TOR: introduction

TOR stands for “The Onion Router”.

It is a network designed to protect its users anonymity by routing the user’s TCP/IP traffic through multiple layers of encryption and multiple proxy nodes, obfuscating the user’s real IP address.

The proxy nodes are contributed by network volunteers,  mostly in a distributed and decentralized fashion.

Web servers are normally unable to detect the user’s real IP, as traffic seems to originate from the last proxy node in the user’s TOR proxy chain (a.k.a. TOR circuit).

A TOR circuit is typically composed by:

  • the user’s real IP
  • 3 TOR nodes
    • 1 Entry node
    • 1 intermediate node
    • 1 Exit node

Traffic is encrypted using several “onion layers”, for TCP/IP connections (UDP is not supported), as follows (simplified):

  • A data packet (DP1) is encrypted with the Exit Node’s public key
    • P1 = PKexit(DP1)
  • The encrypted packet is again encrypted with the Intermediate  Node’s public key:
    • P2 = PKiterm( PKexit(DP1) )
  • The encrypted packet is again encrypted with the Entry Node’s public key:
    • P3 = PKentry ( PKiterm( PKexit(DP1) ) )

Each node only knows the preceding and following node. No node gets to “know” the complete circuit.

TOR can be useful in a number of situations, for example:

  • protect whistle blowers identity
  • circumvent network censorship in censored regions
  • NGOs communicating with its volunteers in a foreign country
  • users can publish web sites without needing to reveal the location of the site (using TOR’s hidden services)

Nevertheless, TOR must be used carefully, so that no “real IP” address leaks or other identity leaks occur (more info here (TOR Overview) ). Attention must also be paid to the risk of possible attacks from powerful adversaries, such as governments and agencies.

Usually a “TOR Browser” is used in combination with TOR. The TOR Browser is a modified version of the official Mozilla Firefox web browser. It usually disables dangerous features for anonymity, such as javascript, cookies and direct TCP/IP connections (it always routes all connection through the TOR network).

TOR Browser

To connect to the TOR network, a user usually has to install the “TOR Client” in its device or network. You can download it at here (TOR project official site)

I’ll be exploring “TOR Client” low-level features in future posts.

[UPDATED with the new posts:]




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s