Recently, I spoke at the C0C0N X Security & Hacking Conference 2017 held at Le Meridien, Kochi. The talk focussed on the 'Hiddenness' of TOR Hidden Services specific to the detection of HS Directory Surveillance by injecting Decoys or Honeypots inside the TOR network. Here’s the digest of the presentation.
What is TOR?
The Onion Router – Gateway to Anonymity
How TOR works?
Establishing the Circuit
Directory Authorities - The Gatekeepers of TOR
Introduction to TOR Hidden Services (HS)
Why run a TOR HS? - Sneak peek into HS features
How TOR HS works? - HS Rendezvous Protocol
Analysis of hiddenness of TOR HSs
Research Hypothesis - Are TOR HS really Hidden?
The HS Honeypot Approach
Setting up the Onion Decoy Project
Live Demo
Hosting Tor Hidden Service in seconds with Docker Containers
How to setup Honeypots (aka Onion Decoys) inside TOR Network
Live probing of Onion Decoys to detect intrusions by attackersResults of the Onion Decoy Experiment
Private Hidden Services are not really hidden
Conclusion & Takeaways
Everything can be a Honeypot, if you don’t know it fully
The more you hide, The more somebody wants to know why
The Source Code of the Onion Decoy Project is available at https://github.com/OnionDecoy
Below is the presentation for the delivered talk.
