The Onion Router

TOR Beginnings

As the Deep Web has a myriad of growing information, there would also be a growing number of users who frequent it. To do so, they would need to find a way to tap into the Deep Web without being identified. This is where TOR comes into play. TOR is an anonymity network designed to facilitate anonymous Internet communication, and was released to the public in 2004 (Abbott 2010).

 

Michael Reed, Pal Syverson and David Goldschlag from the Us Naval Research Laboratory was sponsored by the US Naval Office of Naval Research (ONR) in 1995 to continue on the work of David Chuam’s onion routing idea, and the project was funded by DARPA under the high confidence network program (Haraty & Zantout 2014). It is interesting to note that DARPA funded both the project for the Internet, as mentioned in the previous segment, and also the TOR project to maneuver through the Deep Web, as mentioned in an article by Haraty & Zantout :

 

To this date the onion router (TOR) and the onion routing project are funded by ONR and DARPA whereby it is still under development with probably one of the largest testing labs in the world, the Internet. TOR operates with almost 900 dedicated onion routers worldwide, generating and processing 960mb/sec of bidirectional data streams (2014).

 

Here’s an introduction video to TOR :

 

 

Onion Routing to TOR

TOR is a collection of onion routers with different functions and roles in a network during network communication, to protect the identity of the user and confidentiality of data, and also against eavesdropping and traffic analysis over the network and Internet.

However, achieving online anonymity is a problem, as attackers may watch for patterns in network traffic, with the worst case being able to control almost all of the servers to view traffic passing in, through, and out of the system.

TOR has chosen a pragmatic threat approach to this problem – it does not protect users from  traffic matching, instead, it protects the overall traffic of the routing system, so attackers will not be able to simply monitor a user and all exit nodes.

 

Location Hidden Services

TOR allows users to offer their services without exposing their IP address or physical location by making use of rendezvous points which serve as prearranged meeting points for service providers to meet up with service users.

Hidden Service Example

This is explained by Owen (2007) with this example :


When a service user (Alice) decides to connect to Bob’s service through whatever mechanisms he has employed to alert others to his service, Alice then looks up Bob’s service in the TOR lookup service. Alice the selects an Onion Router as her rendezvous point (RP), builds a circuit to this point, and then relays the details of the rendezvous point to Bob via one of his introduction points, including the first half of a Diffie-Hellman (DF) key exchange.

 

If Bob elects to respond to this request, he builds a circuit to Alice’s RP, completing the DH handshake via the exchange of a rendezvous cookie. The RP then associates its circuit with Alice to its circuit with Bob, and becomes a normal OR in an Alice to Bob circuit.
Alice is then free to send a relay begin cell across the circuit to Bob’s OP, which connects to Bob’s hidden server. Alice is now free to communicate across the circuit as a normal TOR circuit, without having any knowledge of where the hidden server is located.

This hidden service is useful is useful since censorship is widespread, and almost every developed nation employ a degree of blocking. Western nations are mostly going with either DNS poisoning or URL-specific blacklisting, while China have opted for IP-based firewalls. Tor was made to deal with these situations.

Leave a Reply

Your email address will not be published. Required fields are marked *