Michael G. Reed

Anonymous connections and onion routing

Onion routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Onion routings anonymous connections are bidirectional, near real-time, and can be used anywhere a socket connection can be used. Any identifying information must be in the data stream carried over an anonymous connection. An onion is a data structure that is treated as the destination address by onion routers; thus, it is used to establish an anonymous connection. Onions themselves appear different to each onion router as well as to network observers. The same goes for data carried over the connections they establish. Proxy-aware applications, such as Web browsers and e-mail clients, require no modification to use onion routing, and do so through a series of proxies. A prototype onion routing network is running between our lab and other sites. This paper describes anonymous connections and their implementation using onion routing. This paper also describes several application proxies for onion routing, as well as configurations of onion routing networks.

Onion routing

reserving privacy means not only hiding the content of messages, but also hiding who is talking to whom (traffic analysis). Much like a physical envelope, the simple application of cryptography within a packet-switched network hides the contents of messages being sent, but can reveal who is talking to whom, and how often. Onion Routing is a general-purpose infrastructure for private communication over a public network [3, 4, 6]. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. The connections are bidirectional, near real-time, and can be used for both connection-based and connectionless traffic. Onion Routing interfaces with off-theshelf application software and systems through specialized proxies, making it easy to integrate into existing systems. Prototypes have been running since July 1997. At press time, the prototype network is processing more than one million Web connections per month from more than six thousand IP addresses in twenty countries and in all six main top level domains. Onion Routing operates by dynamically building anonymous connections within a network of real-time Chaum Onion Routing

Hiding Routing Information

This paper describes an architecture, Onion Routing, that limits a networks vulnerability to traffic analysis. The architecture provides anonymous socket connections by means of proxy servers. It provides real-time, bi-directional, anonymous communication for any protocol that can be adapted to use a proxy service. Specifically, the architecture provides for bi-directional communication even though no-one but the initiators proxy server knows anything but previous and next hops in the communication chain. This implies that neither the respondent nor his proxy server nor any external observer need know the identity of the initiator or his proxy server. A prototype of Onion Routing has been implemented. This prototype works with HTTP (World Wide Web) proxies. In addition, an analogous proxy for TELNET has been implemented. roxies for FTP and SMTP are under development.

Towards an analysis of onion routing security

This paper presents a security analysis of Onion Routing, an application independent infrastructure for traffic-analysis-resistant and anonymous Internet connections. It also includes an overview of the current system design, definitions of security goals and new adversary models.

Proxies for anonymous routing

Using traffic analysis, it is possible to infer who is talking to whom over a public network. This paper describes a flexible communications infrastructure, called onion routing, which is resistant to traffic analysis. Onion routing lies just beneath the application layer, and is designed to interface with a wide variety of unmodified Internet services by means of proxies. Onion routing has been implemented on a Sun Solaris 2.4; in addition, proxies for World Wide Web browsing (HTTP), remote logins (RLOGIN), e-mail (SMTP) and file transfers (FTP) have been implemented. Onion routing provides application-independent, real-time and bi-directional anonymous connections that are resistant to both eavesdropping and traffic analysis. Applications making use of onion routings anonymous connections may (and usually should) identify their users over the anonymous connection. User anonymity may be layered on top of the anonymous connections by removing identifying information from the data stream. Our goal is anonymous connections, not anonymous communication. The use of a packet-switched public network should not automatically reveal who is talking to whom; this is the traffic analysis that onion routing complicates.

Onion routing access configurations

Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Thus it hides not only the data being sent, but who is talking to whom. Onion Routings anonymous connections are bidirectional and near real-time, and can be used anywhere a socket connection can be used. Proxy aware applications, such as web browsing and e-mail, require no modification to use Onion Routing, and do so through a series of proxies. Other applications, such as remote login, can also use the system without modification. Access to an onion routing network can be configured in a variety of ways depending on the needs, policies, and facilities of those connecting. This paper describes some of these access configurations and also provides a basic overview of Onion Routing and comparisons with related work.

Protocols Using Anonymous Connections: Mobile Applications

This paper describes security protocols that use anonymous channels as primitive, much in the way that key distribution protocols take encryption as primitive. This abstraction allows us to focus on high level anonymity goals of these protocols much as abstracting away from encryption clarifies and emphasizes high level security goals of key distribution protocols. The contributions of this paper are (1) a notation for describing such protocols, and (2) two protocols for location protected communication over a public infrastructure.

Private Web browsing

Abstract : This paper describes a communications primitive, anonymous connections, that supports bidirectional and near real-time channels that are resistant to both eavesdropping and traffic analysis. The connections are made anonymous, although communication need not be. These anonymous connections are versatile and support private use of many different Internet services. For our purposes, privacy means maintaining the confidentiality of both the data stream and the identity of communicating parties. These are both kept confidential from network elements as well as external observers. Private Web browsing is achieved by unmodified Web browsers using anonymous connections by means of HTTP proxies. Private Web browsing may be made anonymous too by a specialized proxy that removes identifying information from the HTTP data stream. This article specifies anonymous connections, describes our implementation, and discusses its application to Web browsing via HTTP proxies.