo lenza okuncane ukufihla lezi zikhathi ezisobala. I-StegoTorus, yona, ikhiqiza ithrafikhi eseduze kakhulu nesithenjwa se-CAIDA.

Endabeni yokuhlaselwa kwamasayithi avakashelwe, abacwaningi baqhathanisa amathuba okudalulwa kwedatha enjalo esimweni se- "vanilla Tor" nesisombululo sabo se-StegoTorus. Isikali sasetshenziselwa ukuhlola I-AUC (Indawo engaphansi kwejika). Ngokusekelwe emiphumeleni yokuhlaziywa, kwavela ukuthi esimweni se-Tor evamile ngaphandle kokuvikelwa okwengeziwe, amathuba okudalula idatha mayelana nezingosi ezivakashelwe aphezulu kakhulu.

isiphetho

Umlando wokungqubuzana phakathi kweziphathimandla zamazwe ezethula ukucwaninga ku-inthanethi kanye nabathuthukisi bezinhlelo zokudlula ukuvinjwa uphakamisa ukuthi izinyathelo zokuvikela eziphelele kuphela ezingasebenza. Ukusebenzisa ithuluzi elilodwa kuphela akukwazi ukuqinisekisa ukufinyelela kudatha edingekayo futhi lolo lwazi mayelana nokudlula ibhulokhi ngeke lwaziwe kubahloli.

Ngakho-ke, uma usebenzisa noma yimaphi amathuluzi okufinyelela okuyimfihlo kanye nokuqukethwe, kubalulekile ukuthi ungakhohlwa ukuthi azikho izixazululo ezifanelekile, futhi lapho kungenzeka khona, hlanganisa izindlela ezahlukene ukuze kuzuzwe ukusebenza kahle kakhulu.

Izixhumanisi eziwusizo nezinto zokwakha ezivela I-Infatica:

• Ucwaningo: Ukudala isevisi yommeleli ongavimbeli kusetshenziswa ithiyori yegeyimu
• Umlando wokulwa nokucwaninga: indlela ye-flash proxy eyakhiwe ososayensi abavela eMIT naseStanford isebenza kanjani
• Uqondwa kanjani uma ama-proxies eqamba amanga: ukuqinisekiswa kwezindawo ezibonakalayo zama-proxi enethiwekhi kusetshenziswa i-algorithm ye-geolocation esebenzayo
• Ungazifihla kanjani ku-inthanethi: ukuqhathanisa iseva kanye nama-proxies ahlala

Source: www.habr.com