“The Onion Router” (Tor) is a browser that implements onion routing to provide the user anonymity over a network. It was worked on during the mid-1990s in the United States Naval Research Laboratory,under the guidance of mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag. The project’s main aim was to create a system that could provide security for all the US intelligence communications that took place online. Tor was released to the general public a year after talk about US using such a software surfaced.
What Is The Tor Browser?
The Tor browser implements the onion routing protocol which provides anonymity online. The Tor project is now completely open source. You can download the browser and learn more about the Tor project here.
One important thing to keep in mind is that Tor guarantees security and anonymity only during the transmission of data and does not provide any sort of integrity for the data itself. If the data contains information that discloses the user’s identity then using a Tor network would prove to be useless.
What Is Onion Routing?
Onion Routing is a web protocol that provides a layer of added security and anonymity within a network.
The protocol takes the request issued by the user through the tor browser and relays it through a minimum of 3 nodes before it goes to the target address. The number of relays it takes is selected at random each time a request is made. Each node or “onion router” is chosen from a list of open directory nodes. These nodes or computers Volunteer to act as nodes in the Tor network.
Each node peels away a layer of encryption revealing only enough data to see where the next node is,so that the request may be passed on. Therefore we see that each node only knows about the previous and next node and at no time does any one node know the complete path of the request.
If we look at the setting below we can clearly see that only router A can peel the first encryption layer thereby obtaining information on where to send the request to next. The same process follows for each layer where the correct keys unravel the respective layers finally heading towards the exit node where the data is sent out without any encryption to the destination server.
Key exchanges are performed between the nodes usually through something like Diffie-Hillman key exchange to establish a secure pair of private and public keys so as to encrypt the data or request within the network.
The message is encrypted from the initial system with the public keys(which we generated through the key exchange) of all the nodes,meaning that each node can decrypt one layer of encryption,giving it just enough information to find where the next relay is. This makes tracing out a request almost impossible.
It is easy for ISPs to identify that someone is using Tor as the connection to the first node is public, in order to make it harder for ISPs to know you are using Tor one can use what are known as Bridges which are basically Tor nodes which are not listed in the public directory.
How Is It Different From a VPN?
In most cases the VPN provider is able to view your activity and you just need to trust that they do not take a peek into you activity,the Tor network is trustless in that sense and provides secure communication without the need for centralized protection.
Weakness of The Tor network
The Tor network is not all fail proof,there are a few weaknesses that can be used to exploit the network. The resources and the technical skill required to do so is also high.
One of the more prominent methods of tracing out Tor nodes is by Traffic Analysis. For this the premise is that the infiltrator must be able to sniff traffic at both the entry node and exit node.
If this is done,a correlation can be made with reference to the timing and frequency of requests. The analysis of similar patterns of request frequency in the entry and exit node will allow for one to decipher the original node that made the request.
Although this is possible it is difficult to sniff for packets at exactly the right nodes so as to draw a relation and trace the first user.
In conclusion we see that Tor can be used to bring anonymity during online interactions and has many use cases such an enabling free journalism and more importantly restoring the right to privacy into the hands of the user.