Article Preview
TopIntroduction
The Tor Anonymous Network was originally planned as a military project and was funded by the U.S. Naval Research Laboratory. Then the project was continued by the Electronic Frontier Foundation. The anonymity of using the Tor network is achieved by using the Tor Bundle as nodes of various types. To implement the principle of onion routing by the network, Tor uses input nodes, relay nodes, and output nodes. The principle of Onion routing is provided by three “layers” of encryption of the transmitted information. At each node, one of the encryption layers is removed and thus an unencrypted data stream is transmitted between the output node and the Internet. This feature is used by both attackers and law enforcement agencies to conduct various kinds of attacks and analysis. Due to the fact that the data is encrypted, an SSL/TLS handshake occurs during the establishment of an encrypted connection. One of the steps in this handshake is the transfer by the Tor server to the user of the X.509 TLS certificate. The simplified scheme of the Tor network operation is presented in Figure 1.
However, when the project began to be used to protect citizens and their privacy, the Thor project was used by various criminals, including terrorists, extremists, pedophiles, drug and weapon dealers, and cyber fraudsters.
According to the RIA Novosti news portal (2019), citing a representative of the Main Directorate for Combating Extremism of the Russian Ministry of Internal Affairs, terrorist recruiters and radicals have shifted their activities to the so-called “Darknet” in connection with measures taken by law enforcement agencies to reduce extremist content in the public segment of the Internet.
Figure 1. The Tor network operation
This project attracted the attention of law enforcement agencies in many countries, as it was used to commit a large number of various crimes. These were both cybercrimes and crimes that used data transmission channels and software.
In connection with the increase in the use of the Tor Bundle for realizing the anonymity of Internet users (Burtsev, 2017), as well as with the increasing role of this complex in the process of committing crimes in the field of information technology, law enforcement and security bodies attach great importance to the early suppression of such activities and the identification of persons involved in the commission of such crimes. The tasks facing law enforcement agencies also determine the research interest in this problem, the solution of which contributes to ensuring information security.
At the same time, there are two main tasks that the research activity was aimed at: establishing the identity of the user of the Tor network, deanonymizing it, and also blocking user access to the Tor network.
The main motivation for the proposed study is the increasing role of anonymizers and, in particular, the Tor software complex, in committing crimes using the Internet, as well as applications that allows to hide the identity of the user (for example, the IP address from which the network is accessed).
Also, an important reason for conducting research on this topic is its attitude to one of the main areas of scientific research in the field of information security, the list of which was approved on August 31, 2017 by Secretary of the Security Council of the Russian Federation N.P. Patrushev. The study is conducted in the framework of solving scientific and technical problems of using information technologies in operational-search activities, namely, solving problems of identifying and combating crimes committed using information technology.
Anonymous networks are used by terrorists, extremists, sellers of weapons, drugs, and child pornography. Therefore, the suppression of crimes in the form of restricting access to the Tor network is related to the above problem.
In our study, we chose as our task the clarification of the list of signs and features of the certificates of the Tor network, which could become the basis for the application of legal blocking of access to an anonymous network.