Onion routing

Onion routing is a technique for anonymous communication over a . In an onion network, messages are encapsulated in layers of , analogous to layers of an . The encrypted data is transmitted through a series of network nodes called onion routers, each of which “peels” away a single layer, uncovering the data’s next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.


Development and implementation

Onion routing was developed in the mid-1990s at the by employees , Michael G. Reed, and to protect U.S. communications online. It was further developed by the (DARPA) and patented by the Navy in 1998.

Computer scientists Roger Dingledine and joined Syverson in 2002 to develop what would become the largest and best known implementation of onion routing, Tor, then called The Onion Routing project or TOR project. After the Naval Research Laboratory released the code for Tor under a , Dingledine, Mathewson and five others founded The Tor Project as a in 2006, with the of the and several other organizations.

Data structure

An onion is the data structure formed by “wrapping” a message with successive layers of encryption to be decrypted (“peeled” or “unwrapped”) by as many intermediary computers as there are layers before arriving at its destination. The original message remains hidden as it is transferred from one node to the next, and no intermediary knows both the origin and final destination of the data, allowing the sender to remain anonymous.

Onion creation and transmission

To create and transmit an onion, the originator selects a set of nodes from a list provided by a “directory node”. The chosen nodes are arranged into a path, called a “chain” or “circuit”, through which the message will be transmitted. To preserve the anonymity of the sender, no node in the circuit is able to tell whether the node before it is the originator or another intermediary like itself. Likewise, no node in the circuit is able to tell how many other nodes are in the circuit and only the final node, the “exit node”, is able to determine its own location in the chain. Factors that may facilitate traffic analysis include nodes failing or leaving the network

Garlic routing is a variant of onion routing associated with the I2P network that encrypts multiple messages together to make it more difficult for attackers to perform traffic analysis and to increase the speed of data transfer.

Exit node vulnerability

Although the message being sent is transmitted inside several layers of encryption, the job of the exit node, as the final node in the chain, is to decrypt the final layer and deliver the message to the recipient. A compromised exit node is thus able to acquire the raw data being transmitted, potentially including passwords, private messages, bank account numbers, and other forms of personal information. Dan Egerstad, a Swedish researcher, used such an attack to collect the passwords of over 100 email accounts related to foreign embassies.

Exit node vulnerabilities are similar to those on unsecured wireless networks, where the data being transmitted by a user on the network may be intercepted by another user or by the router operator. Both issues are solved by using a secure end-to-end connection like or (S-HTTP). If there is end-to-end encryption between the sender and the recipient, then not even the last intermediary can view the original message.

See Also on BitcoinWiki