AI helps you reading Science
AI generates interpretation videos
AI extracts and analyses the key points of the paper to generate videos automatically
AI parses the academic lineage of this thesis
AI extracts a summary of this paper
Tor uses a small group of redundant, well-known onion routers to track changes in network topology and node state, including keys and exit policies
Tor: the second-generation onion router
USENIX Security Symposium, pp.21-21, (2004)
We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services ...More
PPT (Upload PPT)
- Separation of “protocol cleaning” from anonymity: Onion Routing originally required a separate “application proxy” for each supported application protocol—most of which were never written, so many applications were never supported.
- PipeNet [5, 12], another low-latency design proposed around the same time as Onion Routing, gave stronger anonymity but allowed a single user to shut down the network by not sending.
- Tarzan and MorphMix allow unknown users to run servers, and use a limited resource to prevent an attacker from controlling too much of the network.
- Separation of “protocol cleaning” from anonymity: Onion Routing originally required a separate “application proxy” for each supported application protocol—most of which were never written, so many applications were never supported
- PipeNet [5, 12], another low-latency design proposed around the same time as Onion Routing, gave stronger anonymity but allowed a single user to shut down the network by not sending
- Many of the open problems in low-latency anonymity networks, such as generating dummy traffic or preventing Sybil attacks , may be solvable independently from the issues solved by Tor
- If the packaging window reaches 0, the onion router stops reading from TCP connections for all streams on the corresponding circuit, and sends no more relay data cells until receiving a relay sendme cell
- We provide location-hiding for Bob by allowing him to advertise several onion routers as contact points
- Tor uses a small group of redundant, well-known onion routers to track changes in network topology and node state, including keys and exit policies
- Many of the open problems in low-latency anonymity networks, such as generating dummy traffic or preventing Sybil attacks , may be solvable independently from the issues solved by Tor. Hopefully future systems will not need to reinvent Tor’s design.
- Once the circuit has been established, Alice and Bob can send one another relay cells encrypted with the negotiated key.1 More detail is given .
- Because the old Onion Routing design used a stream cipher without integrity checking, traffic was vulnerable to a malleability attack: though the attacker could not decrypt cells, any changes to encrypted data would create corresponding changes to the data leaving the network.
- If the packaging window reaches 0, the OR stops reading from TCP connections for all streams on the corresponding circuit, and sends no more relay data cells until receiving a relay sendme cell.
- The current Tor design treats such attacks as intermittent network failures, and depends on users and applications to respond or recover as appropriate.
- Most onion routers in the current network function as restricted exits that permit connections to the world at large, but prevent access to certain abuse-prone addresses and services such as SMTP.
- Tor uses a small group of redundant, well-known onion routers to track changes in network topology and node state, including keys and exit policies.
- To avoid attacks where a router connects to all the directory servers but refuses to relay traffic from other routers, the directory servers must build circuits and use them to anonymously test router reliability .
- While filtering content is not a primary goal of Onion Routing, Tor can directly use Privoxy and related filtering services to anonymize application data streams.
- (Thanks to the perfect forward secrecy of session keys, the attacker cannot force nodes to decrypt recorded traffic once the circuits have been closed.) building circuits that cross jurisdictions can make legal coercion harder—this phenomenon is commonly called “jurisdictional arbitrage.” The Java Anon Proxy project recently experienced the need for this approach, when a German court forced them to add a backdoor to their nodes .
- Modern anonymity systems date to Chaum’s Mix-Net design . Chaum proposed hiding the correspondence between sender and recipient by wrapping messages in layers of public-key cryptography, and relaying them through a path composed of “mixes.” Each mix in turn decrypts, delays, and re-orders messages before relaying them onward.
Subsequent relay-based anonymity designs have diverged in two main directions. Systems like Babel , Mixmaster , and Mixminion  have tried to maximize anonymity at the cost of introducing comparatively large and variable latencies. Because of this decision, these highlatency networks resist strong global adversaries, but introduce too much lag for interactive tasks like web browsing, Internet chat, or SSH connections.
Tor belongs to the second category: low-latency designs that try to anonymize interactive network traffic. These systems handle a variety of bidirectional protocols. They also provide more convenient mail delivery than the high-latency anonymous email networks, because the remote mail server provides explicit and timely delivery confirmation. But because these designs typically involve many packets that must be delivered quickly, it is difficult for them to prevent an attacker who can eavesdrop both ends of the communication from correlating the timing and volume of traffic entering the anonymity network with traffic leaving it . These protocols are similarly vulnerable to an active adversary who introduces timing patterns into traffic entering the network and looks for correlated patterns among exiting traffic. Although some work has been done to frustrate these attacks, most designs protect primarily against traffic analysis rather than traffic confirmation (see Section 3.1).
- This work has been supported by ONR and DARPA
- A. Acquisti, R. Dingledine, and P. Syverson. On the economics of anonymity. In R. N. Wright, editor, Financial Cryptography. Springer-Verlag, LNCS 2742, 2003.
- R. Anderson. The eternity service. In Pragocrypt ’96, 1996.
- The Anonymizer. <http://anonymizer.com/>.
- A. Back, I. Goldberg, and A. Shostack. Freedom systems 2.1 security issues and analysis. White paper, Zero Knowledge Systems, Inc., May 2001.
- A. Back, U. Moller, and A. Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In I. S. Moskowitz, editor, Information Hiding (IH 2001), pages 245– 257. Springer-Verlag, LNCS 2137, 2001.
- M. Bellare, P. Rogaway, and D. Wagner. The EAX mode of operation: A two-pass authenticated-encryption scheme optimized for simplicity and efficiency. In Fast Software Encryption 2004, February 2004.
- O. Berthold, H. Federrath, and S. Kopsell. Web MIXes: A system for anonymous and unobservable Internet access. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability. Springer-Verlag, LNCS 2009, 2000.
- P. Boucher, A. Shostack, and I. Goldberg. Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc., December 2000.
- Z. Brown. Cebolla: Pragmatic IP Anonymity. In Ottawa Linux Symposium, June 2002.
- D. Chaum. Untraceable electronic mail, return addresses, and digital pseudo-nyms. Communications of the ACM, 4(2), February 1981.
- F. Dabek, M. F. Kaashoek, D. Karger, R. Morris, and I. Stoica. Wide-area cooperative storage with CFS. In 18th ACM Symposium on Operating Systems Principles (SOSP ’01), Chateau Lake Louise, Banff, Canada, October 2001.
- W. Dai. Pipenet 1.1. Usenet post, August 1996. <http://www.eskimo.com/̃weidai/pipenet.txt> First mentioned in a post to the cypherpunks list, Feb.1995.
- G. Danezis. Mix-networks with restricted routes. In R. Dingledine, editor, Privacy Enhancing Technologies (PET 2003). Springer-Verlag LNCS 2760, 2003.
- G. Danezis. Statistical disclosure attacks. In Security and Privacy in the Age of Uncertainty (SEC2003), pages 421–426, Athens, May 2003. IFIP TC11, Kluwer.
- G. Danezis, R. Dingledine, and N. Mathewson. Mixminion: Design of a type III anonymous remailer protocol. In 2003 IEEE Symposium on Security and Privacy, pages 2–IEEE CS, May 2003.
- D. Dean and A. Stubblefield. Using Client Puzzles to Protect TLS. In Proceedings of the 10th USENIX Security Symposium. USENIX, Aug. 2001.
- T. Dierks and C. Allen. The TLS Protocol — Version 1.0. IETF RFC 2246, January 1999.
- R. Dingledine, M. J. Freedman, D. Hopwood, and D. Molnar. A Reputation System to Increase MIX-net Reliability. In I. S. Moskowitz, editor, Information Hiding (IH 2001), pages 126– 141. Springer-Verlag, LNCS 2137, 2001.
- R. Dingledine, M. J. Freedman, and D. Molnar. The free haven project: Distributed anonymous storage service. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability. Springer-Verlag, LNCS 2009, July 2000.
- R. Dingledine and N. Mathewson. Tor protocol specifications. <http://freehaven.net/tor/tor-spec.txt>.
- R. Dingledine and P. Syverson. Reliable MIX Cascade Networks through Reputation. In M. Blaze, editor, Financial Cryptography. Springer-Verlag, LNCS 2357, 2002.
- J. Douceur. The Sybil Attack. In Proceedings of the 1st International Peer To Peer Systems Workshop (IPTPS), Mar. 2002.
- H. Federrath, A. Jerichow, and A. Pfitzmann. MIXes in mobile communication systems: Location management with privacy. In R. Anderson, editor, Information Hiding, First International Workshop, pages 121–135. Springer-Verlag, LNCS 1174, May 1996.
- M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, November 2002.
- S. Goel, M. Robson, M. Polte, and E. G. Sirer. Herbivore: A scalable and efficient protocol for anonymous communication. Technical Report TR2003-1890, Cornell University Computing and Information Science, February 2003.
- I. Goldberg. A Pseudonymous Communications Infrastructure for the Internet. PhD thesis, UC Berkeley, Dec 2000.
- D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Hiding routing information. In R. Anderson, editor, Information Hiding, First International Workshop, pages 137–150. SpringerVerlag, LNCS 1174, May 1996.
- C. Gulcuand G. Tsudik. Mixing E-mail with Babel. In Network and Distributed Security Symposium (NDSS 96), pages 2–16. IEEE, February 1996.
- A. Hintz. Fingerprinting websites using traffic analysis. In R. Dingledine and P. Syverson, editors, Privacy Enhancing Technologies (PET 2002), pages 171–178. Springer-Verlag, LNCS 2482, 2002.
- A. Jerichow, J. Muller, A. Pfitzmann, B. Pfitzmann, and M. Waidner. Real-time mixes: A bandwidth-efficient anonymity protocol. IEEE Journal on Selected Areas in Communications, 16(4):495–509, May 1998.
- D. Kesdogan, D. Agrawal, and S. Penz. Limits of anonymity in open environments. In F. Petitcolas, editor, Information Hiding Workshop (IH 2002). Springer-Verlag, LNCS 2578, October 2002.
- D. Koblas and M. R. Koblas. SOCKS. In UNIX Security III Symposium (1992 USENIX Security Symposium), pages 77– 83. USENIX, 1992.
- B. N. Levine, M. K. Reiter, C. Wang, and M. Wright. Timing analysis in low-latency mix-based systems. In A. Juels, editor, Financial Cryptography. Springer-Verlag, LNCS (forthcoming), 2004.
- B. N. Levine and C. Shields. Hordes: A multicast-based protocol for anonymity. Journal of Computer Security, 10(3):213– 240, 2002.
- C. Meadows. The NRL protocol analyzer: An overview. Journal of Logic Programming, 26(2):113–131, 1996.
- U. Moller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster Protocol — Version 2. Draft, July 2003. <http://www.abditum.com/mixmaster-spec.txt>.
- V. S. Pai, L. Wang, K. Park, R. Pang, and L. Peterson. The Dark Side of the Web: An Open Proxy’s View. <http://codeen.cs.princeton.edu/>.
- A. Pfitzmann, B. Pfitzmann, and M. Waidner. ISDN-mixes: Untraceable communication with very small bandwidth overhead. In GI/ITG Conference on Communication in Distributed Systems, pages 451–463, February 1991.
- Privoxy. <http://www.privoxy.org/>.
- M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Protocols using anonymous connections: Mobile applications. In B. Christianson, B. Crispo, M. Lomas, and M. Roe, editors, Security Protocols: 5th International Workshop, pages 13–23. Springer-Verlag, LNCS 1361, April 1997.
- M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4):482–494, May 1998.
- M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. ACM TISSEC, 1(1):66–92, June 1998.
- M. Rennhard and B. Plattner. Practical anonymity for the masses with morphmix. In A. Juels, editor, Financial Cryptography. Springer-Verlag, LNCS (forthcoming), 2004.
- M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. Analysis of an Anonymity Network for Web Browsing. In IEEE 7th Intl. Workshop on Enterprise Security (WET ICE 2002), Pittsburgh, USA, June 2002.
- A. Serjantov and P. Sewell. Passive attack analysis for connection-based anonymity systems. In Computer Security – ESORICS 2003. Springer-Verlag, LNCS 2808, October 2003.
- R. Sherwood, B. Bhattacharjee, and A. Srinivasan. p5: A protocol for scalable anonymous communication. In IEEE Symposium on Security and Privacy, pages 58–70.
- A. Shubina and S. Smith. Using caching for browsing anonymity. ACM SIGEcom Exchanges, 4(2), Sept 2003.
- P. Syverson, M. Reed, and D. Goldschlag. Onion Routing access configurations. In DARPA Information Survivability Conference and Exposition (DISCEX 2000), volume 1, pages 34–40. IEEE CS Press, 2000.
- P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an Analysis of Onion Routing Security. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability, pages 96– 114. Springer-Verlag, LNCS 2009, July 2000.
- A. Tannenbaum. Computer networks, 1996.
- The AN.ON Project. German police proceeds against anonymity service. Press release, September 2003. <http://www.datenschutzzentrum.de/
- M. Waldman and D. Mazieres. Tangler: A censorshipresistant publishing system based on document entanglements. In 8th ACM Conference on Computer and Communications Security (CCS-8), pages 86–135. ACM Press, 2001.
- M. Waldman, A. Rubin, and L. Cranor. Publius: A robust, tamper-evident, censorship-resistant and source-anonymous web publishing system. In Proc. 9th USENIX Security Symposium, pages 59–72, August 2000.
- M. Wright, M. Adler, B. N. Levine, and C. Shields. Defending anonymous communication against passive logging attacks. In IEEE Symposium on Security and Privacy, pages 28–41.