Tor Project Protects Anonymous Sources
The second-generation onion routing technology embodied by the Tor Project aims to provide a secure means of anonymous Internet use. But legal and financial obstacles are slowing progress.
February 1, 2007
Encrypting internet communications is a great start in addressing privacy concerns. But encryption solves only part of the anonymity issue: It hides what is being said, but not who is communicating.
Anonymous services take that next step to protect the parties in an online communication. The Tor project. a network of servers deployed across the Internet, is intended to shield parties from prying eyes and ears. Tor ("the onion router") describes both the development project and related software created to advance the privacy technology. Tor also provides a feature called hidden services that lets servers remain anonymous and provides secure services exclusive to the Tor network that are not visible, nor available, to the Internet public.
Tor offers many practical uses, such as researching sensitive topics and ensuring you can view the same information as the general public on a competitor's Web site. And, it can protect your VPN connections.As it exists now, Tor is close but not quite ready for widespread enterprise employment. The network relies on volunteers for nodes and bandwidth, leaving the reliability of the network dependent on the goodwill of others. Funding is growing but is still a concern. In addition, there are legal uncertainties you should examine before you think about publicizing Tor to your users.
LAYERS OF PROTECTION
The onion routing technology, so named for its layered encryption approach and developed by the U.S. Naval Research Lab, works by passing encrypted messages from server to server within a distributed network (see "Onion Routing Defined" at nwc.com/2007/0205). Each onion server within the Tor network receives the encrypted message and decrypts the addressing information for the next server. The rest of the message remains encrypted with a different key and is then sent to the next server in the path. Each server can decrypt only the layer intended for it. This layering of encryption and routes ensures that no single server knows the message being sent, where it originally came from or its final destination. This technique, along with frequently changing the network path used for messages, prevents detection by traffic pattern analysis.
However, the onion routing protocol is not tamper-proof. Using various techniques, such as timing traffic patterns and correlating sent traffic with exit nodes, interested parties can figure out that messages are being sent to or from certain servers. In addition, detailed analysis of message patterns can determine how often servers are used and thus make educated guesses about that usage. However, the message content is still encrypted and remains private as long as that encryption isn't broken.
Continue Reading This Story...
ENTERPRISE UTILITYWithin the enterprise, Tor can be put to work in a variety of ways. It can be used to research sensitive topics--such as patents or trademarks--without revealing the searcher's identity, for example. In addition, Tor can hide details about acquisitions, purchasing and other activities by keeping Web research and activities secure. Finally, Tor can help protect your VPN connections.
As with all technologies, Tor is a double-edged sword. Just as it can be used to hide what a business is doing, it can be used by employees to shield their activities. There is also legal uncertainty regarding the network. Is the group hosting a Tor server responsible for the traffic that server passes? Historically, courts have not held servers responsible for the content they relay, but legal precedent still has not been set. Be aware of these risks and act accordingly by keeping up with the legal standing of these tools, policing which users have access to the Tor services and helping employees understand the liabilities.
The Tor code is still in development and shouldn't be relied upon for rock-solid anonymity. The Tor network relies on the goodwill of its users to create and maintain Tor servers with donated hardware and bandwidth. This can present scaling problems and has limited the network to less bandwidth-intensive uses. Transmitting large files is actively discouraged.
Setting up a client or two for use by select personnel is a good idea, if only to learn about the benefits of the software. And if you can provide a few servers and some bandwidth for the network while learning, even better. One of Tor's strengths is the diversity of its users. Bringing the enterprise into this user base could return dividends in increased privacy and communications security.
Covert Operations Click to enlarge in another window |
timelineClick to enlarge in another window |
GENESIS
The U.S. Naval Research Lab's onion routing project was adapted by the primary Tor developers, Roger Dingledine and Nick Mathewson, as well as Paul Syverson, to address weaknesses in the first-generation onion routing specification, which included requiring an application proxy, insecure nodes in the message path and traffic congestion.
The Tor project is undergoing an organizational and financial transition. In 2004 the EFF (Electronic Frontier Foundation) agreed to fund Tor for one year as a way to promote privacy and anonymity on the Internet, while the Tor project reorganized and applied for nonprofit status. Although the EFF's direct funding has ended, the group still provides administrative support and other assistance.
A core group of developers and staff, along with open-source volunteers, develop the software, maintain documentation and features, and manage the project. Lately, the Tor project has increased fundraising efforts, which have paid off with generous donations and grants from European and U.S. nongovernmental agencies and private individuals. Further funds are raised through contracts with industry and government agencies. Onion Routing DefinedWhat is onion routing? Onion routing is a communications technique that prevents traffic analysis of transmissions. Using traffic analysis, a party can determine who is communicating with whom, even if they can't read the message. Onion routing prevents this by hiding each step of the communication within a "layer." When communicating using onion routing, a message, for instance, is wrapped within layers of encrypted data. This encrypted data contains the standard routing information for TCP/IP messages. Once encrypted, the message is sent to the first server (or "onion layer"). This server decrypts the routing information. However, it can decrypt only the information intended for it. All other routing information remains encrypted. Once this server can determine where the message should be sent next, it is transmitted. Upon receiving the message, the second server decrypts the message. Again, it can decrypt only the information intended for it. Once it knows the next destination, it transmits the message. The third server will do the same. This continues until the message reaches its target. Any response is then encrypted in the same way, though it may use a different path through the network, and then transmitted. In this way, a message is wrapped within layers of encryption, like an onion, to be unwrapped along the way until the final destination is reached. Since there is no way to know a message's ultimate destination or source, traffic analysis cannot be used to determine who is having the conversation.
Strictly speaking, the Tor project doesn't use onion routing as originally conceived. It uses a modification called "telescoping path-building." This technique addresses a weakness of the onion routing specification: namely, a single node could force other nodes to decrypt traffic. In the telescoping technique, the message initiator negotiates session keys with each hop in the message path, thereby preventing any node from knowing the session keys or encryption information of any other node. However, it is common to refer to Tor as using onion routing. --Pete Payne
Pete Payne is a software programming consultant with Kforce, a nationwide consulting firm, and is currently working at Wisconsin Public Service. Write to him at [email protected].
You May Also Like