A Deep Dive into the Tor Network

DotNetRussell

2022-12-30

Sections

Prerequisite Knowledge

It is assumed that the reader has an understanding of TCP, TLS and generally how the internet works. It is also helpful if the reader has a basic understanding of public private key encryption. Finally, the reader would do well to understand hash tables and how they work.

Here are some resources for you to learn from if you’re missing any of these pieces or would like to brush up on it first

Also all of this information and more is explained in detail on the Tor Project’s own website https://www.torproject.org/

Introduction

The Tor Browser and Network are a free software and service provided by The Tor Project and the community. It helps people protect their privacy online. It also helps bypass censorship.

The Tor Browser routes web traffic through a network of servers. This keeps people’s online activities private. It also hides their location and IP address. The Tor Browser is open-source software.

It is available for Windows, Mac, and Linux, it’s easy to install and use, and it’s a safe, secure way to browse the web. You can find the Tor Browser download it here

In this article I’d like to dive into what Tor is, how it works, and how people use it to run businesses.

What does the Tor network look like?

Image credit to the official Tor Website https://tb-manual.torproject.org/about/

At a high level, the Tor network is a network of computers that enables anonymous communication. To use it, users connect to a network of relays run by volunteers. These relays pass traffic between each other and then send it out to its destination.

This process hides the user’s IP address and location, making it difficult to track or trace. It also encrypts the data, making it difficult to read.

This process hides the user’s IP address and location, making it difficult to track or trace. It also encrypts the data, making it difficult to read.

The way that it does this securely is by using something known as “Onion Routing”

Onion routing is a privacy-centric network technology. It conceals user identities and online activity by passing data through multiple layers of encryption. A “hop” is the term for each layer, and data is sent through a series of relays in the network.

Data is encrypted as it is sent through each hop. This means that the data is hidden from each hop on the route. This means, data is decrypted when it reaches its destination so that the receiver can read it.

Onion routing networks are anonymous and secure. They are used for activities such as web browsing, emails, and file sharing. They can also be used to protect user data from being monitored or intercepted by third parties.

To make sure the Tor network is secure, the relays are constantly monitored and tested. The relay operators also use techniques such as circuit padding, which makes it difficult for anyone to identify the origin of the traffic. This helps to keep users anonymous and their data secure.

What is a Tor Relay?

Relays on Tor help route user data through the Tor network. They accept data from users, encrypt it, and pass it along. This helps keep user data private. Each relay passes the data to another, forming a circuit to hide the user’s identity. This helps prevent websites from seeing the user’s true location.

The final relay sends the data to the destination. As data is encrypted, the destination cannot tell who sent it or where it came from. This helps protect user privacy.

All of the encrypted connections between each relay make up the encrypted Onion layers.

What is the Tor Browser?

Image credit to the official Tor Website https://www.torproject.org/releases/tor-browser-11-0/

Tor Browser is the software program used to access the Tor network. It helps to protect users from online tracking and surveillance. It also allows users to access websites that are blocked or censored.

The browser routes the user’s traffic through multiple relays, making it difficult to trace the user’s location. As explained in the last section, each of these relay connections maintain a unique encrypted connection. When you have multiple layers like this it forms what could be related to an onion.

Compromising a single layer is unlikely to lead to a compromise of the data being passed through it because the data will have been encrypted multiple times by other relays.

The Tor Browser offers more than just a connection to the Tor Network though. It also safeguards privacy and blocks trackers. It also offers multilayer encryption and prevents data and location leakage.

The Tor Browser offers more than just a connection to the Tor Network though. It also safeguards privacy and blocks trackers. It also offers multilayer encryption and prevents data and location leakage.

Tor Browser allows users to browse anonymously and access websites without being tracked. Tor keeps users safe from malicious scripts, viruses, and phishing. It also has built-in privacy and security settings menu. One of the best features though is that it has secure default settings and offers multiple connection options, including an integrated proxy to help users hide their identity.

Common Tor Use Cases

There are a number of use cases for Tor, but I will cover a few of the most popular ones here.

Journalism

Journalists use Tor to protect their privacy and access information securely. It helps them access information without revealing their identity or location. The Tor network helps journalists access censored websites and bypass censorship when publishing sensitive content.

Tor also allows journalists to communicate securely with their sources.

Ultimately, Tor provides journalists with the ability to securely store their data and documents. With Tor, journalists can access their data even when the server is offline and keep their data safe from government surveillance and hackers. This is incredibly important in countries where freedom of the press is a concern.

Whistleblowers

Whistleblowers use Tor to protect their identity and data. It allows whistleblowers to communicate securely and anonymously.

Whistleblowers use Tor to avoid surveillance and censorship.

Tor helps whistleblowers protect their data and communicate without fear of reprisal. It allows them to securely and anonymously share confidential information without fear of being tracked or identified.

Anonymous and Uncensored Businesses

Businesses use Tor to protect data, mask IP addresses, and stay anonymous online. It helps keep communications secure and private. Tor can be used to securely access websites, send emails, and transfer files. Businesses can use it to access restricted content and conduct research.

Finally, it allows businesses to host hidden services on the internet, helping them protect their websites and sensitive data. It provides an extra layer of security.

What are Hidden Services on Tor?

Image credit to https://www.mdpi.com/2624-800X/1/3/25

Hidden services on Tor, also known as “Onion Services”, use a layered system of encryption to hide the identity of the server. They create an anonymous network between users and the server. Encrypted data is sent through a network of relays.

These relays act as proxies, passing data between the sender and receiver without revealing the sender’s identity. The server can then respond anonymously to the user. The user’s IP address is also kept private.

The server is identified by a unique address, which is hidden from the public. It is not possible to locate the server without knowing the address. All communication between the user and the server is encrypted, keeping the data safe.

The server is identified by a unique address, which is hidden from the public. It is not possible to locate the server without knowing the address. All communication between the user and the server is encrypted, keeping the data safe.

Some benefits of using Onion Services are:

  • Location Hiding: The onion service’s IP address is hidden. IP Addresses aren’t used in the network thus they are meaningless.
  • End to End Authentication: Users are guaranteed that content returned from a request to an Onion Site can only come from that official source. There’s no possibility for impersonation.
  • End to End Encryption: Just like making a request over the Tor network to a non-Tor site, Onion Services also use the Tor network, so they also have multiple layers of encryption.
  • Nat Punching: There’s no need to open ports with Onion Services. Only outgoing connections are established.

For a much more in depth look at Onion Services check out the Tor Project’s official site and explanations

How do Onion Services Work?

Let’s take a more in depth look at how Onion Services actually work. This is where things tend to get into the weeds. It’s hard to discuss how the Tor Network works without digging a little into cryptography. Rest assured that I’m not a cryptography expert, so I’ll explain this as deep as my knowledge goes, which isn’t far.

Onion Service Addresses

This is what an Onion Service address may look like vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion

This address is telling us a story as to why Tor doesn’t use IP addresses to route traffic. The Onion address in Tor Onion Services V3 is a full ed25519 public key. Unlike V2 which used a hash of the public key as an address. Meaning. the public key is derived using an elliptic curve system. The same system used for SSH authentication.

Using this as an address means that Tor doesn’t need to publicly expose IP addresses. There does need to be some type of mapping system in place though so that traffic can be routed correctly. This mapping service is the Onion Service Directory, which we’ll talk about next.

Creating the Hidden Onion Service

In order to get traffic from the requestor to the service and back, there’s a bit of a hat trick that needs to be pulled off. This hat trick needs to keep the requestor private, the service private, be entirely encrypted and have multiple redundancies in place. Remember, this project is literally protecting the lives of its users.

To start, the service needs to setup some introduction points

Tor Introduction Points | Credit for image to Tor Project https://community.torproject.org/onion-services/overview/

Introduction points act as a gateway to the service from the Tor network. Each point has a series of relays setup between the introduction point and the service, so that not even the introduction point knows the identity of the service. When this is configured, they are setup as long-term circuits.

Once the introduction points are configured, they need to be registered as Onion Service access points. This is done by the service with something called an Onion Service Descriptor. You can think of this as an entry in a phone book. The descriptor is signed with the Onion Service’s private key and entered into a hash table which is part of the Tor Network. This allows others to find the service on the network when it’s requested. The entry into the hash table is also done over the Tor Network so even the registration of this entry is anonymized.

Tor Onion Service Registry – Image credit to Tor Project https://community.torproject.org/onion-services/overview/

Encrypted Onion Rendezvous

Now for the rendezvous…

This is where the magic begins. If a user wants to access the hidden service, they need only the public key address to the onion service. Upon request of the service in the Tor Browser, a secure connection is made to the Onion Service Directory and the service descriptor, which was signed by the Onion Service’s private key, is returned to the user. The Tor Browser then automatically verifies that the service descriptor was signed with the Onion Service’s private key. This means that we’re verifying that only someone with the private key could have generated the descriptor and thus, guaranteeing that this Onion Service descriptor belongs to the service requested.

This means that we’re verifying that only someone with the private key could have generated the descriptor and thus, guaranteeing that this Onion Service descriptor belongs to the service requested.

Making the Connection

Now that we have a descriptor and we’ve verified that it belongs to the service we’re attempting to connect to, we can get the introduction points out of the descriptor and connect to them. This isn’t the entire thing though. Now we set a rendezvous point.

The client making the request to the introduction point sets up a new Tor circuit which leads to a random Tor relay. It then asks this relay to be the rendezvous point. The client also provides the relay with a secret one-time use, string. It sends this rendezvous point as well as the secret one-time use string to the introduction point. Finally, the introduction point sends this information to the Onion Service over its long running relay connection.

It’s at this point that the Onion Service now has everything it needs to open a connection with the user attempting to access the site. The Onion Service does some verification to determine if this is a trustworthy request, and then if it is, it establishes a connection at the rendezvous point over yet another set of Tor relays. The secret key is passed to the relay and the connection is made.

Final Thoughts, It’s not a Perfect System

Tor isn’t a perfect system. I could easily argue that there is no such thing as a perfect system, but Tor certainly isn’t one, and that’s okay. It’s pretty good, and it’s certainly better than the alternative.

Here are a few of the things that we need to accept as risks when operating on what some call “The Dark Net”

  • Tor can be dangerous as it can be used for illegal activities. Users can access dark web sites and view content that is illegal or dangerous. I’m by no means advocating for people to do illegal things on the internet but if you are doing something that you consider a human right, which is illegal where you are, make sure you’re taking proper precautions. Tor is not a one size fits all OPSEC shield.
  • Malware is a risk as it can be used to steal personal data or infect computers. It is important to be vigilant and only access trusted sites. The power of being anonymous works for and against Tor users. Be overly vigilant of anyone you encounter on the Tor network as well as anything that you choose to download to your machine. It doesn’t take much to compromise yourself.
  • Tor can be used to bypass censorship, but it can also be used to cover up illegal activities. It is important to be aware of the risks and use Tor responsibly.

Continued Learning

Here’s an excellent video explaining Onion Routing in depth.

Video credit goes to the YouTube channel Computerphile

Some of this article was automatically generated by the Open AI platform and then modified by the author to include headers, editing, formatting and personal experience. The human author takes responsibility for everything said here as well as its accuracy

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.