Previously, I already mentioned Tor – formerly known as The Onion Router – as the software of choice for surfing the web anonymously. Tor is popular with political dissidents, journalists, armies, criminals and privacy-concious people. Given the possible political impacts such software has, it is important to know what it is and what not.

Originating from the US Naval Research Laboratory, Tor is now supported by various sources that protect freedom of speech, human rights and scientific research. This is not difficult to understand, if one knows that this project enables political activists in dictatorships to communicate freely, secures communication between journalists and whistle-blowers, and is one of the major cryptographic projects the world knows.

From Hop To Hop
Imagine that you are in a classroom and want to send a message to someone, but do not want that person to know your identity. You could write this message down on a small piece of paper and hand this to the person sitting next to you while asking him to pass it through. He will then do the same thing, until the note reaches its destiny.

One can imagine that, if every person only knows from which person he got the note and to who he passes it on, nobody really knows that you are the sender. Of course, this only holds under the assumption that those persons will not tell this to others, although you could just act like you were also just passing the message through and are not the originator.

In its default settings, Tor uses at least three intermediate hops. It also makes sure that neither of those nodes will know both the originating and receiving address of the end-to-end communication. Of course, the hops that do not communicate with the originator or the receiver get to know no information about the message at all.

Peeling The Onion
Tor’s name originates from the fact that the software uses onion routing. This refers to the way the software uses cryptography to conceal all details to outsiders. Namely, the message is encrypted by several layers, which resembles the structure of a sliced onion.

When the originator has its path to the destination set out, he encrypts his message with a single layer for each hop in the path. This way, every hop only gets to see the most outer peel. He will then peel this skin of and pass the message to the next hop on the path, which is revealed under the skin. Eventually, the latest hop will find the bare message and the receiving address. However, he will have no idea where the message came from. Comparably, the first hop knows where the message comes from, but can only see a thoroughly encrypted message that can only be peeled further by the next node.

Are There Any Weaknesses?
Yes, there are weaknesses with Tor, as there are with virtually any system. The easiest way of killing the protection offered by the software is by targeting the user. As said before, the end node gets to see the bare message. Thus, if this message is, for example, a letter with a signature underneath it, all efforts are lost. Thus, a smart attacker may try to capture messages originating from end-nodes in Tor paths, in the hope this results in interesting information. Of course, a smart user will make sure there is additional encryption between this last node and the receiver of the message. that makes sure that no details are revealed.

Comparable to the former example, there exist numerous attacks on Tor caused by insecure use of it. However, it would not be fair to blame those attacks on the system, when they are clearly caused by its users. Attacks that are on the system tend to fall within the class of timing attacks. Due to the fact that the system does not add delays to messages – which would make it very slow –, attackers can try to correlate incoming and outgoing messages by watching common entry- and exit-nodes in the Tor network. It should be noted that this is a very expensive attack, though.

Online Anonymity: Count Me In!
It cannot be stressed enough: Tor is a wonderful piece of software that has brought a lot of good, even when there are some culprits using the system for their criminal intentions. It enables people to exercise their human rights in places where this normally would have been possible, which is why we are better of with than without it.

Tagged with:
 

2 Responses to Anonymous Online: What Is This Tor Thing?

  1. […] An example of such a technique is the obfsproxy add-on for Tor. As I previously explained, Tor is a tool for anonymous browsing, that encrypts all traffic from your machine (20 July 2012). This tool is easily recognisable, due to the constant stream of encrypted data it generates when […]

Leave a Reply

Your email address will not be published. Required fields are marked *