1 / 15

TOR: The second-generation Onion Router

TOR: The second-generation Onion Router. Outline. Onion routing principals Introduction to TOR Components Overall design How TOR works Circuit construction and data transfer through the circuit Conclusion. Onion routing principals. Hide message source by routing it randomly

reed
Download Presentation

TOR: The second-generation Onion Router

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TOR: The second-generation Onion Router

  2. Outline • Onion routing principals • Introduction to TOR • Components • Overall design • How TOR works • Circuit construction and data transfer through the circuit • Conclusion

  3. Onion routing principals • Hide message source by routing it randomly • Popular technique: Crowds, Onion Routing, TOR • Routers don’t know for sure if the apparent source of a message is the true sender or another router • Only secure against local attackers!

  4. Onion routing principals R R R4 R R3 R R1 R R2 Alice R Bob • Sender chooses a random sequence of routers • Some routers are honest, some hostile • Sender controls the length of the path • Goal: hostile routers shouldn’t learn that Alice is talking to Bob

  5. Onion routing principals R2 R4 Alice R3 Bob R1 {M}pk(B) {B,k4}pk(R4),{ }k4 {R4,k3}pk(R3),{ }k3 {R3,k2}pk(R2),{ }k2 {R2,k1}pk(R1),{ }k1 • Routing info for each link encrypted with router’s public key • Each router learns only the identity of the next router

  6. Introduction to TOR • Tor is a low-latency anonymous communication based on Onion Routing • Tor aim is to resist observers and insiders by distributing each transaction over several nodes in the network • Tor works on the real-world Internet, requires little synchronization • There are roughly 420 onion routers that forward at least 5KB per seconds (2007)

  7. Components • Directory servers are to provide information about available onion routers to the user • Rendezvous point is to provide anonymity for server • Introduction points allow hidden server to advertise them as contact points for the users • Onion Router is the building block of the circuits • Onion Proxy is the client part of the network that injects the user’s traffic into the network

  8. Overall design

  9. How Tor works • Hidden Server connects to several nodes to act as Introduction Point for his service • Hidden Server contacts Directory Servers and asks them to publish the contact information of its hidden service • In order to retrieve data from the service Client connects to Directory Server and asks for the contact information of the service • Client selects a node in the network to act as a Rendezvous Point and asks it to listen for connections from the hidden service on Client’s behalf

  10. How Tor works • Client contacts Introduction Point asks it to forward the information about the selected Rendezvous Point • Introduction Point forwards this message to Hidden Server who determines whether to connect to Rendezvous Point • If Hidden Server wants to connect, then it asks to be connected to the waiting rendezvous circuit • Rendezvous Point forwards this connection request to Client • Now Rendezvous Point can start passing data between the two connections and the result is an anonymous data tunnel from Client to Hidden Server through Rendezvous Point

  11. Circuit construction • Tor uses an incremental or telescoping circuit-building design, where the initiator negotiates session keys with each successive hop in the circuit • Session key between User and Onion router is established by using Diffie-Hellman handshake • The first half of the Diffie-Hellman handshake encrypted by the Onion Router’s public key is sent to the Onion router • The second half of the Diffie-Hellman handshake is sent to User with the hash of negotiated session key • The anonymous circuit is extended similar manner, one hop at a time

  12. Data transfer • Once the anonymous circuit is established (so the Client shares session key with each Onion Router on the circuit), Client encrypts the message by session keys with the order that the farthest is first and the nearest is last • Client sends the layer encrypted message to first Onion Router on the circuit • Each Onion Router decrypts outermost encryption and gets information about next Onion Router and sends the message to the appropriate Onion Router • Data transfer from Server to Client is done in reverse order of that of Client to Server

  13. Circuit construction and Data Transfer

  14. Conclusion • Tor becomes most widely used anonymous network with its speed and reliability • Tor supports mutual anonymity with the help of Rendezvous Point • Tor resists local adversary effectively • Tor anonymizes TCP streams, providing a high-throughput and low-latency network compared to the onion routing

  15. Thank you

More Related