Elliptic Curve Is At The Core Of Internet Privacy … and it’s the Core of an Onion

As we move into an Information Age, there is a continual battle on the Internet between those who would like to track user activities, and…

Elliptic Curve Is At The Core Of Internet Privacy … and it’s the Core of an Onion

As we move into an Information Age, there is a continual battle on the Internet between those who would like to track user activities, and those who believe in anonymity. The recent right to be forgotten debate has shown that very little can be hidden on the Internet, and deleting traces can often be difficult. The Internet, too, is be a place where crime can thrive through anonymity, so there is a continual tension between the two sides of the argument.

To law enforcement agencies the access to Internet-based information can provide a rich source of data for the detection and investigation of crime, but they have struggled to find evidence with the Tor (The Onion Routing) network. Its usage has been highlighted over the years, including in June 2013 when Edward Snowden, used it to send information on PRISM to the Washington Post and The Guardian. The trace of a user’s access to Web servers is thus confused with non-traceable accesses. This has caused a range of defence agencies to invest methods of compromising the infrastructure, especially to uncover the dark web.

Its development received funding from Electronic Frontier Foundation, and further developed by The Tor Project — a non-profit making organisation. Many government agencies around the World now target its cracking, such as with the Russian government offering a bounty of $111,000. A strange feature in the history of Tor is that it was originally sponsored by the U.S. Naval Research Laboratory (which had been involved in onion routing), with its first version appeared in 2002. The original demonstrator was created by Roger Dingledine, Nick Mathewson, and Paul Syverson, and who have since been named, in 2012, as one of Top 100 Global Thinkers.

Web traces contain a wide range of information, including user details from cookies, IP addresses, and even user behaviour (with the usage of user behaviour fingerprints). This information can then be used to target marketing to users, and also is a rich seam of information for the detection and investigating crime. The Tor network has long been a target of defence and law enforcement agencies, as it protects user identity, the contents of the accesses, and the source and destination locations. Connections within the Tor network can either just use it to route over public network networks (in a similar way to tunnelled VPN connection which are tunnelled through a gateway) and connect using HTTP or HTTPS (and where an exit gateway will define the host which is making the accesses), or can route directly from the browser to the service (these connect to .onion sites).

Web sites which exist in the Tor network and which have a binding from the Tor browser to the end service are often known as residing in the dark web, and are not accessible to most search engines such as Google. Tor can thus could be used to bind to a server, so that the server will only talk to a client which has been routed through the Tor network. This is the closed model of creating a Web infrastructure and which cannot be accessed by users on the Internet using non-Tor enabled browser.

With the Tor network, the routing is done using computers of volunteers around the world to route the traffic around the Internet, and within each hop the chances to trace the original source significantly reduces. In fact, it is rather like a pass-the-parcel game, where game players randomly pass to others, but where eventually the destination receiver will eventually receive the parcel. As no-one has marked the parcel on its route, it’s almost impossible to find out the route that the parcel took.

The encryption involves each of the routing nodes (the relay nodes) having a symmetric encryption key, and the data is encrypted with each of the keys (Figure 1). In this case the purple key is the encryption key of the first node, and is the last to be encrypted. As the data goes through the network, each node decrypts with their key. The last part of the communication, out of the gateway, will thus be non-encrypted, but a protocol such as HTTPS can be used to protect the last part of the communication.

Figure 1: Onion routing

At the core of Tor is Onion Routing, which uses subscriber computers to route data packets — known as cells — over the Internet, rather than using publically available routers. One thing that must be said is that Tor aims to tunnel data through public networks, and keep the transmission of the data packets safe, which is a similar method that Google uses when you search for information (as it uses the HTTPS protocol for the search). So for a Tor network, let’s ask a few questions:

Can a remote Web site determine my IP address? For Tor, the answer is: No (it will contain the gateway address of the exit node, as we have in a VPN tunnel). For HTTPS, the answer is: Yes (the source IP address of the access will show up the source address of the HTTPS request, unless a proxy or VPN connection is used).
Can the remote Web site determine my computer type? For Tor, the answer is: No (it hides the connection details). For HTTPS, the answer: Yes (the details of an HTTP request will be passed, including details of the browser and computer type, unless some obfuscation is used on the browser or where a proxy is used).
Can someone view the details of the data contained within the network packets? For Tor, the answer is: No (there are multiple keys used, and an intruder would have to gain ever key to crack the communications). For HTTPS, the answer is: No (the key should be secret between the client and the server).

Tor traffic uses fix length cells which flow across the network, and create a circuit, and where each relay node only knows its predecessor and its successor. Each relay node then stores its own symmetric key for the connection and uses this to decrypt cells that are routed through it. For a connection between a client and a server we thus have:

A stream cipher. This is symmetric key encryption (typically 128-bit AES in counter mode with an IV) for encrypted traffic, and where each relay node has negotiated its key with the server (and which the client will also know).
Public-key key encryption. This uses either 1,024/2,048 bit RSA or Elliptic Curve for identity provision of the relay node.
Elliptic-Curve Diffie-Hellman method for key negotiation. With this only the client and the server will know the keys involved for each of the relay nodes. It uses Curve25519 for the negotiation of the key and which uses the high-speed Elliptic-curve Diffie-Hellman method [1].
A hash function. This is typically SHA-1, and is used to check the integrity of the data cells.

The client or server will initially send a cell and which is encrypted with each of the symmetric keys used in the Tor relay nodes, and encrypted in the sequence where the first relay node has the last encryption key applied (the outer layer of the onion), and the first one used has the key of the last relay node (the inner most layer of the onion). The negotiation of the key that each relay node uses is done on the creation of the circuit with the ntor handshake. This uses the Curve25519 method [1] and where the network shares the G and N value.

Along the route, each Tor relay node takes the cell from its predecessor and decrypts with the negotiated symmetric key. It then passes the cell onto its successor. With Curve25519 we generate a 32-byte secret key (256 bits) and a 32-byte public key. A hash of the shared secret is then created as a 32-byte secret key (Curve25519(a,Curve25519(b,9)), as illustrated in Figure 7.22. This is used for a 128-bit or 256-bit AES key.

Figure 2: Curve25519 method [1]

Code

Some sample code is [here]:

from os import urandom
from eccsnacks.curve25519 import scalarmult, scalarmult_base
import binascii

a = urandom(32)
a_pub = scalarmult_base(a)

b = urandom(32)
b_pub = scalarmult_base(b)

k_ab = scalarmult(a, b_pub)
k_ba = scalarmult(b, a_pub)

print "Bob public: ",binascii.hexlify(b_pub)
print "Alice public: ",binascii.hexlify(a_pub)
print "Bob shared: ",binascii.hexlify(k_ba)
print "Alice shared: ",binascii.hexlify(k_ab)

and a sample run is:

Bob public:  2f2a9b6b82a1a696a4622923f1fe2ec7689383183ae32d1c011b9fce02b2225d
Alice public:  a44ae94deccf2313a4cffda0b93c1031b49902e7a34e86e73d30c40eeac49f14
Bob shared:  4cce4255bc41ff7c2b4a2d153c499dbaaf665d26426bf3f10f156c0849c19c49
Alice shared:  4cce4255bc41ff7c2b4a2d153c499dbaaf665d26426bf3f10f156c0849c19c49

Conclusion

If we were to build the Internet again, we would build it as a Tor network. The Internet we have was never really designed for security, and we have ended-up with an infrastructure which is flawed and doesn’t properly integrate privacy and identity.