Tor is the world’s largest and most well-known “onion router” network. Tor offers a degree of anonymity that has made it a popular tool of journalists, dissidents, and everyday Internet users who are trying to avoid government or corporate censorship (as well as Internet drug lords and child pornographers). But one thing that it doesn’t offer is speed.
Tor uses complex encrypted “circuits” bring Web browsing and other tasks to a crawl. That means that users seeking to move larger amounts of data have had to rely on virtual private networks—which while they are anonymous, are much less protected than Tor (since VPN providers—and anyone who has access to their logs—can see who users are).
A group of researchers—Chen Chen, Daniele Enrico Asoni, David Barrera, and Adrian Perrig of the Swiss Federal Institute of Technology (ETH) in Zürich and George Danezis of University College London—may have found a new balance between privacy and performance. In a paper published this week, the group described an anonymizing network called HORNET (High-speed Onion Routing at the NETwork layer), an onion-routing network that could become the next generation of Tor. According to the researchers, HORNET moves anonymized Internet traffic at speeds of up to 93 gigabits per second. And because it sheds parts of Tor’s network routing management, it can be scaled to support large numbers of users with minimal overhead, they claim.
Like Tor, HORNET encrypts encapsulated network requests in “onions”—with each layer being decrypted by each node passing the traffic along to retrieve instructions on where to next send the data. But HORNET uses two different onion protocols for protecting anonymity of requests to the open internet and a modified version of Tor’s “rendezvous point” negotiation for communication with a site concealed within the HORNET network.
When sending a request to a site that isn’t protected by HORNET, a more Tor-like “Sphinx” onion protocol is first used to set up the channel. “Each Sphinx packet allows a source node to establish a set of symmetric keys, one for each node on the path through which packets are routed,” the researchers explained. Those keys, created via a Diffie-Helman exchange, are used to encrypt the “Forwarding Segment”—the chain of session state information for the stream of data packets that follow. “The [Forwarding Segment] allows its creating node to dynamically retrieve the embedded information (i.e., next hop, shared key, session expiration time), while hiding this information from unauthorized third parties,” Chen et al wrote.
For the actual data packets, the sending system collects all of the forwarding segments from each node on the channel to the destination and combines them into what the researchers call an anonymous header (AHDR). “An AHDR grants each node on the path access to the [forwarding segment] it created, without divulging any information about the path except for a node’s previous and next nodes,” they explained. The data itself is “onioned”, encrypted with the keys for each of the nodes in the channel, until it reaches its destination. The upside of this approach, Chen et al said, is that it drastically reduces the cryptography work required for each packet, as well as the amount of session flow information the network has to manage.