III UNIVERSITY OF EASTERN FINLAND,

Faculty of Science and Forestry,

Joensuu School of Computing Computer Science

Ville-Valtteri Immonen,
Alice in Onion Land: On Information Security of Tor

Master’s Thesis, 41p.

Supervisors of the Master’s Thesis:
PhD Markku Tukiainen

June 2016

----

Abstract:

Cryptographic  networks aim to create communication paths through inter-net  that  allow  sending  messagesin  a  way  that  the  origins  of  the  message  cannot  be linked to its sender. Tor -application uses a technique called onion routing to encrypt messages.  The  technique  gets  its  name  from  the  data  structure  inside  which  infor-mation  travels  from  sender  to  receiver.  The  machine  that  initiates  the  connection forms an onion routing path and wraps the message inside an onion before sending it down the path. An onion is formed from cryptographically encrypted layers that are peeled one by one by each router along the communication path.Tor  aims  to  stay  a  low  latency  anonymity  service  and  the  technology  has  beende-signed  with  this  principle  in  mind.  Different  defences  like  entry  guards  and  bridges offer protection while keeping the  computing cost of the network low.  First version of onion routing was developed in 1996 and the last, third generation that is still un-der development was published in 2006.In  this  thesis  we  examine  onion  routing:  how  do  different  generations  differ  from each other and what kinds of data security threats onion routing has and what possi-bilities is there to defend against them. We discuss eight papers published in the re-cent  years  abouttheoretical  attacks,  meaning  theoretical  ways  to  break  the  security provided  byonion  routing  technology  and  divide  these  attacks  into  categories.  The categories we propose are: Entry and exit onion router selection attacks, Traffic and time  analysis  based  attacks,  Autonomous  system  leveland  global  level  attacks,  and Software-level attacks.

Keywords: 
Onion Routing, Tor, Anonymity, Information Security, Information Pri-vacyCR Categories (ACM Computing Classification System, 1998 version): C.2.1

----

Un texte technique au sujet de la cryptographie employée par le routage en ognon (Tor). Son adressage, ses vulnérabilités et contres-attaques.