Paul Syverson
ABSTRACT
Onion routing was invented more than fifteen years ago to separate identification from routing in network communication. Since that time there has been much design, analysis, and deployment of onion routing systems. This has been accompanied by much confusion about what these systems do, what security they provide, how they work, who built them, and even what they are called. Here I give an overview of onion routing from its earliest conception to some of the latest research, including the design and use of Tor, a global onion routing network with about a half million users on any given day.
- Alessandro Acquisti, Roger Dingledine, and Paul Syverson. On the economics of anonymity. In Rebecca N. Wright, editor, Financial Cryptography, 7th International Conference, FC 2003, pages 84--102. Springer-Verlag, LNCS 2742, 2003.Google Scholar
- Adam Back, Ian Goldberg, and Adam Shostack. Freedom systems 2.0 security issues and analysis. White paper, Zero Knowledge Systems, Inc., October 2001. The attributed date is that printed at the head of the paper. The cited work is, however, superceded by documents that came before Oct. 2001, e.g., {3}.Google Scholar
- Adam Back, Ian Goldberg, and Adam Shostack. Freedom systems 2.1 security issues and analysis. White paper, Zero Knowledge Systems, Inc., May 2001.Google Scholar
- Adam Back, Ulf Möller, and Anton Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In Ira S. Moskowitz, editor, Information Hiding: 4th International Workshop, IH 2001, pages 245--257, Pittsburgh, PA, USA, April 2001. Springer-Verlag, LNCS 2137. Google ScholarDigital Library
- Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. Low-resource routing attacks against Tor. In Ting Yu, editor, WPES'07: Proceedings of the 2007 ACM Workshop on Privacy in the Electronic Society, pages 11--20. ACM Press, October 2007. Google ScholarDigital Library
- Oliver Berthold, Hannes Federrath, and Stefan Köpsell. Web MIXes: A system for anonymous and unobservable Internet access. In Hannes Federrath, editor, Designing Privacy Enhancing Technologies: International Workshop on Design Issues in Anonymity and Unobservability, pages 115--129. Springer-Verlag, LNCS 2009, July 2000. Google ScholarDigital Library
- Philippe Boucher, Adam Shostack, and Ian Goldberg. Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc., December 2000.Google Scholar
- Zach Brown. Cebolla: Pragmatic IP anonymity. In Proceedings of the 2002 Ottawa Linux Symposium, June 2002.Google Scholar
- David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 4(2):84--88, February 1981. Google ScholarDigital Library
- Wei Dai. Pipenet, February 1995. Original suggestion posted to the cypherpunks mailing list in Feb. 1995. Later versions are in the Free Haven Anonymity Bibliography.Google Scholar
- George Danezis, Claudia Diaz, and Paul Syverson. Anonymous communication. In Burton Rosenberg, editor, Handbook of Financial Cryptography. CRC Press, 2010.Google ScholarCross Ref
- George Danezis, Roger Dingledine, and Nick Mathewson. Mixminion: Design of a type III anonymous remailer protocol. In Proceedings, 2003 IEEE Symposium on Security and Privacy, pages 2--15, Berkeley, CA, May 2003. IEEE Computer Society. Google ScholarDigital Library
- George Danezis and Paul Syverson. Bridging and fingerprinting: Epistemic attacks on route selection. In Nikita Borisov and Ian Goldberg, editors, Privacy Enhancing Technologies: Eighth International Symposium, PETS 2008, pages 151--166. Springer-Verlag, LNCS 5134, July 2008. Google ScholarDigital Library
- Roger Dingledine. Strategies for getting more bridge addresses. https://blog.torproject.org/blog/strategies-getting-more-bridge-addresses, May 2011.Google Scholar
- Roger Dingledine and Nick Mathewson. Anonymity loves company: Usability and the network effect. In Ross Anderson, editor, Fifth Workshop on the Economics of Information Security (WEIS 2006), June 2006.Google Scholar
- Roger Dingledine and Nick Mathewson. Design of a blocking-resistant anonymity system (draft). https://svn.torproject.org/svn/projects/design-paper/blocking.html, November 2006.Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, pages 303--319. USENIX Association, August 2004. Google ScholarDigital Library
- Roger Dingledine, Nick Mathewson, and Paul Syverson. Challenges in deploying low-latency anonymity (draft). NRL CHACS Report 5540--625, 2005.Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. Deploying low-latency anonymity: Design challenges and social factors. IEEE Security & Privacy, 5(5):83--87, September/October 2007. Google ScholarDigital Library
- Matthew Edman and Paul Syverson. AS-awareness in Tor path selection. In Somesh Jha, Angelos D. Keromytis, and Hao Chen, editors, CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 380--389. ACM Press, 2009. Google ScholarDigital Library
- Matthew Edman and Bülent Yener. On anonymity in an electronic society: A survey of anonymous communication systems. ACM Computing Surveys, 42(1), 2010. Google ScholarDigital Library
- Nick Feamster and Roger Dingledine. Location diversity in anonymity networks. In Sabrina De Capitani di Vimercati and Paul Syverson, editors, WPES'04: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pages 66--76, Washington, DC, USA, October 2004. ACM Press. Google ScholarDigital Library
- Joan Feigenbaum, Aaron Johnson, and Paul Syverson. Preventing active timing attacks in low-latency anonymous communication {extended abstract}. In Mikhail J. Attallah and Nicholas J. Hopper, editors, Privacy Enhancing Technologies: 10th International Symposium, PETS 2010, pages 166--183. Springer-Verlag, LNCS 2605, July 2010. Google ScholarDigital Library
- Michael J. Freedman and Robert Morris. Tarzan: A peer-to-peer anonymizing network layer. In Vijay Atluri, editor, Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pages 193--206. ACM Press, 2002. Google ScholarDigital Library
- Ian Goldberg and Adam Shostack. Freedom 1.0 security issues and analysis. White paper, Zero Knowledge Systems, Inc., November 1999.Google Scholar
- Ian Goldberg and Adam Shostack. Freedom network 1.0 architecture and protocols. White paper, Zero Knowledge Systems, Inc., October 2001. The attributed date is that printed at the head of the paper. The cited work is, however, superceded by documents that came before Oct. 2001. The appendix indicates a change history with changes last made November 29, 1999. Also, in {25} the same authors refer to a paper with a similar title as an "April 1999 whitepaper".Google Scholar
- David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Hiding routing information. In Ross Anderson, editor, Information Hiding: First International Workshop, pages 137--150. Springer-Verlag, LNCS 1174, May 1996. Google ScholarDigital Library
- Ceki Gülcü and Gene Tsudik. Mixing E-mail with Babel. In Proceedings of the Symposium on Network and Distributed Security Symposium - NDSS '96, pages 2--16. IEEE, February 1996. Google ScholarDigital Library
- Sabine Helmers. A brief history of anon.penet.fi - the legendary anonymous remailer. CMC Magazine, September 1997.Google Scholar
- Aaron Johnson and Paul Syverson. More anonymous onion routing through trust. In 22nd IEEE Computer Security Foundations Symposium, CSF 2009, pages 3--12, Port Jefferson, New York, USA, July 2009. IEEE Computer Society. Google ScholarDigital Library
- Aaron Johnson, Paul Syverson, Roger Dingledine, and Nick Mathewson. Trust-based anonymous communication: Adversary models and routing algorithms. In George Danezis, Vitaly Shmatikov, and Dongyan Xu, editors, CCS'11: Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM Press, 2011. Google ScholarDigital Library
- JonDonym -- the internet anonymisation service. https://www.jondos.de/en/, 2008. Commercial version of the Java Anon Proxy (JAP). Initially published description in {6}.Google Scholar
- Aniket Kate and Ian Goldberg. Using Sphinx to improve onion routing circuit construction (extended abstract). In Radu Sion, editor, Financial Cryptography and Data Security, 14th International Conference, FC 2010, Revised Selected Papers, pages 359--366. Springer-Verlag, LNCS 6052, 2010. Google ScholarDigital Library
- Aniket Kate, Greg Zaverucha, and Ian Goldberg. Pairing-based onion routing. In Nikita Borisov and Philippe Golle, editors, Privacy Enhancing Technologies: 7th International Symposium, PET 2007, pages 95--112. Springer-Verlag, LNCS 4776, 2007. Google ScholarDigital Library
- Jon McLachlan, Andrew Tran, Nicholas Hopper, and Yongdae Kim. Scalable onion routing with torsk. In Somesh Jha, Angelos D. Keromytis, and Hao Chen, editors, CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 590--599. ACM Press, 2009. Google ScholarDigital Library
- Prateek Mittal and Nikita Borisov. Shadowwalker: Peer-to-peer anonymous communication using redundant structured topologies. In Somesh Jha, Angelos D. Keromytis, and Hao Chen, editors, CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 161--172. ACM Press, 2009. Google ScholarDigital Library
- Steven J. Murdoch and George Danezis. Low-cost traffic analysis of Tor. In 2005 IEEE Symposium on Security and Privacy, (IEEE S&P 2005) Proceedings, pages 183--195. IEEE CS, May 2005. Google ScholarDigital Library
- Steven J. Murdoch and Piotr Zieliński. Sampled traffic analysis by internet-exchange-level adversaries. In Nikita Borisov and Philippe Golle, editors, Privacy Enhancing Technologies: 7th International Symposium, PET 2007, pages 167--183. Springer-Verlag, LNCS 4776, 2007. Google ScholarDigital Library
- Arjun Nambiar and Matthew Wright. Salsa: A structured approach to large-scale anonymity. In Rebecca N. Wright, Sabrina De Capitani di Vimercati, and Vitaly Shmatikov, editors, CCS'06: Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 17--26. ACM Press, 2006. Google ScholarDigital Library
- Onion routing: Brief selected history. http://www.onion-router.net/History.html, 2006.Google Scholar
- Lasse Øverlier and Paul Syverson. Locating hidden servers. In 2006 IEEE Symposium on Security and Privacy (S& P 2006), Proceedings, pages 100--114. IEEE CS, May 2006. Google ScholarDigital Library
- Lasse Øverlier and Paul Syverson. Improving efficiency and simplicty of Tor circuit establishment and hidden services. In Nikita Borisov and Philippe Golle, editors, Privacy Enhancing Technologies: 7th International Symposium, PET 2007, pages 134--152. Springer-Verlag, LNCS 4776, 2007. Google ScholarDigital Library
- Michael G. Reed, Paul F. Syverson, and David M. Goldschlag. Proxies for anonymous routing. In Twelfth Annual Computer Security Applications Conference, pages 95--104. IEEE CS Press, 1996. Google ScholarDigital Library
- Michael G. Reed, Paul F. Syverson, and David M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4):482--494, May 1998. Google ScholarDigital Library
- Marc Rennhard and Bernhard Plattner. Introducing MorphMix: Peer-to-peer based anonymous internet usage with collusion detection. In Sabrina De Capitani di Vimercati and Pierangela Samarati, editors, Proceedings of the ACM Workshop on Privacy in the Electronic Society, WPES 2002, pages 91--102. ACM Press, 2002. Google ScholarDigital Library
- Andrei Serjantov and Peter Sewell. Passive attack analysis for connection-based anonymity systems. In Einar Snekkenes and Dieter Gollmann, editors, Computer Security -- ESORICS 2003, 8th European Symposium on Research in Computer Security, pages 141--159, Gjøvik, Norway, October 2003. Springer-Verlag, LNCS 2808.Google Scholar
- Rob Smits, Divam Jain, Sarah Pidcock, Ian Goldberg, and Urs Hengartner. Bridgespa: Improving tor bridges with single packet authorization. In Jaideep Vaidya, editor, WPES'11: Proceedings of the 2011 ACM Workshop on Privacy in the Electronic Society. ACM Press, October 2011. Google ScholarDigital Library
- Paul Syverson. Why I'm not an entropist. In Seventeenth International Workshop on Security Protocols. Springer-Verlag, LNCS, 2009. Forthcoming.Google Scholar
- Paul Syverson. Sleeping dogs lie in a bed of onions but wake when mixed. In 4th Hot Topics in Privacy Enhancing Technologies (HotPETs 2011), July 2011.Google Scholar
- Paul Syverson, Michael Reed, and David Goldschlag. Onion Routing access configurations. In Proceedings DARPA Information Survivability Conference & Exposition, DISCEX'00, volume 1, pages 34--40. IEEE CS Press, 1999.Google ScholarCross Ref
- Paul Syverson, Gene Tsudik, Michael Reed, and Carl Landwehr. Towards an analysis of onion routing security. In Hannes Federrath, editor, Designing Privacy Enhancing Technologies: International Workshop on Design Issues in Anonymity and Unobservability, pages 96--114. Springer-Verlag, LNCS 2009, July 2000. Google ScholarDigital Library
- Paul F. Syverson, David M. Goldschlag, and Michael G. Reed. Anonymous connections and onion routing. In Proceedings, 1997 IEEE Symposium on Security and Privacy, pages 44--54. IEEE CS Press, May 1997. Google ScholarDigital Library
- Tor Metrics Portal. https://metrics.torproject.org/, 2011.Google Scholar
Index Terms
- A peel of onion
Recommendations
The onion router: understanding a privacy enhancing technology community
ASIST '16: Proceedings of the 79th ASIS&T Annual Meeting: Creating Knowledge, Enhancing Lives through Information & TechnologyInternet technologies have made mass surveillance prevalent and much easier to carry out, while at the same time making personal privacy more difficult to protect. The ubiquity of personal data processing has raised public awareness about the ...
Anonymous connections and onion routing
Onion routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Onion routing's anonymous connections are bidirectional, near ...
Certificateless onion routing
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityOnion routing protocols allow users to establish anonymous channels to preserve their privacy over a public network. Several protocols implementing this primitive have been proposed in recent years, and TOR, a real-life implementation, provides an onion ...
Comments