Onion routing

Onion routing ( English onion "onion") is a technique for achieving anonymity on the Internet . The web content is routed via constantly changing routes of several mixes , which in this context are also called nodes . These each represent a kind of encrypting proxy server . As a result, the true identity of the person who requested the data remains anonymous for the web server on the other side, and not even the operators of the nodes themselves can establish an association between the user and his requested web content unless all nodes on the route are working together.

Encryption scheme

Graphic representation of the principle

The term onion or onion is derived from the encryption scheme used. The data to be transmitted is encrypted several times. Either a decryption or encryption step is applied to the data within each node, depending on whether the data is sent ("upstream") or received ("downstream"). The client encrypts every packet to be sent and consequently decrypts every received packet several times according to the number of nodes within the route. This gradual encryption scheme is shaped like an onion with its skins, hence the name. It guarantees that only the last node can see the data to be sent in plain text (although this may still be subject to end-to-end encryption). Tracking of the data across a node is not possible either, since each node carries out an encryption or decryption step that is only comprehensible for itself and the client, i.e. the data at the entry of the node look different than at the exit of the node .

Route selection

In contrast to services based on fixed mix cascades , i.e. H. which always use a route between the mixes that is the same for all users, with onion routing the selection and order of the nodes used is changed again and again individually by each user. From the point of view of this server, a subsequent renewed access to a server also seems to come from a new user, since the IP address has also changed in the meantime. However, this only applies if further identification is not possible using the transmitted content data, e.g. B. because of cookies or personalized links .

Concept comparison with mix cascades

The main difference between the concept of fixed mix cascades and free routing lies in the transmission capacity and the number of nodes required. While all users use the same mixes with fixed mix cascades, which means that they have to provide correspondingly large capacities, but a small number is sufficient, the onion routing concept requires a large number of nodes, which, however, require lower bandwidths because the individual nodes is only used by a few users at a time. As a result, onion routing can be implemented within a grassroots approach, as users with broadband access (with sufficient transmission rate) can often operate a node themselves. On the other hand, a low participation threshold and thus the lack of central control is also the greatest risk: A service of this kind can be infiltrated and controlled to a large extent with relatively little effort by individual persons operating nodes under many pseudonyms . Even if there are still sufficiently "good" nodes in the network, there is a correspondingly increased probability that a user will compile a route exclusively from the set of controlled nodes and thus his actions will be understandable for the operator of these nodes. This is even favored by the constantly changing route selection. Although this means that the probability that all of the user's actions can be controlled is lower because he is constantly selecting new nodes, but the probability that at least some of his actions can be deanonymized increases.

application

A well-known and widespread program for using onion routing is the Tor anonymization service (The Onion Router) . In contrast, JonDo, developed in Germany, is a service based on fixed mix cascades.