Mar 17, 2019

How Onion Routing Keeps You Anonymous


How Onion Routing Keeps You Anonymous

This document details the of technique for anonymous communication over a computer network, using the Onion Routing Protocol. 

Why is Anonymity?

  • You are anonymous over a network if your location and usage data is hidden from anyone conducting network surveillance or traffic analysis.
  • How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on.
  • Below is a depiction on an IP packet

Contents of an IP packet
IP Packet

TOR the solution to anonymity problem

  • The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet.
  • Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy.
  •  Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content.
  • Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features.

How TOR Works

  • TOR bounces your connection on Onion Routers Or Relay Servers inside the TOR Network
  • Traffic is routed by TOR network, instead of regular ISP.
  • No one in the network knows anything about the whole connection, only knows To & From.
  • But still we can do backtracking, and find out the message source and destination.
  • So TOR tries to confuse people with multiple encryption layers.
  • So on bounce a layer of encryption is added to your message/request.

Display how connection is bounced in a tor network
TOR relay servers

Key Exchange

  • First we will do key exchange with each of the relay servers, and add 3 layers of encryption on our request.
  • When Entry guard server receives the request, it peels its layer of encryption and forwards the request to the Middle Relay server.
  • The Middle Server with again peel its encryption layer and still find the message gibberish, cause the request still has one layer of encryption left. So it will forward the request to the last Exit Relay server.
  •  Now the Exit server will decrypt its final encryption layer, and for the request to the actual destination server
  • Similarly after once the response is ready to be sent, all the layers of encryption will be added back on as it is sent back.
  • Finally the response arrives at our end with 3 layer encryption, but since we already have the 3 keys, we will able to see the response.

Key Exchange to add layered Security, like an onion.
Modern Key Exchange

Trade-off of using Tor

  • Slow connections, relay routers serving lot of requests and in different regions.
  • Can be snooped in by sniffing exit and the entry node, and analyzing the timing.
  • Above problem can be solved by using Tor hidden service.
  • Example onion address of the hidden service http://3g2upl4pq6kufc4m.onion/
  • You cannot directly know these onion address of the hidden services, only if you have contacts or if you receive a mail from somebody, or somebody told you about it offline you can know about it.

What can you do on Dark web?

  • Hold Bitcoins Anonymously
  • Leak Information anonymously
  • Are you sitting on a great story? Do you need to share it anonymously with the team from The Intercept?
  • Hidden Wiki

However, diagrams need to follow the BC2.0 brand guidelines, which Revanth is finalizing. For now, you can have non brand-compliant diagrams.

Can You be part of Tor Network?

Yes by running a Relay Server. Why?

  • Faster(and therefore more usable)
  • More robust against attacks
  • More stable in case of outages
  • Safer for its users
  • Spying on more relays is harder than on a few

Can EFF promise that I won't get in trouble for running a Tor relay?

No.
TOR cannot guarantee that you will never face any legal liability as a result of running a Tor relay.
However, EFF believes so strongly that those running Tor relays shouldn't be liable for traffic that passes through the relay that we're running our own middle relay.
* EFF:  Electronic Frontier Foundation, tor financial sponsors

References

Rakesh Kumar

Security