The infrastructure of Onion Routing and how it works for providing anonymity over a public network
Onion Routing
encompasses basic structural processes through which the system is accessed.
First, it comprises of an onion proxy which specifies the route through which
an application proxy links by generating a layered structural data known as an
onion (Reed, Syverson & Goldschlag, 1998). The second feature is an entry
funnel which incorporates the onion into multiplex links to the network at the
onion router (Reed et al., 1998). Exit funnel is the last structure, and it
controls data between the system and the associated responder. Even though
these structures perform different functions, the key objective is to access an
onion routing network. Their functionality, therefore, relates to the biblical
concept on performance mentioned in 1st Corinthians 12:5 which says, “Although
there are various kinds of services, it is the same God we serve” (Proctor,
2015). This verse illustrates that although individuals may have multiple
worship practices, they are directed to serving one God. Accordingly, whereas,
there are different operations involved, the major objective is to create the
onion routing network.
Notably, the router’s
public keys are particularly employed in creating an anonymous network.
Nonetheless, after the establishment of the private system, the onion proxy
attaches an encryption layer to every onion router in the direction to hide the
data contents, its source, and destination (“Onion Routing,” n.d.).
Subsequently, as the data passes through the anonymous link, every onion router
takes off encryption covering, so it reaches the responder as plaintext. That
is, every router applies its shared keys in decrypting the data as it moves
down the circuit, so it completely decodes data at the other end (“Onion
Routing,” n.d.). This makes it strenuous for an observer to predict the path
that data follows through the network.
Explaining how an Onion
Routing network is resistant to both network eavesdropping and traffic analysis.
Several internet users
have employed the use of onion routing in protecting their data against
eavesdropping and traffic analysis. Onion routing does this through the use of
firewall configuration, which is an onion router that sits on the sensitive
side of the firewall (Reed et al., 1998). The router acts as the interface
between the external system and the machines behind the firewall. These
connections are secured against traffic analysis or eavesdropping since the
stream of data does not appear in the public network. Besides, users can apply
firewall configuration to direct other onion routers to complicate tracking of
data within the sensitive site (Reed et al., 1998). Moreover, the onion router
at the initially safeguarded site is sensible of both the destination and
source of a connection, therefore, securing connection anonymity from external
observers.
Also, the configuration
establishes anonymous links between two critical sites, thus assisting the
onion routing in hiding communication from outsiders. Other techniques, such as
the customer-ISP and remote proxy configurations, also assist in managing
traffic analysis and eavesdropping in case of loopholes during interaction
(Reed et al., 1998). The resistance technique of the onion routing to both
eavesdropping and traffic analysis follows a biblical perspective on security
and identity. In 61:3, “For you have a place of safety, a powerful tower
against the enemy” (Anderson, 2020). According to this verse, King David is
convinced that God is his refuge against his foes and therefore feels secure.
Correspondingly, the firewall configuration acts as a refuge for its users
against computer enemies who would steal their information or track the flow of
their data. Therefore, with onion routing, clients communicate confidently over
a public network.
The design of Tor
Tor is a second-generation
onion routing browser that provides low-latency anonymous communication
service. It offers solutions to the limitations of the initial onion routing
network (“Usenix,” n.d.). The browser’s design is founded on the ESR Firefox
branch and includes a sequence of patches that improve the security and privacy
of data. The management and configuration of Tor process are accomplished
through the use of Launcher addon, which offers bootstrap progress and splash
screen to the original Tor configuration (Perry et al., 2017). Besides, the
browser uses HTTPS-Everywhere to assist in securing users’ information against
potential Tor Exit Node eavesdroppers. The browser is also designed with a
NoScript, which is an optional in-depth defense against JavaScript and other
possible exploit vectors.
Also, Tor provides its
users with various Pluggable Transports that offer censorship solutions in case
an IP or protocol fingerprint blocks the public Tor network. These Tor designs
are constructed to enable users to browse confidently and explore the web
freely (“Tor Project,”n.d.). These layouts indicate how the company values the
security and liberty of its customers. The company’s considerate nature is
following a biblical conception. According to the book of Philippians 2:4, “Let
each of you be concerned not in own interests but also for others” (Holloway,
2017). This verse encourages individuals also to consider other people’s
priority as they would to themselves. Concerning this, the Tor Project Company
is as well not only interested in gaining profits but also considers the needs
of its customers as far as using the Tor browser is concerned.
Compare Tor and the
original Onion Routing. Show the improvements of the Tor design made over Onion
Routing.
Multiple improvements
were made on Tor to circumvent the limitations that existed in the original
Onion Routing. The first advancement was on perfect forward secrecy. The
Original Onion Routing network had a hostile node that could track traffic
records and further compromise consecutive nodes within the circuit, forcing
them to perform decryption. However, Tor employs an incremental path building
layout where the initiator negotiates session keys with every consequent hop
within the channel (“Usenix,” n.d.). Therefore, after the deletion of these
keys, the compromised nodes can no longer decrypt the initial traffic. The
second improvement on Tor concerns the disconnection of protocol cleaning from
anonymity. Originally, onion routing needed an independent application proxy
for every supported protocol application, which was mostly not ever committed
on paper and resulted in unsupported (“Onion Routing,”n.d.). On the contrary,
Tor uses qualified and near-ubiquitous proxy interface SOCKS hence provides
support on most TCP-based applications without any alterations.
The next enhancement was
on the various TCP streams that could share a single circuit. Initially, the
onion routing had an independent channel for every application-level request
and needed several public key operations for each application (“Usenix,” n.d.).
However, Tor multiplexes various streams of TCP along each circuit to enhance
the anonymity and efficiency of data. The other upgrade concerns leaky-pipe
loop topology. Unlike the original onion routing, the initiators of Tor can
control traffic to the nodes partway down the circuit, therefore, enabling
traffic to exit the loop from the middle (“Onion Routing,”n.d.). Considering
the directory server, the initial onion routing used an unreliable and complex
flood state of information through the network. Conversely, Tor uses a clear
perspective in allocating such information and utilizes more honest nodes that
act as a directory server.