1
2
3
4
5
6
7
8
9
|
Tor: Onion Routing Hits the Big Time
The idea of onion routing is not new. In the past, however, attempts at developing onion routing networks have met with less than success. Performance, security, scalability, and incentive have, usually in tandem, brought previous attempts down. Tor, introduced in a self-titled paper by Roger Dingledine et al., is a so-called "second generation" onion routing design and implementation. It seeks to solve many of the problems that plagued earlier onion routers, and does successfully address many important concerns.
Onion routing is an abstract system of message routing in which a user performs multiple layers of encryption on a message prior to sending it. As the message travels through a known set of routers, each router "peels off" a layer of encryption to which it alone is privy. When the message arrives at its destination, the only remaining encryption is removable by the user on the other end of the pipe. Tor improves upon simplistic onion routing by achieving full forward secrecy, using a standardized TCP application protocol (SOCKS), lowering overhead by multiplexing TCP streams through single circuits, improving congestion control, and a wide array of other things. Onion routers themselves can be run by volunteers and configured to those volunteers' specifications, allowing the network to grow indefinitely without centralized effort. As of 2004, Tor is an available product, running on machines around the world. Its creators have seen their arguments justified by widespread adoption of those arguments and the product they created.
The authors' paper, "Tor: The Second-Generation Onion Router," is actually very well constructed. While it is arguably lacking a lot of information and analysis, it is not thanks to incompetence, but rather by design. The goals set by the creators were very clear, and did not include certain obvious, and very desirable goals. Most of the goals motivating SlyFi (true anonymity) are missing from Tor. By the authors' own admission, their low-latency anonymity network is still vulnerable to profiling and end-to-end traffic confirmation. To their credit however, Dingledine et al. spend a good deal of time discussing these issues, as well as the obvious directions for further research in the near future.
Despite the long laundry list of open questions included at the end of the paper, it's safe to say that the two broad categories of unsolved problem are a) increase in security and anonymity, and b) decrease in latency and general increase in performance (including scalability). Tor, while being a rather successful "low-latency" anonymous communication service, is quite slow. For some applications it is prohibitively so. As previously mentioned, there are also a wide variety of known areas where security is weak or easily improved. What makes this a particularly weighty pair of research areas is that they are inherently in opposition. Greater security most often comes at the cost of performance, and vice versa. It is for this reason that these two concerns are perhaps some of the most important that researchers in this field, and in the broader field of computer security, face.
|
