Tor: The Second-Generation Onion Router
Roger Dingledine, Nick Mathewson, Paul Syverson
We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency. We briefly describe our experiences with an international network of more than 30 nodes. We close with a list of open problems in anonymous communication.
Nathan Scrivens
- Extensive notes on other systems and what features they provide. Many of them had a specific strength but did not offer strong enough anonymity or usability to be widely adopted.
- The authors were very clear on what their goals were and what they chose not to protect against. The mechanisms and weaknesses are known so there is no security through obscurity occurring.
- Fascinating to see how the project has grown over the years. The network has grown from 32 nodes to a widely used network with plenty of media attention.
- Human error appears to be the main point of 7 failure, not the security features. Various attack methods are outlined in the paper. Combining Tor with other security tools further protects the user.