Editing Onion routing

{{short description|Technique for anonymous communication over a computer network}}
{{Update|date=March 2017 | inaccurate=yes}}

[[File:Onion diagram.svg|thumb|upright=1.35|In this example onion, the source of the data sends the onion to Router A, which removes a layer of encryption to learn only where to send it next and where it came from (though it does not know if the sender is the origin or just another node). Router A sends it to Router B, which decrypts another layer to learn its next destination. Router B sends it to Router C, which removes the final layer of encryption and transmits the original message to its destination.]]
'''Onion routing''' is a technique for [[anonymity|anonymous]] communication over a [[computer network]]. In an '''onion network''', messages are encapsulated in layers of [[encryption]], analogous to the layers of an [[onion]]. The [[Encryption|encrypted]] data is transmitted through a series of [[network nodes]] called "'''onion routers'''," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.<ref>Goldschlag D., Reed M., Syverson P. (1999.) [http://www.onion-router.net/Publications/CACM-1999.pdf Onion Routing for Anonymous and Private Internet Connections], Onion Router.</ref> While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.<ref name=":0">{{cite book|last1=Soltani|first1=Ramin|last2=Goeckel|first2=Dennis|last3=Towsley|first3=Don|last4=Houmansadr|first4=Amir|date=2017-11-27|chapter=Towards Provably Invisible Network Flow Fingerprints|arxiv=1711.10079|doi=10.1109/ACSSC.2017.8335179|title=2017 51st Asilomar Conference on Signals, Systems, and Computers|pages=258–262|isbn=978-1-5386-1823-3|s2cid=4943955}}</ref>

== History ==
Onion routing was developed in the mid-1990s at the [[U.S. Naval Research Laboratory]] by employees [[Paul Syverson]], Michael G. Reed, and David Goldschlag<ref>Reed M. G., Syverson P. F., Goldschlag D. M. (1998) "Anonymous connections and onion routing", IEEE Journal on Selected Areas in Communications, 16(4):482–494.</ref><ref name=patent>{{cite patent|country = US|number = 6266704 | status = patent | title = Onion routing network for securely moving data through communication networks | fdate = 1998-05-29 | inventor =Reed; Michael G. (Bethesda, MD), Syverson; Paul F. (Silver Spring, MD), Goldschlag; David M. (Silver Spring, MD) | assign1 = The United States of America as represented by the Secretary of the Navy (Washington, DC)}}</ref> to protect U.S. [[United States Intelligence Community|intelligence]] communications online.<ref name="pando">{{Cite news|url = http://pando.com/2014/07/16/tor-spooks/|title = Almost everyone involved in developing Tor was (or is) funded by the US government|last = Levine|first = Yasha|date = 16 July 2014|work = Pando Daily|access-date = 30 August 2014}}</ref> It was then refined by the [[Defense Advanced Research Projects Agency]] (DARPA) and patented by the Navy in 1998.<ref name=patent/><ref>{{cite book|first1 = Joseph Babatunde|last1 = Fagoyinbo|title = The Armed Forces: Instrument of Peace, Strength, Development and Prosperity|url = https://books.google.com/books?id=qM0uxPH8RasC&q=The+Armed+Forces%3A+Instrument+of+Peace%2C+Strength%2C+Development+and+Prosperity|publisher = AuthorHouse|date = 2013-05-24|isbn = 9781477226476|access-date = August 29, 2014}}</ref><ref>{{cite book|first1 = David|last1 = Leigh|first2 = Luke|last2 = Harding|title = WikiLeaks: Inside Julian Assange's War on Secrecy|url = https://books.google.com/books?id=qGLjvFNuaM4C&q=WikiLeaks%3A+Inside+Julian+Assange%27s+War+on+Secrecy|publisher = PublicAffairs|date = 2011-02-08|isbn = 978-1610390620|access-date = August 29, 2014}}</ref>

This method was publicly released by the same employees through publishing an article in the IEEE Journal on Selected Areas in Communications the same year. It depicted the use of the method to protect the user from the network and outside observers who eavesdrop and conduct traffic analysis attacks. The most important part of this research is the configurations and applications of onion routing on the existing e-services, such as [[Virtual private network]], [[Web-browsing]], [[Email]], [[Remote login]], and [[Electronic cash]].<ref>{{Cite journal|last1=Reed|first1=M. G.|last2=Syverson|first2=P. F.|last3=Goldschlag|first3=D. M.|date=May 1998|title=Anonymous connections and onion routing|url=https://ieeexplore.ieee.org/document/668972|journal=IEEE Journal on Selected Areas in Communications|volume=16|issue=4|pages=482–494|doi=10.1109/49.668972|issn=1558-0008}}</ref>

Based on the existing onion routing technology, computer scientists [[Roger Dingledine]] and [[Nick Mathewson]] joined [[Paul Syverson]] in 2002 to develop what has become the largest and best-known implementation of onion routing, then called The Onion Routing project ([[Tor (network)|Tor]] project).

After the Naval Research Laboratory released the code for Tor under a [[free license]],<ref name="pando" /><ref name="prealpha">{{cite mailing list |url=http://archives.seul.org/or/dev/Sep-2002/msg00019.html |title=pre-alpha: run an onion proxy now! |last=Dingledine |first=Roger |mailing-list=or-dev |date=20 September 2002 |access-date=17 July 2008 }}</ref><ref name="torproject-faq">{{cite web |url=https://www.torproject.org/docs/faq#WhyCalledTor |title=Tor FAQ: Why is it called Tor? |website=Tor Project |access-date=1 July 2011}}</ref> Dingledine, Mathewson and five others founded The Tor Project as a [[501(c)(3)|non-profit organization]] in 2006, with the [[fiscal sponsorship|financial support]] of the [[Electronic Frontier Foundation]] and several other organizations.<ref name="torproject-sponsors">{{cite web |url=https://www.torproject.org/about/sponsors.html.en |title=Tor: Sponsors |website=Tor Project |access-date=11 December 2010}}</ref><ref name="wp-attacks-prompt">{{cite news |url=http://voices.washingtonpost.com/securityfix/2007/08/attacks_prompt_update_for_tor.html |archive-url=https://web.archive.org/web/20110427104755/http://voices.washingtonpost.com/securityfix/2007/08/attacks_prompt_update_for_tor.html |url-status=dead |archive-date=April 27, 2011 |title=Attacks Prompt Update for 'Tor' Anonymity Network |first=Brian |last=Krebs |newspaper=[[Washington Post]] |date=8 August 2007 |access-date=27 October 2007}}</ref>

== Data ==

[[File:Tor Circuit Diagram.svg|thumb|alt=A client, represented as a phone, sending traffic to an onion labelled "Guard" with four nested lines, then going to a "Middle" onion with three nested lines, then going to an "Exit" onion with two nested lines, and finally going to the Server with one line.|A diagram of an onion routed connection, using [[Tor (network)|Tor]]'s terminology of guard, middle, and exit relays.]]

Metaphorically, an onion is the data structure formed by "wrapping" a message with successive layers of encryption to be decrypted ("peeled" or "unwrapped") by as many intermediary computers as there are layers before arriving at its destination. The original message remains hidden as it is transferred from one node to the next, and no intermediary knows both the origin and final destination of the data, allowing the sender to remain anonymous.<ref name=tor-design>{{cite web|title=Tor: The Second-Generation Onion Router |url=http://www.onion-router.net/Publications/tor-design.pdf |author=Roger Dingledine |author2=Nick Mathewson |author3=Paul Syverson  |access-date=26 February 2011}}</ref>

=== Onion creation and transmission ===

To create and transmit an onion, the originator selects a set of nodes from a list provided by a "directory node". The chosen nodes are arranged into a path, called a "chain" or "circuit", through which the message will be transmitted. To preserve the anonymity of the sender, no node in the circuit is able to tell whether the node before it is the originator or another intermediary like itself. Likewise, no node in the circuit is able to tell how many other nodes are in the circuit and only the final node, the "exit node", is able to determine its own location in the chain.<ref name=tor-design/>

Using asymmetric key cryptography, the originator obtains a [[public key]] from the directory node to send an encrypted message to the first ("entry") node, establishing a connection and a [[shared secret]] ("session key"). Using the established encrypted link to the entry node, the originator can then relay a message through the first node to a second node in the chain using encryption that only the second node, and not the first, can decrypt. When the second node receives the message, it establishes a connection with the first node. While this extends the encrypted link from the originator, the second node cannot determine whether the first node is the originator or just another node in the circuit. The originator can then send a message through the first and second nodes to a third node, encrypted such that only the third node is able to decrypt it. The third, as with the second, becomes linked to the originator but connects only with the second. This process can be repeated to build larger and larger chains but is typically limited to preserve performance.<ref name=tor-design/>

When the chain is complete, the originator can send data over the Internet anonymously. When the final recipient of the data sends data back, the intermediary nodes maintain the same link back to the originator, with data again layered, but in reverse such that the final node this time adds the first layer of encryption and the first node adds the last layer of encryption before sending the data, for example a web page, to the originator, who is able to decrypt all layers.<ref name=tor-design/>

== Weaknesses ==
{{see also|Tor (network)#Weaknesses}}

=== Timing analysis ===
{{see also|Traffic analysis}}
One of the reasons why the typical Internet connections are not considered anonymous is the ability of [[Internet service provider]]s to trace and log connections between computers. For example, when a person accesses a particular website, the data itself may be secured through a connection like [[HTTPS]] such that the user's password, emails, or other content is not visible to an outside party, but there is a record of the connection itself, what time it occurred, and the amount of data transferred. Onion routing creates and obscures a path between two computers such that there is no discernible connection directly from a person to a website, but there still exist records of connections between computers. Traffic analysis searches those records of connections made by a potential originator and tries to match the timing and data transfers to connections made to a potential recipient. If an attacker has compromised both ends of a route, a sender may be seen to have transferred an amount of data to an unknown computer a specified amount of seconds before a different unknown computer transferred data of the same exact size to a particular destination.<ref>{{Cite book |last=Shmatikov |first=Wang |author2=Ming-Hsiu Vitaly |title=Computer Security – ESORICS 2006 |chapter=Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses |journal=Proceedings of the 11th European Conference on Research in Computer Security |volume=4189 |year=2006 |series=ESORICS'06 |pages=18–33 |doi=10.1007/11863908_2 |isbn=978-3-540-44601-9 |citeseerx=10.1.1.64.8818 }}</ref><ref name="Dingledine">{{cite web|url=https://svn.torproject.org/svn/projects/design-paper/tor-design.html|title=Tor: The Second-Generation Onion Router|last1=Dingledine|first1=Roger|last2=Mathewson|first2=Nick|publisher=USENIX Association|language=en-US|location=San Diego, CA|date=August 2004|access-date=24 October 2012|last3=Syverson|first3=Paul}}</ref> Factors that may facilitate traffic analysis include nodes failing or leaving the network<ref name="Dingledine"/> and a compromised node keeping track of a session as it occurs when chains are periodically rebuilt.<ref>{{Cite journal | last1 = Wright | first1 = Matthew. K. | last2 = Adler | first2 = Micah | last3 = Levine | first3 = Brian Neil | last4 = Shields | first4 = Clay | title = The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems | doi = 10.1145/1042031.1042032 | journal = ACM Transactions on Information and System Security | volume = 7 | issue = 4 | pages = 489–522 | date = November 2004 | s2cid = 7711031 | url = https://gnunet.org/sites/default/files/Wright-2004.pdf | access-date = 2012-07-04 | archive-url = https://web.archive.org/web/20160304185948/https://gnunet.org/sites/default/files/Wright-2004.pdf | archive-date = 2016-03-04 | url-status = dead }}</ref>

[[Garlic routing]] is a variant of onion routing associated with the [[I2P]] network that encrypts multiple messages together, which both increases the speed of data transfer and makes it more difficult<ref>{{Cite web|url=http://privacy-pc.com/articles/common-darknet-weaknesses-2-tor-and-i2p.html|title=Common Darknet Weaknesses: An Overview of Attack Strategies|date=27 January 2014}}</ref> for attackers to perform traffic analysis.<ref>{{cite journal|last1=Zantour|first1=Bassam|last2=Haraty|first2=Ramzi A.|title=I2P Data Communication System|journal=Proceedings of ICN 2011: The Tenth International Conference on Networks|date=2011|pages=401–409}}</ref>

===Exit node vulnerability===
Although the message being sent is transmitted inside several layers of encryption, the job of the exit node, as the final node in the chain, is to decrypt the final layer and deliver the message to the recipient. A compromised exit node is thus able to acquire the raw data being transmitted, potentially including passwords, private messages, bank account numbers, and other forms of personal information. Dan Egerstad, a Swedish researcher, used such an attack to collect the passwords of over 100 email accounts related to foreign embassies.<ref>{{cite web |last=Bangeman |first=Eric |url=https://arstechnica.com/news.ars/post/20070830-security-researcher-stumbles-across-embassy-e-mail-log-ins.html |title=Security researcher stumbles across embassy e-mail log-ins |publisher=[[Ars Technica]] |date=2007-08-30 |access-date=2010-03-17}}</ref>

Exit node vulnerabilities are similar to those on unsecured wireless networks, where the data being transmitted by a user on the network may be intercepted by another user or by the router operator. Both issues are solved by using a secure end-to-end connection like [[Transport Layer Security|SSL/TLS]] or [[secure HTTP]] (S-HTTP). If there is [[end-to-end encryption]] between the sender and the recipient, and the sender isn't lured into trusting a false SSL certificate offered by the exit node, then not even the last intermediary can view the original message.

== See also ==
{{div col|colwidth=20em}}
* [[Anonymous remailer]]
* [[Bitblinder]]
* [[Chaum mixes]]
* [[Cryptography]]
* [[Degree of anonymity]]
* [[Diffie–Hellman key exchange]]
* [[Java Anon Proxy]]
* [[Key-based routing]]
* [[Matryoshka doll]]
* [[Mix network]]
* [[Mixmaster anonymous remailer]]
* [[Public-key cryptography]]
* [[Proxy server]]
* [[Tox (protocol)|Tox]] – implements onion routing
* [[Tribler]] – implements onion routing
{{div col end}}

== References ==
{{reflist|30em}}

== External links ==
* [http://www.onion-router.net Onion-Router.net] – site formerly hosted at the Center for High Assurance Computer Systems of the [[U.S. Naval Research Laboratory]]
* {{cite book |last1=Syverson |first1=P.F. |last2=Goldschlag |first2=D.M. |last3=Reed |first3=M.G. |chapter=Anonymous connections and onion routing |chapter-url=https://apps.dtic.mil/sti/pdfs/ADA465126.pdf |title=Proceedings. 1997 IEEE Symposium on Security and Privacy |date=1997 |isbn=0-8186-7828-3 |pages=44–54 |doi=10.1109/SECPRI.1997.601314|s2cid=1793921 }}
{{Tor (anonymity network)}}

{{DEFAULTSORT:Onion Routing}}
[[Category:Routing]]
[[Category:Computer-related introductions in 1998]]
[[Category:Network architecture]]
[[Category:Cryptographic protocols]]
[[Category:Onion routing]]
[[Category:Key-based routing]]
[[Category:Anonymity networks]]