2. 2
Goals
Introduction
Overview of onion routing
Explanation of security goals
Description of network model &
assumptions
Discussion of adversary types
Comparison with Crowds
Tor
Future Works
3. 3
Why anonymous communication?
Public Networks are Vulnerable to
Traffic Analysis
Encryption does not hide routing
information.
The simple fact that two parties are
communicating can be used to link the two
parties.
4. 4
Who Needs Anonymity?
Political Dissidents, Whistleblowers
Censorship resistant publishers
Socially sensitive communicants
- Chat rooms and web forums
Law Enforcement:
− Anonymous tips or crime reporting
− Surveillance and honeypots
Corporations
5. 5
Onion routing
Onion routing - an application independent
infrastructure for private communication over a
public network.
Provides anonymous
connections that are
resistant to both traffic
analysis and evesdropping
7. 7
Onion routing connection phases
Connection Setup
Data Movement (Transmission)
Connection Termination (Teardown)
8. 8
Setup Phase
Connection initiator builds an onion
Layered cryptographic structure, specifying:
Path through network
Point-to-point symmetric encryption algorithms
Cryptographic keys
At each step
Router decrypts entire structure
Sets up encrypted channels to predecessor and
successor nodes
Forwards new onion on to successor
9. 9
Transmission Phase
When connection initiator wants to send data
Break data into uniform (128 bit) blocks
Encrypt each block once for each router in the
path
-Uses symmetric encryption here
Send data to first onion router
All onion routers connected by persistent TCP
thick pipes which add another layer of
encryption on top of all of this encryption!
12. 12
Connection Termination
By the initiator or the destination server
Since onion routers may fail, however,
any onion router involved in a
connection can cause that connection to
be terminated.
13. 13
3.Security Goals
The goal is to hide
Sender activity
Receiver activity
Sender content
Receiver content
Source-destination pairs
14. 14
4.Network Assumptions
1. Onion routers are all fully connected
2. Links are padded or bandwidth-limited
to a constant rate
3. Unrestricted exit policies
4. For each route, each hop is chosen at
random
5. Number of nodes in a route is chosen
at random
15. 15
5.Adversary Model
4 Types of adversaries
Observer
Disrupter
Hostile user
Compromised COR
Adversary
distributions
Single
Multiple
Roving (realistic)
Global
17. 17
Any compromised node on the path
compromises both receiver activity and
receiver content.
Request contents are exposed to
intermediate nodes as decryption keys
are available to all the participants
Limitations of crowds
18. 18
7. Tor
- The Onion Routing
Tor is the most advanced implementation
of Onion Routing in use today
Provides perfect forward secrecy
Tor uses Diffie-Hellman key exchange
19. 19
Tor provides Directory Servers
- protection against compromised nodes
Uses Leaky –pipe circuit topology
Currently 60+ Tor nodes online
20. 20
8.Conclusions and
future work
No router will ever know the full path
that is traveled by the onion.
So the communication is completely
anonymous.
21. 21
Future improvements
Adding a time delay to traffic at proxy could
complicate timing attacks against the local –
COR configuration to determine the first
COR.
Using partial route padding on individual
connections besides link padding.
Hopping short lived OR connections for
long lived application connections.
22. 22
The second generation Onion
Routing design generally resists
traffic analysis more effectively than
any other published and deployed
mechanisms for Internet
communication .
23. 23
References
The Onion Routing Home Page. http://www.onion-router.net/
https://torproject.org/
Paul Syverson _ Gene Tsudiky,Michael Reed _ Carl Landwehr,
Towards analysis of onion routing security -2000
D. Goldschlag, M. Reed, P. Syverson. “Onion Routing for
Anonymous and Private Internet Connections," Communications
of the ACM, vol. 42, num. 2, February 1999
D. Goldschlag, M. Reed, P. Syverson. “Hiding Routing
Information, in Information Hiding, R. Anderson, ed., LNCS vol.
1174, Springer-Verlag, 1996, pp. 137–150.