Onion Routing

The Onion Routing project researches, designs, builds, and analyzes anonymous communications systems. The focus is on systems for Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network.

This protection is given independent of whether the identity of the initiator of a connection (the sender) is hidden from the responder of the connection, or vice versa. The sender and receiver may wish to identify and even authenticate to each other, but do not wish others to know that they are communicating. The sender may wish to be hidden from the responder. There are many ways that a web server can deduce the identity of a client who visits it; several test sites can be used to demonstrate this. A filtering proxy can be used to reduce the threat of identifying information from a client reaching a server. Onion Routing currently makes use of the Privoxy filter for this purpose.

During its operating period of roughly two years, over twenty million requests were processed by the initial prototype Onion Routing network that ran on a local NRL testbed. An average of over 50,000 hits per day occured during the final months, or more than 1 million connections per month. Peak reported load of 84,022 connections occured on 12/31/98.

Development of the second-generation onion routing system (called Tor) is ongoing. Tor adds perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for rendezvous points. There are currently about twenty Tor nodes distributed throughout the US and Europe and at least hundreds of users. (The protection afforded by the system makes it difficult to determine the number of users or application connections.) The code and documentation is available under a free license. Check out the development site for details.




Official Links:

Department of the Navy

Office of Naval Research

Freedom of Information Act

Navy Recruiting

US Naval Research Lab
4555 Overlook Ave., SW
Washington, DC 20375

This Is An Official U.S. Navy Web Site operated by the Center for High Assurance Computer Systems in the Information Technology Division of the US Naval Research Lab

The appearance of external hyperlinks does not constitute endorsement by the United States Department of Defense, the United States Department of the Navy and The Naval Research Laboratory of the linked web sites, or the information, products or services contained therein. For other than authorized activities such as military exchanges and Morale, Welfare and Recreation (MWR) sites, the United States Department of Defense, the Department of the Navy and The Naval Research Laboratory does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD web site.

PRIVACY POLICY

Page maintained by Onion-Info (onion-info@itd.nrl.navy.mil)