What is onion routing? Onion routing is a communications technique that prevents traffic analysis of transmissions. Using traffic analysis, a party can determine who is communicating with whom, even if they can't read the message. Onion routing prevents this by hiding each step of the communication within a "layer." When communicating using onion routing, a message, for instance, is wrapped within layers of encrypted data. This encrypted data contains the standard routing information for TCP/IP messages. Once encrypted, the message is sent to the first server (or "onion layer"). This server decrypts the routing information. However, it can decrypt only the information intended for it. All other routing information remains encrypted. Once this server can determine where the message should be sent next, it is transmitted. Upon receiving the message, the second server decrypts the message. Again, it can decrypt only the information intended for it. Once it knows the next destination, it transmits the message. The third server will do the same. This continues until the message reaches its target. Any response is then encrypted in the same way, though it may use a different path through the network, and then transmitted. In this way, a message is wrapped within layers of encryption, like an onion, to be unwrapped along the way until the final destination is reached. Since there is no way to know a message's ultimate destination or source, traffic analysis cannot be used to determine who is having the conversation.
Strictly speaking, the Tor project doesn't use onion routing as originally conceived. It uses a modification called "telescoping path-building." This technique addresses a weakness of the onion routing specification: namely, a single node could force other nodes to decrypt traffic. In the telescoping technique, the message initiator negotiates session keys with each hop in the message path, thereby preventing any node from knowing the session keys or encryption information of any other node. However, it is common to refer to Tor as using onion routing. --Pete Payne
Pete Payne is a software programming consultant with Kforce, a nationwide consulting firm, and is currently working at Wisconsin Public Service. Write to him at [email protected].