by Roger Dingledine, Nick Mathewson, and Paul Syverson
Tor, a circuit-based low-latency anonymous communication service, is the second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points.
To understand this paper, we need to learn onion routing first. Following is an explanation of onion routing from Wiki:
Tor is distinguished from the original onion router by several features.
- perfect forward secrecy: Tor now uses an telescoping path-building design allowing the initiator negotiates session keys with each successive hop in the circuit.
- congestion control: Tor’s decentralized congestion control uses end-to-end acks to maintain anonymity while allowing nodes at the edges of the network to detect congestion or flooding and send less data until the congestion subsides.
- directory servers: Tor takes a simplified view toward distributing state information. i.e. certain more trusty nodes act as directory servers providing signed directories describing known routers and their current state.
- integrity checking: Tor verifies data integrity before it leaves the network to hamper attacks.
- configurable exit policies: Tor provides a consistent mechanism for each node to advertise a policy describing the hosts and ports to which it will connect.
- rendezvous points and hidden services: Tor provides an integrated mechanism for responder anonymity via location protected servers. Instead of using reply onions like previous designs, in Tor, clients negotiate rendezvous points to connect with hidden servers not using reply onions.
Authors presented clear goals and even non-goals and lots of different kinds of attacks and defenses against of those attacks. In addition, they also gave several goals and directions to achieve after their achievement. By doing so, they clarify the limitation of their paper and show the possibility to improve their work.
In conclusion, Tor is the predominant technology that employs onion routing now. However, threats from anonymity is getting rapidly higher and higher and distributed system is particularly vulnerable to these. Any of security issue should be keep improved to cope with this kind of threats.
I've always wondered why researchers are interested in creating these anonymous networks when they seem to be a hotbed for illegal activities. Granted you don't know how people will respond to a platform before you deploy it, but it seems like your going to attract a certain amount of undesirables with a service like this.
ReplyDeleteHuman rights!
DeleteMore seriously, that is an interesting question. There is something of a interesting question. One (certainly not the only and maybe not the biggest) of the problems is that technology moves much faster than privacy protections, and they are just aiming for due privacy. For example, at least pre 9-11, your mail was very well protected. Certainly it could be searched with a warrant, etc. Since no such protections have arisen to protect internet users, its reasonable that the burden of privacy falls on technology.
DeleteThe abuse is just the flip side of having a "strong" system (mail, in comparison is not "strong", but "protected"). I do find it interesting that they do devote effort to trying to protect against exit-abuse via the exit policy.
Privacy is hard, but also extremely valuable in terms of both material and immaterial costs. It's a great opportunity for CS research. I'd like to think that the researchers are well aware that they will attract illicit activities, but in their minds, the benefits outweigh the costs. Tor may be a bad example, since it is free and open, and doesn't garner much financial benefit for the researchers, but the sanctity of tap-free communications may be enough motivation in and of itself.
DeleteThe fact that TOR is up and running successfully for a decade(the only running system which provides anonymity) is a testimony to the fact that it has satisfied or rather well exceeded its expectations. 80% of the current funding is provided by US government with the rest coming from other governments and voluntary agencies. The authors have pointed out that TOR does not introduce any new kind of abuse. But, there is chance of exit abuse(exit nodes get framed wrongly because the rest path is anonymous). As Marcel pointed out, they are trying to devote effort against exit abuse and I believe in the current running TOR version, they have overcome it almost completely.
DeleteTor in itself was very important, along with other similar services such as freenet in giving censored countries a voice to speak out. I feel like illegal activity is an inevitability in these services, but at the same time, the freedom and anonymity is very important to the internet itself. What's scary is that you can find a lot of the darker sides of tor easily online - heck, even Wikipedia lists quite a few illegal sites (they were taken down at some points, but you can find them in the history of the tor or .onion page).
DeleteThe justification of tor is very much significant to many of the issues regarding internet anonymity that is argued these days.
Anonymous communication channels are a necessity for more than one party in the Internet. First in the list is the government/DoD which is very clear from the fact that one of the co-authors is from the Naval Research Lab. Second in the list are corporations who would like to have anonymity about their stakeholders and suppliers both inside (between departments) and outside the corporation network. Also interested are "political dissidents"/"censored authors" for freedom of communication especially as many countries try to have strict surveillance (in the name of security) into traffic passing from/via them. Other parties can be anyone who would like to have some privacy (via anonymity).
ReplyDeleteThe authors are assuming (rather defending their cause) that "criminals" already have anonymity and it is the common person who will benefit from TOR.
I found it very interesting that the authors chose to not maintain the anonymity of the network users. I realize that the data, rather than the users themselves, is what really needs to be protected, but at the same time, people who use anonymizing services often want their identities, and not just their data, concealed.
ReplyDeleteThat's what hidden services and rendezvous points are doing. TOR's main aim is anonymity of the communication channel and not what flows through them.
Delete