Anonymous connections and onion routing
Summary (3 min read)
Introduction
- But encrypted messages can still be tracked, revealing who is talking to whom.
- It differs from anonymous remailers [7], [15] in two ways: communication is real-time and bidirectional, and the anonymous connections are application independent.
- The Anonymizer [1] only anonymizes the data stream, not the connection itself.
A. Operational Overview
- The onion routing network is accessed via a series of proxies.
- An onion router that receives an onion peels off its layer, identifies the next hop, and sends the embedded onion to that onion router.
- Therefore data that have passed backward through the anonymous connection must be repeatedly post-crypted to obtain the plaintext.
- Onion routers keep track of received onions until they expire.
- Onion routing depends upon connection-based services that deliver data uncorrupted and in order.
B. Configurations
- As mentioned above, neighboring onion routers are neighbors in virtue of having longstanding socket connections between them, and the network as a whole is accessed from the outside through a series of proxies.
- Suppose, for example, an Internet Services Provider (ISP) runs a funnel that accepts connections from onion proxies running on subscribers’ machines, also known as 3) The Customer-ISP Configuration.
- If one had a secured connection to an onion router one trusted, their onion router could be used as one of several intermediate routers to further complicate traffic analysis.
- A session may have a very similar timing signature wherever it is measured over a route, so cooperating attackers may determine if they carry a particular session.
- Active attacks are possible, because reducing the load on the system makes the network asier to analyze (and makes the system not uniformly busy).
A. Onion Routing Proxies
- A proxy is a transparent service between two applications that would usually make a direct socket connection to each other but cannot.
- A firewall might prevent direct socket connections between internal and external machines.
- Finally, it passes the precrypted standard structure through the anonymous connection to the exit funnel, thus specifying the ultimate destination.
- From this point on, the onion proxy blindly relays data back and forth between the application proxy and the onion routing network (and thus the exit funnel at the other end of the anonymous connection).
C. Application Proxy
- The interface between an application and the application proxy is application specific.
- The interface between the application proxy and the onion proxy is defined as follows:.
- For each new proxy request, the application proxy first determines if it will handle or deny the request.
- Retry Count specifies how many times the exit funnel should attempt to retry connecting to the ultimate destination.
- Finally, theAddr Format field specifies the form of the ultimate destination address: 1 for a NULL terminated ASCII string with the hostname or IP address (in ASCII form) immediately followed by another NULL terminated ASCII string with the destination port number, and all others currently undefined.
D. Onion Proxy
- Upon receiving the standard structure, the onion proxy can decide whether to accept or reject the request based on the protocol, destination host, destination port, or the identity of the application proxy.
- If rejected, it sends an appropriate error code back to the application proxy, closes the socket, and waits for the next request.
- If accepted, it proceeds to build the onion and connects to the entry funnel of the first onion router, through the network, and to the exit funnel of the last.
- It next sends the standard structure to the exit funnel over the anonymous connection, and then passes all future data to and from the application proxy and anonymous connection.
- The repeated pre- and post-cryptions and packaging of the standard structure and subsequent data is discussed later in Section V-F.
E. Onions
- To build the anonymous connection to the exit funnel, the onion proxy creates an onion.
- As the authors will see below, the first bit must be zero for RSA public key cryptography to succeed.
- TheForw F field denotes the cryptographic function to be applied to data moving in the forward direction (defined as data moving in the same direction in which the onion traveled, usually toward the responder’s end of the anonymous socket connection) using key defined below.
- The remainder of the onion is encrypted, using DES OFB with an IV (initialization vector) of 0 and key (derived fromKey Seed Materialin that layer as defined above).
F. Onion Router Interconnection
- During onion network setup (not to be confused with anonymous connection setup), longstanding connections between 5Details on the cryptographic operations used in this paper can be found in [16] and [20].
- To remain connected to each of its neighbors, onion routers must both listen for connections from neighbors and attempt to initiate connections to neighbors.
- Additionally, theLength and Payload fields are encrypted using the link encryption between neighboring nodes if the command is either PADDING (0) or DESTROY (3).
- The payload of the last cell is padded with random bits to fill the cell if necessary (to avoid traceability).
- Once an acknowledgment DESTROY message is received, an onion routing node considers the anonymous connection destroyed and the ACI can be used as a label for a new anonymous connection.
C. Anonymous Cash
- Certain forms of e-cash are designed to be anonymous and untraceable, unless they are double spent or otherwise misused.
- If a customer cannot contact a vendor without identifying himself, the anonymity of e-cash is undermined.
- For transactions where both payment and product can be conveyed electronically, anonymous connections can be used to hide the identities of the parties from one another [22].
F. Electronic Mail
- Electronic mail is proxied by utilizing the user@host@proxy form of e-mail address instead of the normal user@host form.
- This form should work with most current and older mail systems.
- To: command has been received, the proxy proceeds to create an anonymous connection to the destination server and relays the HELO and MAIL From: commands exactly as received.
- An example of e-mail fromjoe@sender.com on the machinesender.com to mary@recipient.com via the onion.com onion router is given below.
354 Enter mail, end with "." on a line by itself
- At this point, the proxy forward data in both directions, until a line containing only a period is sent from the sender to the recipient:.
- The proxy forwards the line containing only a period to the recipient, and forwards the recipient’s response to the sender.
- At that point, the proxy sendsQUIT to the recipient, reads the response, and closes the connection to the recipient.
- The proxy then waits for a command from the sender; if that command is QUIT, the proxy sends a response and closes its connection to the sender:.
Did you find this useful? Give us your feedback
Citations
2,045 citations
1,307 citations
1,152 citations
Cites background from "Anonymous connections and onion rou..."
...Public[10] Public Direct...
[...]
...Other examples of anonymous communication channels are Onion Routing[10] and Zero-Knowledge Systems' Freedom....
[...]
...[10] P....
[...]
819 citations
753 citations
References
13,597 citations
4,075 citations
3,432 citations
2,819 citations
1,513 citations
Related Papers (5)
Frequently Asked Questions (10)
Q2. What future works have the authors mentioned in the paper "Anonymous connections and onion routing" ?
Besides exploring other novel applications, future work includes a system redesign to improve throughput and an implementation of reply onions [ 14 ], [ 18 ]. The authors will be implementing other mechanisms for responding to anonymous connections as well. The onion routing network supporting anonymous connections can be configured in several ways, including a firewall configuration and a customer-ISP configuration, that moves privacy to the user ’ s computer and may relieve the carrier of responsibility for the user ’ s connections.
Q3. Why is re-ordering important to the security of the system?
If re-ordering is important to the secure operation of the system, deliberate re-ordering is crucial, because low level system randomness may in fact be predictable.
Q4. Why does the network need to be able to resist traffic analysis?
Because the efficacy of mixes depends upon sufficient network traffic, allowing different applications to share the same communications infrastructure increases the ability of the network to resist traffic analysis.
Q5. What is the advantage of onion routing?
because the onion routing network can carry many types of data, it has the potential to be more heavily utilized than a network that is devoted only to e-mail.
Q6. What is the obligation of the application proxy to massage the data stream?
It is the obligation of the application proxy to massage the data stream so the onion proxy, the entry funnel, and the exit funnel can be application independent.
Q7. What is the current prototype of onion routing?
Their current prototype of onion routing considers the network topology to be static and does not have mechanisms to automatically distribute or update public keys or network topology.
Q8. What happens if the onion proxy is rejected?
If rejected, it sends an appropriate error code back to the application proxy, closes the socket, and waits for the next request.
Q9. What is the common way to send a message to the initiator?
One possibility is for the onion router on the initiator side of a break to send some large predetermined number of one bits back to the initiator followed by a message that the connection is destroyed.
Q10. What happens when the proxy sends a request to the server?
Once this request is transmitted to the server, all proxies blindly forward data in both directions between the client and the server until the socket is broken by either side.