Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Channels ▼
RSS

Security

Tor Project Protects Anonymous Sources


   



The second-generation onion routing technology embodied by the Tor project aims to provide a secure means of anonymous Internet use.


Many parties have a stake in providing, using, observing or even preventing anonymous Internet usage. These players range from multinational corporations to national governments to disenfranchised individuals. The most visible players are the Tor project itself and the Electronic Frontier Foundation, which once funded and still hosts the Tor project.


Tor provides anonymous Internet access for a variety of uses. Development is moving ahead, driven by open-source volunteerism, but the money needed to take the project mainstream has been limited, and questions remain whether there will be enough funding to ensure long-term viability. Also, the enterprise must decide what role Tor will play and if the legal grayness surrounding such privacy tools can be offset by the benefits. Tor is promising, but it may be prudent to wait and see how these issues pan out.

Encrypting internet communications is a great start in addressing privacy concerns. But encryption solves only part of the anonymity issue: It hides what is being said, but not who is communicating.

Anonymous services take that next step to protect the parties in an online communication. The Tor project. a network of servers deployed across the Internet, is intended to shield parties from prying eyes and ears. Tor ("the onion router") describes both the development project and related software created to advance the privacy technology. Tor also provides a feature called hidden services that lets servers remain anonymous and provides secure services exclusive to the Tor network that are not visible, nor available, to the Internet public.

Tor offers many practical uses, such as researching sensitive topics and ensuring you can view the same information as the general public on a competitor's Web site. And, it can protect your VPN connections.

As it exists now, Tor is close but not quite ready for widespread enterprise employment. The network relies on volunteers for nodes and bandwidth, leaving the reliability of the network dependent on the goodwill of others. Funding is growing but is still a concern. In addition, there are legal uncertainties you should examine before you think about publicizing Tor to your users.

LAYERS OF PROTECTION

The onion routing technology, so named for its layered encryption approach and developed by the U.S. Naval Research Lab, works by passing encrypted messages from server to server within a distributed network (see "Onion Routing Defined" at nwc.com/2007/0205). Each onion server within the Tor network receives the encrypted message and decrypts the addressing information for the next server. The rest of the message remains encrypted with a different key and is then sent to the next server in the path. Each server can decrypt only the layer intended for it. This layering of encryption and routes ensures that no single server knows the message being sent, where it originally came from or its final destination. This technique, along with frequently changing the network path used for messages, prevents detection by traffic pattern analysis.

However, the onion routing protocol is not tamper-proof. Using various techniques, such as timing traffic patterns and correlating sent traffic with exit nodes, interested parties can figure out that messages are being sent to or from certain servers. In addition, detailed analysis of message patterns can determine how often servers are used and thus make educated guesses about that usage. However, the message content is still encrypted and remains private as long as that encryption isn't broken.

Continue Reading This Story...


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.