Or using a BeagleBone Black as a secure Tor gateway for your computer.

Lately there has been significant media coverage of the Kickstarter project Anonabox having their funding pulled. The goal of anonabox was to build an inexpensive piece of hardware that would allow users to easily connect to the internet through Tor (it would allow them to access the Tor network as well). Users could connect wearilessly or wired which would likely allow the use of almost any internet enabled device.

Tor

According to the Arstechnica article linked above, the project was pulled after "many Kickstarter commenters pointed out notable flaws in the project, including the fact that Germar claimed to have made the hardware on his own."

If you are not familiar with Tor already, please spend a few moments learning about it. It will help you understand who uses Tor and why it is an important tool to have available.

Doomed to Fail

I personally believe that Anonabox project had many flaws. Here are two main issues with the idea and implementation.

1. Wireless access. Wireless is inherently not secure and should not be used for any sensitive information. It could also allow a malicious attacker to connect to your access point and use that to identify what you are doing on Tor. However, Anonabox does offer a wired option that you can use instead.

2. Accessing the device with your phone or tablet. While accessing the internet through Tor does assist in anonymizing who you are, that can easily be given away by what you do. If you check your email, log into a forum or website, submit a form with identifying text, or connect to your cloud storage to retrieve a file, then you have just given away your identity to whoever is running the Tor exit proxy you are using. This issue is exacerbated when you are using a tablet or phone since they have many background applications that are continuously attempting to reach online services with credentials tied to you. Not to mention the phone itself is registered to you, paid for by you, etc. There are applications such as Orbot that can allow specific applications (or the whole phone) to access the Tor network and this is a much better method in my opinion. If you are able to obtain a mobile device, pay the monthly fee, install applications and avoid identifying yourself, then why would you need Anonabox anyway?

Best Practices

The user (you) has to take everything into account in order to use Tor to its full potential. Thankfully there are projects out there that make this much easier by taking the burden off the user and allowing for some mistakes. I believe that Anonabox was attempting to be this type of project. Below are two projects worth learning about.

TAILS - This is an operating system that you can boot from CD or USB storage. Tails allows the user to use Tor on most any machine and does not leave a trace on the local system.

WHONIX - This is a pair of virtual machine images. One virtual machine connects to the internet and Tor, the other VM connects to the first VM and is only allowed access to Tor (not the internet). This prevents something like a malicious PDF from identifying who you are when it attempts to reach the internet. This is what we are trying to emulate.

Other - There are other project worth mentioning. You can find a great list here.

BeagleBone Black

The BeagleBone Black is a small 1GHZ ARM-based computer for hobbyists and tinkers. The current revision has 4GB of onboard flash storage, a microsd card slot, and 512MB DDR3 RAM among many other features. It is the size of a credit card and packs a punch while maintain a very reasonable price point. It is similar to the popular Raspberry Pi but better for this application.

BeagleBone Black

One of the interesting things about the BeagleBone Black (BBB) is that it has a mini-usb port that, when plugged into a computer, it can; provide power to the unit, show up as removable storage on the host computer, and it can be an Ethernet adapter, all at the same time. The BBB is even a dhcp server for the Ethernet network that it sets up.

Why the BBB and not the Raspberry Pi?

The BBB has several advantages for this application. It has a faster processor, it uses an ARM 8 processor which is officially supported by Debian (The RPi has to use Rasbian), and is generally faster due to the DDR3 ram and onboard SSD.

Goal

The goal of this project is to create a device that allows a computer to connect to Tor without being able to connect to the internet. This should also be relatively simple to setup and use. This is not as simple as using the Tor Browser but it is capable of being more fault tolerant and secure.

Setup

The BBB is currently on revision C. The main difference between it and my revision B board is that the C has 4GB onboard storage where my B has only 2GB and that it is running Debian instead of Angstrom linux.

Updating the OS and Software

The first step is to update the operating system on your device. I also wanted to run Debian instead of Angstrom but you won't have to worry about that if you have a newer board. You can obtain the latest image from this page. There are also wiki links there that will instruct you on loading the images (and are much more likely to be up to date than anything I write here).

After you plug your BBB into your desktop, you can find the Ethernet drivers in the BeagleBone Getting Started removable drive that it shows up as and inside the Drivers folder. After the driver is installed you can access your BBB via ssh root@192.168.7.2 with no password.

Use the following command to setup a password.

> passwd

Next, make sure to update and upgrade everything. This command should do that but note that it may take a while to run depending on your internet connection and what needs to be updated. I recommend running all of the following commands from another machine via ssh access. Be sure to connect the BBB with an Ethernet cable so that it has internet access.

> apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

Removing Unnecessary Software

This is entirely optional but I do recommend removing the following software if you plan on dedicating the BBB to being a Tor gateway. These packages are unnecessary for our purpose and will only take up space and use resources. Note that this will also remove the GUI desktop from your BBB so you will only be able to interface with it via command line or ssh. Feel free to exclude any of the below packages.

> apt-get remove apache2 desktop-base lxde-common lxde-core openbox nodejs xscreensaver xchat xrdp x11-common tightvncserver

Now lets clean up the unused packages and temporary items.

> apt-get autoremove
> apt-get purge
> apt-get autoclean

You should now have a password protected BBB with minimal installed packages. There certainly is more that you can do to lock down your BBB but this is all that is needed to get it up and running.

Installing Tor and Arm

Installing Tor couldn't be simpler. Arm is a utility that will allow us to monitor Tor on the BBB from a ssh interface.

> apt-get install tor tor-arm -y

Tor is now installed and will automatically start when the BBB starts up. We need to configure it to allow access to Tor from the usb Ethernet interface. I will use the text editor nano which is already on the BBB.

> nano /etc/tor/torrc

Update the file by making making the following changes, or adding the following to the bottom of the file. When you are done use Ctrl + O to save and Ctrl + x to exit.

> SocksPort 192.168.7.2:9050
> 
> ControlPort 9051
> 
> CookieAuthentication 1
> 
> DisableDebuggerAttachment 0

Now restart the tor service.

> service tor restart

You should get an "[ ok ]" if you edited the file correctly.

Now we can run arm to monitor and control the Tor service.

> arm

You will be presented with a screen that shows the current download and upload bandwidth as well as command options to control tor such as pressing 'n' to get a new identity. We are done setting up your BBB but don't close this screen just yet.

Configuring the Browser

I recommend using Firefox but you can use any browser you wish. You can also use a portable version of Firefox so that no configuration changes have to be made when switching from Tor usage and regular clearnet usage. The neat thing about this is that you can install portable Firefox on the removable storage portion of the BBB! Just be sure to leave the existing drivers folder.

Navigate to Menu > Options > Advanced Tab > Network Tab and click the Settings button in the Connection section.

Now set a manually proxy configuration. Set SOCKS Host to 192.168.7.2 with Port 9050. SOCKS v5 should already be selected and check Remote DNS if it is not already. Feel free to reference the image below.

Connection Settings

Click OK and you are ready to navigate over to. I recommend install some plug-ins for this browser but it is not necessary. NoScript, Adblock Edge and FoxyProxy are excellent plug-ins for Firefox (at the time of this writing).

Some projects such as the Anonabox or OnionPi don't require you to set up the proxy settings. However, using it as a proxy limits what applications even try to use it, maximizing the available bandwidth. Also by using a portable browser that is located on the BBB itself means no configuration changes from machine to machine.

Verify your public IP

Navigate to your favorite ip site or use http://www.ipchicken.com/ to tell you your current public ip address. Now open the window with your ssh session to the BBB unit and press 'n' to get a new identity. Once the countdown is complete (top right) you will have a new identity. Refresh the webpage to see your new public ip address.

Testing

With this setup I was able to achieve over 7Mb/sec download and 250Kb/sec upload while only utilizing 40% cpu on the BBB. Higher throughput is possible, These results were limited by the nodes that I was using on the Tor network. I connected my BBB to the internet with its ethernet cable and connected my laptop to the BBB with usb. I tested and was completely unable to access the internet (Without going through the proxy).

Tor arm download bandwidth on a revision B BeagleBone Black.

Tor arm upload bandwidth on a revision B BeagleBone Black.

Since the BBB has so many IO ports, now it is time to add screens and LED's showing the current usage and status among other things. You can use a USB wireless adapter to connect the BBB to an access point or use a USB to ethernet adapter for another interface. This platform offers tremendous growth potential.

Volunteering to help with Tor

Tor is only possible because of all of the volunteers that donate bandwidth, money, and other resources to the project. Please consider setting up your own Tor Relay, Bridge Relay, or Exit Node.

Comments