Tor: The Second-Generation Onion Router

  title={Tor: The Second-Generation Onion Router},
  author={Roger Dingledine and Nick Mathewson and Paul F. Syverson},
  booktitle={USENIX Security Symposium},
We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or… 

Figures from this paper

Resisting Traffic Analysis on Unclassified Networks

This second-generation Onion Routing system adds to the first-generation design with perfect forward secrecy, congestion control, directory servers, integrity checking, variable exit policies, and a practical design for rendezvous points.

Drac: An Architecture for Anonymous Low-Volume Communications

Drac is a system designed to provide anonymity and unobservability for real-time instant messaging and voice-over-IP communications against a global passive adversary using a relay based anonymization mechanism.

UDP-OR: A Fair Onion Transport Design

This paper presents a design for a end-to-end inspired transport mechanism for onion routers that uses the same solutions and implementations that had made the Internet scale and shows initial benefits of the design.

Onion Routing and Online Anonymity

The usability of both the client and server software currently released by the Tor project enhances the security of the network by providing more cover traffic and more redirection options for all users and concludes with potential future developments of the onion routing concept and improvements that could be made to Tor.

Key Management for Onion Routing in a True Peer to Peer Setting

Tor implements a distributed directory listing the relays and their keys so that when a user is not able to communicate with relays directly, he has to use special bridge servers to connect to the onion network.

LASTor: A Low-Latency AS-Aware Tor Client

LASTor, a new Tor client that addresses shortcomings in Tor with only client-side modifications and an efficient and accurate algorithm to identify paths on which an AS can compromise anonymity by traffic correlation, is developed.

Fully non-interactive onion routing with forward secrecy

A new onion routing protocol is put forward which outperforms TOR by achieving forward secrecy in a fully non-interactive fashion, without requiring any communication from the router and/or the users and the service provider to update time-related keys.

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer

This work proposes TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead.

A RouterUpdate Method for Tor Anonymous Communication System

The network layout, working flow, the RouterUpdate method of establishing a virtual circuit and data sending or receiving in Tor system are introduced and a method to help the Tor client using all the applications whether or not using the SOCKS is introduced.

Efficient and Secure Identity-Based Onion Routing

This paper presents a novel identity-based onion routing protocol that allows users to establish anonymous channels over a public network by embedding a circuit construction into the non-interactive message delivery process.



Hiding Routing Information

This paper describes an architecture, Onion Routing, that limits a network's vulnerability to traffic analysis and provides real-time, bi-directional, anonymous communication for any protocol that can be adapted to use a proxy service.

Onion routing access configurations

Access to an onion routing network can be configured in a variety of ways depending on the needs, policies, and facilities of those connecting, and some of these access configurations are described.

Real-time mixes: a bandwidth-efficient anonymity protocol

The detailed protocols for the narrow-band ISDN (integrated services digital network), although the heart of the techniques-anonymous channels-can also be applied to other networks.

Anonymous connections and onion routing

A detailed specification of the implemented onion routing system, a vulnerability analysis based on this specification, and performance results are provided.

P5: A protocol for scalable anonymous communication

A novel feature of P5 is that it allows individual participants to trade-off degree of anonymity for communication efficiency, and hence can be used to scalably implement large anonymous groups.

Mixminion: design of a type III anonymous remailer protocol

Mixminion works in a real-world Internet environment, requires little synchronization or coordination between nodes, and protects against known anonymity-breaking attacks as well as or better than other systems with similar design parameters.

Herbivore: A Scalable and Efficient Protocol for Anonymous Communication

Herbivore is described, a peer-to-peer, scalable, tamper-resilient communication system that provides provable anonymity and privacy and simultaneously provides high efficiency and scalability, distinguishing it from other anonymous communication protocols.

Tarzan: a peer-to-peer anonymizing network layer

Measurements show that Tarzan imposes minimal overhead over a corresponding non-anonymous overlay route, and Protocols toward unbiased peer-selection offer new directions for distributing trust among untrusted entities.

A Protocol for Scalable Anonymous Communication

A novel feature of (Peer-to-Peer Personal Privacy Protocol) is that it allows individual participants to trade-off degree of anonymity for communication efficiency, and hence can be used to scalably implement large anonymous groups.

The Free Haven Project: Distributed Anonymous Storage Service

A design for a system of anonymous storage which resists the attempts of powerful adversaries to find or destroy any stored data is presented, and a way to classify anonymous systems based on the kinds of anonymity provided is suggested.