Motivation
In this scenario, we are dissidents living in a country like Iran. Our adversary is the government; it controls our ISP, and can observe or censor all web traffic. But still it is technically infeasible to filter all content (deny-by-default) without breaking the Internet.Imagine we post messages on a social-networking website to organize a protest. The government can observe the content of this post, and the IP address that posted it. Now, in free countries, an IP address does not perfectly reliably reveal one’s identity (since ISPs often NAT or dynamically reassign them). But here the government either controls our ISP or can easily force it to reveal its logs, and thereby reveal our identity and physical location. In any case, where the rule of law is lacking, it wouldn’t trouble the government to prosecute based on unreliable information. We are thus exposed to retaliation.
A simple solution would be to browse the internet over an encrypted connection (e.g. SSH) to a friend’s computer in another country. To avoid government blocking, the IP address of the friend’s computer must be kept private. So this solution only works for those few dissidents fortunate enough to personally know someone in another country who is willing to share their Internet connection.
Further reading
Onion routing
The Tor network consists of a set of publicly-known computers called relays that function as nodes in the network. Nodes are run by volunteers living in free countries. Each node can be contacted by a Tor client, and can relay messages to other nodes, and make requests directly to public web servers (Actually that is a simplification; only exit nodes do this.). Each node generates a public-private key pair, and its public key is published.To connect to a web server Z, our computer A chooses a sequence of 3 relays, P, Q, and R. Our request will be routed as A → P → Q → R → Z. To ensure untraceability, each packet is encrypted together with its routing information, wrapped in several layers of public-key cryptography.
Each relay decrypts the received message using his own private key, revealing the payload and who it is to be sent to. The relay peels off one layer of the
onion.
- A randomly chooses P, Q, and R and looks up their public keys. A computes encryptP(and sends the result [
Please send [encryptQ(
)Please send [encryptR(
)] to Q.Please send [
)] to R.GET / HTTP/1.1…] to web server Z.afec462d473193670795bc08ecab5fa5] to P. - P receives [
afec462d473193670795bc08ecab5fa5]. He decrypts it using his private key, yieldingPlease send [
, and sends it on.2da1ab427df46b3cf8c7b28536c41fa5] to web server Q. - Q receives [
2da1ab427df46b3cf8c7b28536c41fa5]. He decrypts it using his private key, yieldingPlease send [
, and sends it on.498b4ddc9f957eca6473923163dd117f] to web server R. - R receives [
498b4ddc9f957eca6473923163dd117f]. He decrypts it using his private key, yieldingPlease send [
, and sends it on.GET / HTTP/1.1…] to web server Z. - Z receives [
GET / HTTP/1.1…]. To Z (which may be under government control or surveillance), the request appears to originate from the exit node R (who is in a free country, outside their jurisdiction) rather than us. - The web server Z sends its response back to R, who relays it back to Q encrypted with Q’s private key. This repeats until the response reaches us at A. (Each intermediate node keeps connections open to its predecessor and successor, so returning packets don’t need to be wrapped with routing information.)
The network in practice
There are currently about 2759 relays transmitting a total throughput of about 200 MB/s. There are approximately 470,000 users daily. Iranians comprise the second-largest group of Tor users by country.The chief disadvantage of onion routing is that it is slow. Because packets are sent across the world several times, latency in particular suffers.
No comments:
Post a Comment