Onion routing is an anonymous communication technology on computer networks. In onion routing network, messages are encrypted layer by layer like packets, which are sent through a series of network nodes called onion routers. Each Onion Router decrypts the outermost layer of the packet until it reaches the destination. The destination can obtain the original message.
Onion routing is an anonymous communication technology on computer network. In onion routing network, messages are encrypted layer by layer like packets, which are sent through a series of network nodes called onion routers. Each Onion Router decrypts the outermost layer of the packet until it reaches the destination. The destination can obtain the original message. Because through this series of encryption packaging, each network node (including the destination) can only know the location of the previous node, but can not know the entire sending path and the address of the original sender.
Invention and Realization
1990 年代中期，美国海军研究实验室的研究员保罗‧塞维利亚森（Paul Syverson）、麦可‧里德和大卫‧戈尔德施拉格（David Goldschlag）为了保护美国在线情报系统而开发了洋葱路由。其后国防高等研究计划署接手该项目继续开发，并在 1998 年获得海军的专利。2002 年计算机科学家罗杰‧丁高戴恩（Roger Dingledine）和尼克‧马修森（Nick Mathewson）加入了塞维利亚森的项目，并开始开发 Tor；Tor 为“洋葱路由项目”（The Onion Routing project）的头字语，该项目后来成为规模最大的洋葱路由实现并广为人知。之后美国海军研究实验室将 Tor 以自由软件授权的方式公开了源代码，丁高戴恩、马修森以及其他五位成员在 2006 年成立了名为“The Tor Project”的非营利组织，并获得包含电子前哨基金会在内的几个组织的财政资助。
In the mid-1990s, researchers at the U.S. Naval Research Laboratory, Paul syverson, Michael reed and David goldschlag, developed onion routing to protect the U.S. online intelligence system. Later, DARPA took over the project and continued to develop it. In 1998, it obtained a patent from the Navy. In 2002, computer scientists Roger dingledine and Nick Mathewson joined sevillason’s project and began to develop tor, the acronym of the onion routing project, which has since become the largest onion routing implementation and is widely known. Later, the U.S. Naval Research Laboratory released the source code of tor in the form of free software authorization. Dingo Dane, matthewson and five other members established a non-profit organization called “the tor project” in 2006, and obtained financial support from several organizations, including the electronic outpost foundation.
一个在洋葱路由网络中传递的数据包例子。发送者首先将数据包发送给路由器 A，解密了蓝色一层，并发现要传给 B，而数据包发送至 B 时又解密了绿色一层，同理再传给 C，而 C 在解密了红色一层后得到原始要发送的消息并将之传给目的地。
An example of a packet passing through an onion routing network. The sender first sends the packet to router a, decrypts the blue layer, and finds that it is to be passed to B. when the packet is sent to B, it decrypts the green layer and then passes it to C. After decrypting the red layer, C gets the original message to be sent and transmits it to the destination.
The reason for onion routing is that the message layer by layer encryption is packaged into a data structure called onion packet. The number of layers depends on the number of nodes passing through the destination. Each node will decrypt the outermost layer of the packet. Therefore, no node can know the original and final destination of the message at the same time, so that the sender can achieve the effect of anonymity 。
Creating and sending packets
为了发送洋葱数据包，发送消息者会从“目录节点”（directory node）提供的列表中选取一些节点，并以这些规划出一条被称作“链”（chain）或“线路”（circuit）的发送路径，这条路径将为传输数据包所用。为了确保发送者的匿名性，任一节点都无法知道在链中自己的前一个节点是发送者还是链上的另一节点；同理，任一节点也无法知道在链中自己的下一节点是目的地还是链上另一节点。只有链上的最后一个节点知道自己是链上最终节点，该节点被称作“出口节点”（exit node）。
In order to send onion packets, the sender selects some nodes from the list provided by the “directory node”, and plans a sending path called “chain” or “circuit”, which will be used to transmit packets. In order to ensure the anonymity of the sender, no node can know whether its previous node in the chain is the sender or another node in the chain; similarly, no node can know whether its next node in the chain is the destination or another node in the chain. Only the last node in the chain knows that it is the final node in the chain, which is called the “exit node”.
Onion routing network uses asymmetric encryption. The sender obtains a public key from the directory node, encrypts the message to be sent and sends it to the first node in the chain, which is also called the entry node, and then creates a connection and shares the key with it. After the connection is created, the sender can send the encrypted message to the second node in the chain through this connection, and only the second node can decrypt the message. When the second node receives the message, it will create the connection with the previous node, that is, the entry node, so that the sender’s encrypted connection extends to it, but the second node does not know the previous node Identity in the chain. After that, according to the same principle, the sender sends the message that only the third node can decrypt to the third node through the encrypted connection between the entrance node and the second node, and the third node also creates a connection with the second node. By repeating the same steps, the sender can generate a longer and longer connection, but there are still limitations in performance.
When all the links in the chain are created, the sender can send data through it and keep anonymity. When the destination sends back the data, the nodes in the chain will send the data back through the same connection, and encrypt the data layer by layer, but the encryption order is completely opposite to that of the sender. When the original sender receives the data returned from the destination, only the innermost layer of encryption will be left. At this time, the decryption can get the message sent back by the destination.
传统互联网不被认为具有匿名性的一个理由为互联网服务供应商具有纪录和追踪各电脑间的连接能力；例如当有人访问一个特定网站时，往来的信息内容如密码等，虽然能透过像是 HTTPS 等加密连接方式保护让其他人无法得知内容，但是连接本身却仍会有纪录，包含何时创建连接，多少数据量被发送等。洋葱路由虽然能创建并隐藏两电脑之间的连接，使两者之间并无一个可分辨的直接连接，但仍会有上述的连接纪录问题。流量分析可借由搜索连接纪录的连接时间和数据传输量来试图判别潜在的一对发送者与接收者；例如当有人发送 51KB 的数据到一个未知的电脑，三秒后另一未知的电脑发送 51KB 的数据给一个特定的网站，则可以推断此人可能与该网站曾创建连接。此外还有一些原因可以让流量分析更加有效，包含节点的损坏或离开网络，以及当链已经因为定期重建而改变，但有些链上节点却仍在追踪此前创建的会话等。
One reason why the traditional Internet is not considered anonymous is that Internet service providers have the ability to record and track the connections between computers. For example, when someone visits a specific website, the information content, such as password, can be accessed through such things as HTTPS However, the connection itself will still have records, including when the connection was created and how much data was sent. Although onion routing can create and hide the connection between two computers so that there is no discernible direct connection between the two computers, there will still be the above connection record problem. Traffic analysis can try to identify a potential sender and receiver by searching the connection time and data transmission volume recorded in the connection. For example, when someone sends 51kb data to an unknown computer, and three seconds later another unknown computer sends 51kb data to a specific website, it can be inferred that the person may have created a connection with the website. In addition, there are several reasons why traffic analysis can be more effective, including node damage or leaving the network, and when the chain has changed due to periodic reconstruction, but some nodes on the chain are still tracking the sessions created previously.
大蒜路由是洋葱路由的一种变体，其结合了 I2P 网络并将多份消息加密打包在一起，使其更难被攻击者以流量分析的方式破解。
Garlic routing is a variant of onion routing, which combines i2p network and encrypts multiple messages together, making it more difficult for attackers to crack by traffic analysis.
Exit node vulnerability
虽然消息在洋葱路由网络中被层层加密，但是在出口节点时，该节点会把最后一层解密并将原始消息传给接收者；因此若出口节点遭到攻击或是受控制，则原始的消息将会被截取。瑞典研究员丹‧伊格史塔德（瑞典语：Dan Egersta）曾用此方式获得了超过 100 封寄给外国大使馆的电子邮件密码。出口节点漏洞的原理与未加密无线网络很类似，后者为用户将未加密的数据在无线网络上传送时可能中途被其他人截走；这两种问题都可以透过端对端加密连接如 SSL、HTTPS 等方式解决。
Although the message is encrypted layer by layer in onion routing network, the node will decrypt the last layer and pass the original message to the receiver when the exit node is attacked or controlled, the original message will be intercepted. Dan egersta, a Swedish researcher, has used this method to obtain more than 100 e-mail passwords sent to foreign embassies. The principle of exit node vulnerability is similar to that of unencrypted wireless network. The latter means that the user may intercept the unencrypted data during transmission on the wireless network; both problems can be solved by end-to-end encrypted connections such as SSL and HTTPS.