Understanding TOR: The Onion Router

Introduction

In an increasingly digital world, privacy has become a concern for many. As internet users, we often leave behind digital footprints that can be tracked by websites, service providers, or even malicious actors. One tool that has gained popularity for protecting online privacy is TOR—short for The Onion Router. This article delves into how TOR works, its advantages, limitations, and its role in maintaining online anonymity.

The difference between privacy and anonymity

Privacy and anonymity are related but distinct concepts, particularly in the context of digital interactions.

Privacy refers to controlling access to your personal information and protecting it from unauthorized entities. It's about deciding who can know certain details about you, such as your location, habits, and communication. Privacy ensures that even though you might be identified, sensitive details remain protected.

Anonymity, on the other hand, means that you cannot be identified at all, or your identity is hidden. In an anonymous context, it doesn't matter what information is being shared, as no one can trace it back to you specifically.

How Does TOR Work?

At a high level, TOR obscures a user’s identity by encrypting their internet traffic multiple times and sending it through various relays (nodes) spread across the globe. The path taken through these nodes is random and changes for every session, making it harder for any observer to track the traffic back to the user. The journey through TOR consists of three key nodes:

Entry Node (Guard Node): The first node that receives the user’s traffic. It knows the user’s IP address, but not the final destination.

• What it sees: The Entry Node, sometimes called the Guard Node, knows the user's real IP address because it is the first point of contact for the user’s traffic. However, the Entry Node doesn’t know the final destination (i.e., the website or service the user wants to access) because the traffic is encrypted multiple times before it leaves the user’s computer.
• What it doesn’t see: The Entry Node doesn’t see the content of the traffic or the final destination. It only sees that traffic is being routed into the TOR network, but it has no idea where the traffic will exit or what the user is doing.

Middle Node: The middle relay which passes the encrypted data along. It only knows the entry and exit nodes, keeping the user’s IP address hidden.

• What it sees: The Middle Node is a critical component of TOR’s anonymity structure. It only knows the IP addresses of the previous (Entry Node) and next (Exit Node) nodes in the circuit. It sees neither the user's real IP address nor the final destination of the traffic. It only knows that it received traffic from the Entry Node and that it must pass this traffic to the Exit Node.
• What it doesn’t see: It has no visibility into the user's identity or where the traffic originated. Since the traffic is still wrapped in layers of encryption, the Middle Node has no visibility into the content or the final destination. It only passes the data along.

Exit Node: The last node that forwards traffic to the final destination. It sees the final destination but not the user’s IP address, ensuring anonymity.

• What it sees: The Exit Node is the last node before the traffic leaves the TOR network and reaches its final destination. The Exit Node sees the final destination IP address (i.e., the website or service the user is accessing) and any unencrypted content of the traffic. However, the Exit Node does not know the original source IP of the traffic (the user's IP), only the IP address of the Middle Node.
• What it doesn’t see: The Exit Node has no way of knowing the user's real IP address or the earlier steps in the chain (like the Entry or Middle Nodes).

IP Addresses Seen by Each Node

• Entry Node: Sees the user’s real IP address but does not know the final destination.
• Middle Node: Sees the IP addresses of the Entry and Exit Nodes, but not the user’s real IP or the destination.
• Exit Node: Sees the final destination’s IP address (e.g., the website being accessed) but not the user’s real IP.

Vulnerabilities and Considerations

• Exit Node Monitoring: Since the Exit Node can see unencrypted traffic, users should ensure that their destination uses HTTPS. Otherwise, sensitive information like login credentials could be exposed. The Exit Node operator, if malicious, could monitor this unencrypted traffic.
• Entry Node Targeting: While the Entry Node knows the user’s IP address, it cannot know the destination. However, an adversary that controls the Entry Node could attempt to correlate traffic patterns with known traffic going through the Exit Node to de-anonymize users. This is why TOR frequently rotates the circuit used for different sessions.

An adversary controlling the Entry (Guard) Node could attempt a traffic correlation attack. Though the Entry Node doesn’t know the final destination, it can observe the timing, size, and volume of the traffic originating from the user. If the adversary also controls the Exit Node or monitors traffic at the destination, they could compare traffic patterns between the two points.

By analyzing the timing and volume of data entering the TOR network (via the Entry Node) and leaving it (via the Exit Node), they could potentially match traffic flows and de-anonymize the user. This attack relies on statistical correlation, not direct access to the content.

TOR mitigates this by rotating circuits regularly, making it harder for adversaries to gather enough data for effective correlation.

Encryption in TOR

TOR (The Onion Router) is named after its unique encryption model, which functions like layers of an onion. Each layer of encryption is designed to protect user anonymity by ensuring that no single node in the network knows both the origin and destination of the traffic. The process relies on multi-layer encryption to safeguard user data as it passes through various nodes.

How TOR Encryption Works:

Multi-Layer Encryption (Onion Encryption): When a user sends traffic through TOR, their data is encrypted in multiple layers. Each layer corresponds to one of the three nodes in the TOR network: Entry Node, Middle Node, and Exit Node. This ensures that each node only decrypts enough information to know where to send the traffic next, but no single node can uncover the entire route.

Plain Data:

When a user wants to send a request (e.g., visiting a website), the initial data is in its plain form. For instance, the request might look like this:

GET / HTTP/1.1
Host: example.com        

Layer 1: Encryption for the Exit Node:

The first step is to encrypt the plain data using the public key of the Exit Node (C). This is the innermost layer of encryption.

After this encryption, the data looks like this (encrypted form):

Encrypted Layer 1 (for Exit Node C): {Encrypted GET / HTTP/1.1 Host: example.com}        

Layer 2: Encryption for the Middle Node:

Next, the encrypted data from Layer 1 is wrapped in another layer of encryption using the public key of the Middle Node (B).

The data now appears as:

Encrypted Layer 2 (for Middle Node B): {Encrypted Layer 1}        

Layer 3: Encryption for the Entry (Guard) Node:

Finally, the data from Layer 2 is encrypted one more time using the public key of the Entry Node (A).

The complete structure of the data now looks like this:

Encrypted Layer 3 (for Entry Node A): {Encrypted Layer 2}        

The Role of HTTPS:

• End-to-End Encryption:Once the encrypted data reaches the Exit Node, it is decrypted to reveal the original request (GET / HTTP/1.1). If the user is accessing an HTTPS website, the data is further encrypted using HTTPS.HTTPS (Hypertext Transfer Protocol Secure) employs TLS (Transport Layer Security) to encrypt the data between the user’s browser and the destination website. This means that even after the TOR network, the data remains encrypted as it travels to the final destination.
• Layered Security:The combination of TOR and HTTPS provides robust security. While TOR anonymizes the user’s identity and location, HTTPS ensures that the content of the communication remains confidential and protected from eavesdropping.
• Final Communication:After decryption at the Exit Node, if the destination website supports HTTPS, the data is transmitted securely, keeping it safe from potential attackers who might be monitoring the Exit Node. The HTTPS encryption layer is applied after TOR has already anonymized the user's traffic.

Conclusion

The TOR network utilizes a multi-layer encryption process to enhance user privacy and anonymity while browsing the internet. By wrapping data in layers of encryption corresponding to each node, TOR prevents any single node from knowing both the user's identity and destination.

When paired with HTTPS, TOR offers an additional layer of security by encrypting communication content, safeguarding it from eavesdropping even at the exit point. This dual-layered approach complicates traffic analysis attacks, making it difficult for adversaries to correlate traffic patterns and de-anonymize users.

In summary, the synergy between TOR’s encryption and HTTPS fosters a robust security framework, ensuring users can navigate the web securely and privately.