The Darkweb

Question 1

Traffic Analysis

Answer 1

A method of identifying locations and identities of traffic sources of interest.

Question 2

Tor Network

Answer 2

A secure network which utilises strong encryption to exchange important information. It is accessed through the Tor browser, which then transports data through thousands of node machines in a circular path known as a circuit. Before data exchange, the sender provides their public key in exchange for the public key of each node on the circuit. At each hop, the destination node encrypts a combination of a session key and its public key using the senders public key. The sender can then decrypt this using their private key to obtain every public and session key in the circuit. Now sending actual data, each node stores the address of the node before it, uses its private key to decrypt and obtain the next node, then forwards it to this address. For the reply, symmetric encryption is used at each hop using the session keys priorly encrypted at each node.

Question 3

Directory Node (Tor)

Answer 3

A node which stores a list of all other nodes on the Tor network.

Question 4

Guard Node (Tor)

Answer 4

The first node accessed on the Tor network when requesting a site.

Question 5

Exit Node (Tor)

Answer 5

The last node accessed on the Tor network when requesting a site.

Question 6

Relay Node (Tor)

Answer 6

A node accessed on the Tor network when requesting a site.

Question 7

Onion Routing

Answer 7

The use of multiple layers of encryption containing more encrypted data within to transmit data.

Question 8

Surface Web

Answer 8

The fraction of the world wide web easily available to the public.

Question 9

Deep Web

Answer 9

The background data in the world wide web, often used by the surface web.

Question 10

Darknet

Answer 10

A section of the world wide web that cannot be accessed by web browsers. It functions via Tor and often facilitates malicious services.

Question 11

Hidden Services

Answer 11

A service accessed on the Darknet which provides secure online communication, malware and hacking information, databases of personal or sensitive information, and certain financial, musical, and news-based services.

Question 12

Onion Addresses

Answer 12

Addresses used to access a web page on the Onion browser.

Question 13

Darknet Marketplace

Answer 13

A virtual shop used for exchange of illegal or controversial services and items such as firearms, false identities, malware, and drugs. Exchanges utilise Bitcoin and Tor.

Question 14

Silk Road

Answer 14

A former successful Darknet marketplace with illustrated and categorised but often illegal products. It was taken down in 2013, and its creator Ulbricht was jailed.

Question 15

Deanonymisation

Answer 15

The use of methods to identify users and the location of services. In a Tor network, traffic analysis, perhaps using AI, can be used to achieve this, although the data being exchanged cannot be decrypted. Bitcoin users can also be deanonymized with immense difficulty using traffic analysis across a peer-to-peer network. Bitcoin researchers have created multiple new methods to prevent deanonymisation however, including single-use addresses, multi-signature Bitcoins, and bitcoin tumblers.

Question 16

Bitcoin Tumbler

Answer 16

A process where groups of Bitcoin transactions are mixed and redistributed amongst multiple users, so that no transaction can be linked to one user.

Question 17

Key Escrow

Answer 17

A process where buyers transfer funds through a trusted third party when purchasing encryption keys. Duplicate keys are created during this process for law enforcement agencies or governments.

Question 18

Key Recovery

Answer 18

The recovery of a key from a trusted third party.

Question 19

Skipjack

Answer 19

A symmetric encryption algorithm running on the Clipper Chip.

Question 20

Clipper Chip

Answer 20

A dedicated microprocessor in communications devices produced in the US. It was theoretically secure whilst allowing governments to access data when needed. It contains a unit key and family key. Flaws were found in LEAF hash collisions and a serious issue in Skipjack.

Question 21

Unit Key

Answer 21

An encryption key unique to each clipper chip. It is 80 bits long, and copies are held in key escrow with one half in the US Treasury and one half in the NIST.

Question 22

Family Key

Answer 22

An encryption key shared by each clipper chip.

Question 23

Sending Data using a Clipper Chip

Answer 23

First, clipper chips at both ends decide on a session key which is used to encrypt the message. The session key is then encrypted using the unit key, and combined with additional information including a hash, before it is re-encrypted with the family key. This produces a piece of ciphertext known as a LEAF. The LEAF and encrypted message are then sent to the intended recipient, who discards the LEAF and uses their session key to decrypt the message. If the government intercepts, they can use the family key followed by the unit key (once gathered by the NIST and treasury) to view sent data.

Question 24

LEAF

Answer 24

Law Enforcement Access Field - a piece of ciphertext created when sending data using a Clipper Chip.

Question 25

Crypto Wars

Answer 25

A term for the debate between whether or not strong encryption should be available to the public.

Question 26

End-to-End Encryption

Answer 26

A form of encryption applied by modern messaging systems where messages are hidden for the entirety of their journey. When an application is first used, two pairs of asymmetric keys are generated. Messages are encrypted and decrypted using the pair of 1280-bit keys and RSA, whilst they are authenticated using a second set of 256-bit elliptical curve signing keys - all four of which are stored on a key chain. Copies of the public keys are sent to Apple’s IDS server. When communication is initiated, a phone contacts the IDS and requests the public keys for the other phone, the stored on the senders chain. Each message is encrypted with AES and a 128-bit session key made from both public keys and random data. A then encrypts the session key with B’s public key and sends it to B. The message is signed with SHA-1 and and the elliptical curve key. A sends the message, encrypted session key, and digital signature to B via a server. Once the message is decrypted, the copy stored in the server is deleted.

Question 27

IDS Server

Answer 27

Identity Directory Server - a server that stores public keys along with a unique personal identifier, such as an email or phone number. It is used by Apple for IMessage.

Question 28

Backdoor (Cryptography)

Answer 28

A deliberate weakness in encrypted communication known only to law enforcement agencies.

Question 29

RIPA

Answer 29

Regulation of Investigatory Powers Act 2000 - a series of laws that allow the authorities to access plaintext data in an investigation. Section 49 states that certain permitted groups can force a person to provide encryption keys, Section 53 lists penalties for refusing to provide a key, and Section 54 states that when Section 49 is applied, communication should be kept secret.