Tor (anonymity network)

From Wikipedia, the free encyclopedia

Tor
Image:Eff tor.png
Developed by Roger Dingledine and Nick Mathewson
Initial release  ?
Stable release 0.1.2.19  (January 17, 2008) [+/−]
Preview release 0.2.0.27-rc  (Jun 3, 2008) [+/−]
Written in C
OS Cross-platform
Available in  ?
Genre Onion routing / Anonymity
License BSD license
Website www.torproject.org

Tor (The Onion Router) is a free software implementation of second-generation onion routing – a system enabling its users to communicate anonymously on the Internet. Originally sponsored by the US Naval Research Laboratory, Tor became an Electronic Frontier Foundation (EFF) project in late 2004. The EFF supported Tor financially until November 2005.[1]

Like all current low latency anonymity networks, Tor is vulnerable to traffic analysis from observers who can watch both ends of a user's connection.[2]

Contents

[edit] Overview

Aiming to protect its users against traffic analysis attacks, Tor operates an overlay network of onion routers that enable anonymous outgoing connections and anonymous "hidden" services.

[edit] Anonymous outgoing connections

Users of the Tor network run an onion proxy on their machine. This software connects out to Tor, periodically negotiating a virtual circuit through the Tor network. Tor employs cryptography in a layered manner (hence the onion analogy), ensuring perfect forward secrecy between routers. At the same time, the onion proxy software presents a SOCKS interface to its clients. SOCKS-aware applications may be pointed at Tor, which then multiplexes the traffic through a Tor virtual circuit.

Once inside the Tor network, the traffic is sent from router to router, ultimately reaching an exit node at which point the cleartext packet is available and is forwarded on to its original destination. Viewed from the destination, the traffic appears to originate at the Tor exit node.

Tor's application independence sets it apart from most other anonymity networks: it works at the TCP stream level. Applications commonly anonymised using Tor include IRC, instant messaging and browsing the Web. When browsing the Web, Tor is often coupled with Privoxy – a filtering proxy server – that aims to add privacy at the application layer.

Not all Tor nodes are equal. They describe themselves with several flags: DIR, Running, Guard, Authority, Fast, Exit, Stable, Valid, V2Dir, BadExit, BadDirectory. To start with, there are Tor Authority servers which are usually Stable but do not act as an Exit Node. There are Tor Exit Nodes, and the ones with Stable IP addresses announce themselves as such.[citation needed]

[edit] Weaknesses

[edit] DNS leaks

As with many anonymous web surfing systems, direct DNS requests are usually still performed by many applications, without using the Tor proxy. Using the previously mentioned Privoxy or the command "torify" included with the Tor distribution is a possible solution to this problem.[3] Additionally, applications using SOCKS5 – which supports name-based proxy requests – can route DNS requests through Tor, having lookups performed at the exit node and thus receiving the same anonymity as other Tor traffic.[citation needed]

As of Tor release 0.2.0.1-alpha, Tor includes its own DNS resolver which will dispatch queries over the mix network. This should close the DNS leak and can interact with Tor's address mapping facilities to provide Tor hidden service (.onion) access to non-SOCKS aware applications.[4]

[edit] Traffic analysis

Steven J. Murdoch and George Danezis from University of Cambridge presented an article[5] at the 2005 IEEE Symposium on Security and Privacy. They presented traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams and therefore greatly reduce the anonymity provided by Tor. They have also shown that otherwise unrelated streams can be linked back to the same initiator. The identity of the original user remains undiscovered by this attack, however.[5]

[edit] Eavesdropping by exit nodes

In September 2007, Dan Egerstad, a Swedish security consultant, revealed that he had intercepted usernames and passwords for a large number of email accounts, by operating and monitoring Tor exit nodes.[6] On November 15, 2007, he was arrested on charges stemming from discovering and publishing this information. As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic which is not encrypted at the application layer, e.g. by SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security.[7]

[edit] Etiquette and abuse

Because Tor is capable to anonymise arbitrary TCP traffic, it is subject to abuse. Routers each maintain an exit policy of what traffic is and is not permitted to leave the Tor network through that node. It is possible to combat most major abuses of the Tor network using a combination of addresses and ports. Potential abuses include:

Bandwidth hogging
It is considered impolite to transfer massive amounts of data across the Tor network – the onion routers are run by volunteers using their own bandwidth at their own cost.

[edit] Anonymous hidden services

Although Tor's most popular feature is its provision of anonymity to clients, it can also provide anonymity to servers. By using the Tor network, it is possible to host servers in such a way that their network location is unknown. In order to access a hidden service, Tor must also be used by the client.

Hidden services are accessed through the Tor-specific .onion pseudo top-level domain. The Tor network understands this TLD and routes data anonymously to the hidden service. The hidden service then hands over to standard server software, which should be configured to listen only on non-public interfaces. Services that are reachable through Tor hidden services and the public Internet are susceptible to correlation attacks, and consequently are not really hidden.

An added advantage of Tor hidden services is that, because no public IP address is required, services may be hosted behind firewalls and NAT.[citation needed]

[edit] Central sites

There is no official index of hidden services, but a number of third-party hidden services exist to serve this purpose.

  • core.onion, a simple site containing links to other .onion sites, a simple forum and a comment system.
  • HiddenServices - Xiando, a public Internet mirror of index lists found on Tor
The following links only work for web browsers that have Tor installed and enabled. Due to the nature of the network, access to links are dependent on the nodes you are connected to as well as those your tor software queries during each access attempt. As a result, it may take several tries to access these sites. Also, due to the anonymous nature of this network, sensitive material, which may be illegal in one's jurisdiction or simply distasteful, is posted more commonly than on the general Internet.

[edit] See also

Free software Portal
Cryptography Portal

[edit] References

  1. ^ Tor:People (2006-10-15). Retrieved on 2007-05-21.
  2. ^ TheOnionRouter/TorFAQ. Retrieved on 2007-09-18. “Tor (like all current practical low-latency anonymity designs) fails when the attacker can see both ends of the communications channel”
  3. ^ TheOnionRouter/TorifyHOWTO – Noreply Wiki. Retrieved on 2007-04-19.
  4. ^ Tor Changelog. Retrieved on 2007-09-11.
  5. ^ a b Low-Cost Traffic Analysis of Tor (PDF) (2006-01-19). Retrieved on 2007-05-21.
  6. ^ Wired: Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise. Retrieved on 2007-09-16.
  7. ^ Tor hack proposed to catch criminals. Retrieved on 2008-02-01.

[edit] External links

[edit] Articles