Onion Routing

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
-
'''Onion Routing''' provides a way for two computers to communicate on a network anonymously. Onion routing focuses on hiding the source and destination addresses of a packet, rather than the contents of the packet. [http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/index.html].
+
'''Onion Routing''' provides a way for two computers to communicate on a network anonymously. Onion routing focuses on hiding the source and destination addresses of a packet, rather than the contents of the packet [http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/index.html 1].
In order for this to work, a message is encrypted and placed inside an 'onion'.
In order for this to work, a message is encrypted and placed inside an 'onion'.
-
The intermediate nodes along the path, called onion routers, decrypt (peel off a layer) of the onion to reveal the next router along the path to receive the onion. Onion routing runs on top of TCP [http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/index.html].
+
The intermediate nodes along the path, called onion routers, decrypt (peel off a layer) of the onion to reveal the next router along the path to receive the onion. Onion routing runs on top of TCP [http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/index.html 1].
Line 20: Line 20:
===Traffic Analysis===
===Traffic Analysis===
-
>>>"Plus, as the entire onion is decrypted at each router, there is no correspondence on the data layer between an onion entering a router and an onion leaving the router. This means that an outside observer who sees the onion for a specific message enter a node does not know which of the onions leaving that node corresponds to that same message" <<< [http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/index.html].
+
>>>"Plus, as the entire onion is decrypted at each router, there is no correspondence on the data layer between an onion entering a router and an onion leaving the router. This means that an outside observer who sees the onion for a specific message enter a node does not know which of the onions leaving that node corresponds to that same message" <<< [http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/index.html 1].
===Eavesdropping===
===Eavesdropping===
===Denial of Service Attacks===
===Denial of Service Attacks===
Line 35: Line 35:
<br>
<br>
2. ''Onion Routing''. [http://www.onion-router.net/Summary.html http://www.onion-router.net/Summary.html].
2. ''Onion Routing''. [http://www.onion-router.net/Summary.html http://www.onion-router.net/Summary.html].
 +
<br>
 +
3. ''Onion Routing - Wikipedia''. [http://en.wikipedia.org/wiki/Onion_routing http://en.wikipedia.org/wiki/Onion_routing].

Revision as of 16:04, 3 April 2009

Onion Routing provides a way for two computers to communicate on a network anonymously. Onion routing focuses on hiding the source and destination addresses of a packet, rather than the contents of the packet 1. In order for this to work, a message is encrypted and placed inside an 'onion'. The intermediate nodes along the path, called onion routers, decrypt (peel off a layer) of the onion to reveal the next router along the path to receive the onion. Onion routing runs on top of TCP 1.


Contents

Onions

Onions are created by the sender of a message, who first determines the network path it wishes to send a message. Onions rely on Public Key Technology, where each router on the path has its own public key. The sender encrypts the message multiple times with the public keys of each of the intermediate routers. Starting with the public key of the last router on the path, and continually encrypting the message with the previous router's public key. The final message to be sent is encrypted with the public key of the first router in the path.

The concept of the onion data structure is based on the idea of 'peeling off' layers of the onion at each intermediate node to reveal information for that specific node. The first router on the path decrypts the onion with its private key, which reveals the address of the second router on the path, and then sends the message to that address. The newly 'peeled off' onion can now be decrypted by the router two with its private key. This process is continued until the final onion router receives the encrypted message, decrypts it with its private key to reveal the intended message encrypted by the sender. This message is finally sent to the recipient. Image:onion.png

Anonymous Communication

Once decrypted, each layer of the onion contains only the address of the next router. This way each router along the path knows only the previous hop and next hop addresses. Further, no router along the path, except the final router, knows the destination address of the packet.


Traffic Analysis

>>>"Plus, as the entire onion is decrypted at each router, there is no correspondence on the data layer between an onion entering a router and an onion leaving the router. This means that an outside observer who sees the onion for a specific message enter a node does not know which of the onions leaving that node corresponds to that same message" <<< 1.

Eavesdropping

Denial of Service Attacks

Tor

See Also

External Links

References

1. Onion Routing for Anonymous Communications. http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/index.html.
2. Onion Routing. http://www.onion-router.net/Summary.html.

3. Onion Routing - Wikipedia. http://en.wikipedia.org/wiki/Onion_routing.

Personal tools