Tor PI

Disclaimer

Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.

 

Please ensure you are using the latest SD Card image which is available here.

 

Teacher Overview

The Onion Router initially was developed in the mid 1990’s by the United States Naval Research Laboratory, with the purpose of protecting online communications which was then taken over by Defense Advanced Research Projects Agency (DARPA) in 1997. In 2004, the Naval Research Laboratory released the code for TOR under a free license, where it was quickly adopted by many individuals and organisations for secure ways of communication other than using the World Wide Web (www) and its related protocols. The internet is simply a huge collection of clients and web servers that are connected using a range of different protocols, but most importantly a lot of routers to make a path between a client (you) and the web server (the website you are trying to visit). These protocols by default are trying to make the shortest distance between you and your website, sometimes not knowing the IP address of the server you are trying to communicate with. When you are trying to connect to a web server your IP address and location is revealed and the same with the web server when communication has been established. It is also possible for more places along the way to know where your data is coming from and where it is trying to go.

TOR works with anonymity in mind from the beginning of the design of this system. This is instead of relying on everyone knowing your data, as well as knowing where it has come from and where it is going to; thus, keeping it secure. The destination IP and host IP are both kept hidden within TOR. Nodes within TOR only know the previous node the traffic had come from and where it was being sent to next. Any traffic within TOR is redirected through at least 3 different nodes before it can reach its destination, thus increasing the security of this system and is a good way to avoid detection online.

It must be noted that this is not a completely secure system, and if the connection to TOR is misconfigured then the traffic will not be secure. Moreover, if you are not connecting to .onion websites then the traffic is directed through non TOR methods. In 2014, news reports claimed that the NSA had cracked TOR and their method was to establish a large percentage of the TOR nodes in their own control. By combining this with a range of statistical methods they could estimate where the traffic was coming from and where it was going. The best way to avoid this continuing is to increase the number of nodes that the TOR traffic must go through, although this will make the response time increase.

There is a huge stigma associated with TOR that is unjustified and is no more than the problems that are associated with services working over the common internet. It is important that the students move away from this stigma and recognize that caution must be used anywhere on the internet, not just on the dark web. The majority of these issues come from a lack of understanding and education about these systems. TOR has been used by individuals where their governments control the common internet and restrict information and news that passes in and out of that country. There are a huge number of organisations that use protocols like TOR to protect their communications of sensitive data and obviously there are military systems that utilize alternative systems than the common internet for more secure communication. TOR is just 1 example of an alternative system that could provide more security for individual users on its network, if it is implemented properly.

Make sure the students understand this is an introduction to TOR and needs to be researched a lot more to be implemented on a home system.

Suggested Year Group

The suggested age group is 17+, due to the nature of this project and the skills it is developing.

 

Learning Outcomes

  • Explain to the students how TOR works;

  • Illustrate the security benefits of TOR;

  • Show the students how to configure the Raspberry Pi to reroute traffic through TOR.

 

Hardware Required

Component Number (Peli Case)

(Base) 4 + 5

(Base) 5

(Base) 9

(Level 1) 3

(Level 1) 3

(Level 1) 5

(Level 1) 1

Component Number (Box Case)

Slot 1

Slot 11

Slot 2

Slot 11

Slot 11

Slot 12

Slot 13

Component

Raspberry Pi + Case

Raspbian SD Card

TFT Screen

HDMI

Wireless Keyboard

Wireless Mouse

Power Supply Unit

 

VIDEO GUIDE

 

Conclusion

This project is designed to introduce the students to TOR and the applications this technology has in IT and security. There are a wide range of applications for systems like TOR that are focused on security. Instruct the students to research potential applications of TOR for organisations and individuals. Make sure they are cautious when exploring TOR and stick to legitimate websites and do not reveal any personal information. This is the exact same practice they should be doing already with the common internet. Make sure the students focus on the legitimate applications of this technology and its ability to allow security. Focus on how this can be a benefit in many situations and how this technology can be adapted and developed for a wide range of projects.