04-05-2011, 03:01 PM
Abstract
Onion Routing is an infrastructure for private com-
munication over a public network. It provides anony-
mous connections that are strongly resistant to both
eavesdropping and tra_c analysis. Onion routing's
anonymous connections are bidirectional and near real-
time, and can be used anywhere a socket connection
can be used. Any identifying information must be in
the data stream carried over an anonymous connec-
tion. An onion is a data structure that is treated as the
destination address by onion routers; thus, it is used
to establish an anonymous connection. Onions them-
selves appear di_erently to each onion router as well as
to network observers. The same goes for data carried
over the connections they establish. Proxy aware ap-
plications, such as web browsing and e-mail, require no
modi_cation to use onion routing, and do so through
a series of proxies. A prototype onion routing network
is running between our lab and other sites. This paper
describes anonymous connections and their implemen-
tation using onion routing. This paper also describes
several application proxies for onion routing, as well as
con_gurations of onion routing networks.
1 Introduction
Is Internet communication private? Most security
concerns focus on preventing eavesdropping [18], i.e.,
outsiders listening in on electronic conversations. But
encrypted messages can still be tracked, revealing who
is talking to whom. This tracking is called tra_c analysis
and may reveal sensitive information. For example,
the existence of inter-company collaboration may be
con_dential. Similarly, e-mail users may not wish to
reveal who they are communicating with to the rest of
the world. In certain cases anonymity may be desirable
also: anonymous e-cash is not very anonymous if
delivered with a return address. Web based shopping
or browsing of public databases should not require revealing
one's identity.
This paper describes how a freely available system,
onion routing, can be used to protect a variety of Internet
services against both eavesdropping and tra_c
analysis attacks, from both the network and outside observers.
This paper includes a speci_cation su_cient to
guide both re-implementations and new applications of
onion routing. We also discuss con_gurations of onion
routing networks and applications of onion routing, including
Virtual Private Networks (VPN), Web browsing,
e-mail, remote login, and electronic cash.1
A purpose of tra_c analysis is to reveal who is talking
to whom. The anonymous connections described
here are designed to be resistant to tra_c analysis, i.e.,
to make it di_cult for observers to learn identifying information
from the connection (e.g., by reading packet
headers, tracking encrypted payloads, etc.). Any identifying
information must be passed as data through
the anonymous connections. Our implementation of
anonymous connections, onion routing, provides protection
against eavesdropping as a side e_ect. Onion
routing provides bidirectional and near real-time communication
similar to TCP/IP socket connections or
ATM AAL5 [6]. The anonymous connections can substitute
for sockets in a wide variety of unmodi_ed Internet
applications by means of proxies. Data may also be
passed through a privacy _lter before being sent over
an anonymous connection. This removes identifying
information from the data stream, to make communication
anonymous too.
Although onion routing may be used for anonymous
communication, it di_ers from anonymous remailers
[7, 16] in two ways: Communication is real-time
and bidirectional, and the anonymous connections are
application independent
Download full report
http://citeseerx.ist.psu.edu/viewdoc/dow...1&type=pdf