How Tor Improved the Onion Routing Design

1
Onion Routing uses a flexible communications infrastructure that prevents traffic from being analyzed and eavesdropping from occurring. The way it works is by separating routing from identification techniques. In other words, any identifying information is removed from the data stream (Syverson, 2005).
The structure is created by wrapping a plaintext message in layers of encryption. Just as an onion has layers that peel away, this wrapping is successively pealed away as the wrapped message is passed through from one router to the next. The message is viewable only by the sender and the recipient and perhaps even the last node, unless end-to-end encryption is used (Joshi, 2012).
For example, in a packet switched network, packets use a header for routing and the payload confers the data. The header is visible to the network and anyone watching the network; it tells where the packet originated and where it is going. Encryption and obscuration do not prevent identification.
Onion Routing allows for anonymity by using socket connections, which are placed below the application layer and depend upon the application. Proxies are use to make the data stream anonymous. For example, an application will establish a socket connection to an Onion Routing Proxy. The proxy then links anonymously to its destination via other Onion Routers.
2
An Onion Routing network is resistant to both network eavesdropping and traffic analysis because it blocks the normal identifying characteristics of packet data within the public network using layers of protection. As the data moves through the network via socket connections, one layer of encryption is removed at each Onion Router. As each layer is removed, the data has a different appearance for anyone watching; it would be like someone following a suspect who keeps changing his appearance at every depot station: he is impossible to track unless one knows in advance what the suspect will be changing into. Since only the suspect knows that, the tail cannot possibly follow. In the Onion Routing network, anonymity is preserved in the same way. Eavesdropping is prevented due to the encryption that takes place between Onion Routers. Thus, even if one router is compromised, eavesdropping is still not likely. Only if every router on the path is compromised will data be possibly tracked, and the likelihood of such occurring is very low.
Each router is only able to know the identity of the adjacent router along the connection route. Data is encrypted in layers along the way so that at each router, one layer is removed. Since data appears differently at each Onion Router along the way, the information cannot be tracked. All information about the connection is cleared from each Onion Router when the connection is ended. Thus, anonymity is preserved over a public network.
However, a local eavesdropper could see that someone has sent or received a message—but the local eavesdropper won’t be able to determine the identities of both the sender or the receiver: only one or the other (Joshi, 2012).
3
Tor is a “circuit-based low-latency anonymous communication service” that is a second-generation Onion Routing system, which adds perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services through the use of rendezvous points to the original Onion Routing design (Dingledine, Mathewson, Syverson, 2004).
Tor is designed to frustrate attackers from linking communication partners or from linking several communications from or to a single entity. Its overlay network allows each Onion Router to operate as a normal user-level process. An onion proxy software is used locally so that each local user can obtain directories, establish circuits across the network and process connections from other users. The proxies relay data one to another. Each router uses a long-term and a short-term key that signs directories and perform decryption (Dingledine, Mathewson, Syverson, 2004).
4
Onion Routing is designed to make web browsing anonymous. A circuit is built around nodes in a path, so that every node or routing point in the circuit knows the node from which information is received and the node to which information is sent, but that is all. The original sender and the final recipient are not known to the individual nodes or routing points. Traffic is sent in cells that are fixed in size. These cells are unwrapped at each node—each node taking off one layer of wrapping. The circuit is constructed so that there is one layer of wrapping for as many nodes as are used in the circuit.
The improvements that Tor made over Onion Routing were several. For instance, in the original Onion Routing model, one node could be used to harm others by recording traffic and then compromising the following nodes in the circuit by forcing them to decrypt the plaintext message. Instead of utilizing the onion encryption data structure, Tor uses a telescoping path-building model, so that the original sender performs a negotiation with session keys at each successive stop in the circuit. As these keys are deleted, later nodes that are corrupted are unable to decrypt old traffic.
Another way in which Tor has improved on the old Onion Routing design is through the separation of protocol cleaning and anonymity. In the original Onion Routing design, a distinct application proxy was required for every application protocol. Tor changed this by using the SOCKS proxy interface, which allows the software to utilize “filtering features of privacy-enhancing application-level proxies” (Dingledine, Mathewson, Syverson, 2004, p. 1).
Tor improved the Onion Routing design in another way by controlling for congestion. The early Onion model did not have a way to solve high traffic issues. The common approach to solving congestion is for nodes to communicate via macro views of traffic. To keep nodes from not knowing the traffic but to solve congestion, Tor implemented an end-to-end encryption, which permits nodes at the ends of the network to see where congestion is and wait until congestion dies down before sending more data. Also by using directory servers, variable exit policies and end-to-end integrity checking, Tor has been able to improve the original Onion design as well (Dingledine, Mathewson, Syverson, 2004, p. 2).
References
Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation
onion router. Naval Research Lab Washington DC.
Joshi, P. (2012). Onion routing. Retrieved from
https://prateekvjoshi.com/2012/11/27/onion-routing/
Syverson, P. (2005). Onion routing. Retrieved from
https://www.onion-router.net/Summary.html