Onion Routing

8/2/2019 Onion Routing

1/19

BySrianka07951A0591CSE 4B


2/19

It provides the technique for anonymouscommunication.

Main Ideais to protect the details of senderand receiver of a message and also its

content from attackers (Active and Passiveattackers)


3/19

This technique was originally developed byU.S Navy to hide the true origin of packets onan IP network.


4/19

Prevents Eaves Dropping

on a message content. Prevents traffic analysis.


5/19

Messages travel from source to destination

via a sequence of proxies known asONION ROUTERS.

It is known Chaums Mix Cascades Principle


6/19

The message sent by the sender will berepeatedly encrypted and then sent throughseveral network nodes (Onion Routers).

Each Router moves a layer of encryption touncover routing instructions and sends themessage to the next router where this isrepeated.

This prevents these intermediary nodes fromknowing the origin , destination and contentsof the message.


7/19


8/19

Defining a route

Constructing an anonymous connection

Moving data through an anonymous connection Destroying the anonymous connection


9/19

Let onion routers 4, 3, and 5 be randomly selectedby the onion proxy


10/19

The proxy encrypts the data with 5s public key followedby 3 and then 4

Thus an onion is created which looks like

E4pu (3s IP address, E3pu ((5s IPaddress, (E5pu (recipients IP address,data)))))

Cont..


11/19

From 3 to 4

From 4 to 5

From 5 to theDestination

Initially at router 3

(Packet from Proxy)

At the destination after

removing all the layers


12/19


13/19

The size of the onion reduces as it nears thedestination. Hence an attacker can infer detailsabout the destination.

To avoid this onions are padded at each onionrouter to maintain the size of the onion (Onionscan be padded to same or different sizes )

Every onion router has details of only its previousand next hop

So even if an onion router has been compromisedthe attacker can only get the encrypted onion .Hewill not be able to decrypt the onion without theprivate keys and hence will not infer any valuableinformation from it


14/19

Suppose an attacker records data going onbetween routers and is able to compromise arouter at a later stage, to acquire private key anddecrypt data.

This can be avoided by using a session keybetween communicating parties.

The session key is used to encrypt data and is valid

only for the duration of the communication.


15/19

Packet delivery is not ensured : If an onion routerfails on the way then the message will not reachthe destination.

It is susceptible to denial of service attacks: Doneby sending many packets to the routers to performmore number of cryptographic operations andstops forwarding the packets (This can be avoidedby using puzzles -those are to be answered by the

sender

but latency increases)


16/19

Wireless Anonymous Routing Protocol(WAR):Itis based on onion routing and traffic mixing. Herethe keys are distributed using a RadioGram.

Secure Distributed Anonymous RoutingProtocol (SDAR):This protocol is also based ononion routing. It does not require the source nodeto know the entire network topology unlike theprevious WAR protocol.


17/19

So by using the above technology oneimplementation came into existence knownas TOR (The Onion Router)- a secondgeneration onion router- it overcomes the

problems of first generation onion routing,and also helps in preventing from manyattacks.


18/19

QUERIES????????


19/19

THANK YOU

Onion Routing

Documents

Transcript of Onion Routing