traffic analysis resistant infrastructure
for anonymous communication over a
public network. Onion routing operates by dynamically building anonymous persistent connections, called
“circuits,” over a network of real-time
THE TOR NE T WORK
The onion routing system with the largest user base is the onion router (Tor),
currently working over generation two
onion routing. It is available to the public under a free/libre software license.
The Tor network consists of several
thousands volunteer-operated nodes
(tor relays), which process network traffic from millions of users worldwide. If
you are interested in finding statistics
on Tor relays and users, the Tor Metrics
site ( https://metrics.torproject.org/)
will surely be interesting to explore.
Tor’s improvements over its predecessors (generations 0 and 1) include a
number of design and protocol changes such as perfect forward secrecy,
leaky-pipe circuit topology, congestion control support, directory servers,
variable exit (relay) policies, end-to-end
integrity checking, rendezvous points,
and onion (hidden) services.
Tor is a distributed low-latency anonymity network for basically all kinds
of TCP-based applications such as web
browsing, email communication, secure shell, instant messaging, and chat
services. Clients choose a path through
the network and build a circuit, for
which each node (relay or onion router)
in the path knows its predecessor and
successor, but no other nodes in the
circuit. Traffic flowing down the circuit is sent in fixed-size cells, which are
unwrapped by a symmetric key at each
node (like the layers of an onion) and
relayed downstream. Each node maintains a TLS-encrypted (transport layer
security) connection to ever y other node
and each client fetches the consensus
in order to establish and build circuits
through relays across the network (one
hop at a time). Clients negotiate a separate set of encryption keys for each hop
along the circuit to ensure each node
cannot trace these connections as they
pass through. Upon an established circuit relays can handle connections and
exchange data from user applications.
its contents. Evelyn cannot be coerced
into disclosing the recipient either, because she only knows she has a message
to give to David. David only knows he got
a message to be passed on. Only Alice
knows she was the original sender, and
only Bob knows the message is truly for
him. Given enough activity on the network, each of them will be sending and
receiving envelopes, passing some of
them on, probably waiting before doing
so, and keeping only those envelopes addressed to them.
Mail communication is rarely time-sensitive; mix networks are slow, by design. A hostile observer will only know
envelope exchanges happened here and
there, but will not be able to trace a given
package unless they have full surveillance of a sizeable amount of the participating nodes. Slowness is thus a feature,
not a bug: It makes time-based correlation attacks much harder to perform.
DON’ T DELAY MY PACKETS!
ONION ROUTING TO THE RESCUE
Now, think about the usage patterns
you need to implement your day-to-day
Internet browsing. TCP/IP networks are
packet-based, this means, every time you
request a file from a server, it is split into
hundreds or thousands of little packets, each of which struggles to find the
best route to you. It makes sense in an
ever-changing network. But just getting
a single mid-sized file could be nerve-wrecking in a pure mix network: With
random delays introduced by design,
latency would be too big for most uses,
and memory requirements on all nodes
(as communication streams have to be
reassembled to be further processed)
would be prohibitive. Think about any
media-rich interactive website, the model is clearly not well fit for the task.
That is where “onion routing”
comes into play. It is a general purpose,
Figure 1. Message flow within a mix network.
Alice (A) wants to communicate anonymously with Bob (B), so she puts her message inside a
message encrypted to Carol (C), which is then put in a message encrypted to David (D), and finally
in a message encrypted to Evelyn (E). Alice sends her message to Evelyn only. In a large enough
network, with enough traffic to make observation and correlation hard, this will ensure no external
observers infer she has sent anything to Bob.