A technique, originally developed by the U.S. Navy, to hide the true origin of packets on an IP network.
In onion routing, packets are sent through a network of randomly selected proxy servers before being delivered to their final destination. From Onion Routing: The Solution:
An application, instead of making a (socket) connection directly to a destination machine, makes a socket connection to an Onion Routing Proxy. That Onion Routing Proxy builds an anonymous connection through several other Onion Routers to the destination. Each Onion Router can only identify adjacent Onion Routers along the route. Before sending data over an anonymous connection, the first Onion Router adds a layer of encryption for each Onion Router in the route. As data moves through the anonymous connection, each Onion Router removes one layer of encryption, so it finally arrives as plaintext. This layering occurs in the reverse order for data moving back to the initiator. Data passed along the anonymous connection appears different at each Onion Router, so data cannot be tracked en route and compromised Onion Routers cannot cooperate. When the connection is broken, all information about the connection is cleared at each Onion Router.
Onion Routing: Executive Summary explains the rationale for such a system:
The use of a switched communications network should not require revealing who is talking to whom. Onion Routing is a flexible communications infrastructure that is resistant to both eavesdropping and traffic analysis. Onion routing accomplishes this goal by separating identification from routing. Connections are always anonymous, although communication need not be. Communication may be made anonymous by removing identifying information from the data stream. Onion routing can be used by a variety of unmodified Internet applications by means of proxies (non-invasive procedure) or by modifying the network protocol stack on a machine to be connected to the network (moderate or highly-invasive procedure).
The efficiencies of the public Internet are strong motivation for companies to use it instead of private intranets. However, these companies may want to protect their interests. For example, a researcher using the World Wide Web (Web) may expect his particular focus to remain private, and the existence of inter-company collaboration may be confidential. Individuals may wish to protect their privacy too. The identities of the participants in an e-mail conversation should be known only to the communicating parties. A person shopping on the Web may not want his visits tracked. Certainly, someone spending anonymous e-cash expects that the source of the e-cash be untraceable.
Discusses onion routing and provides links to additional articles.
Open-source tool, derived from the Navy work: "Tor is a connection-based low-latency anonymous communication system which addresses many flaws in the original onion routing design."
Security research center
Latest security news, analysis and research links.
Add a comment