TOR (The Onion Router): A Deep Dive
TOR, or The Onion Router in full, is a well-known Anonymous Network that allows users to browse the internet ‘completely’ anonymously. I don’t mean to claim that no one will ever know who you are or what you say on the internet if you use Tor. I will eventually describe certain circumstances in which this ‘completely’ word fails.
TOR, on the other hand, has been protecting people’s identities and allowing them to express themselves anonymously on the internet. According to the official Tor website (https://www.torproject.org/), the main users of this Tor network include activists, military and law enforcement, media, and numerous other persons for their activities. Apart from that, people use this network to access forbidden websites, download sexual content, and, most crucially, hackers use it to target organisations without revealing their identities. The most recent example of the latter was the recent Skynet Botnet, in which Command and Control Servers (C&C) were masked behind the Tor Network.
How Does TOR Work?
Tor is a network of relay servers run by volunteers all over the world. When a user connects to the Tor network using Tor client/Tor enabled browser, a path is formed from the user to the target server to which the user needs to connect. This path is made up of three relay servers: Entry Node, Middle Node, and Exit Node.
All requests sent by the sender to the destination via the Tor network are relayed over this pre-built path, and responses from the destination are returned to the sender via the same path. All data travelling through the Tor network is totally encrypted, so anyone intercepting the conversation has no idea who the sender is. However, sniffing the outgoing link from the exit node can acquire the data transmitted both sides while maintaining anonymity. I’ll go through how this protection works later.
Tor can be operated as a local SOCKS proxy in your computer after downloading it from the internet. When your browser is configured to use that local SOCKS proxy, you can access the internet via the Tor network. Many applications, including web browsers, download manager software, BitTorrent clients, and others, can be configured to use this SOCKS proxy and run through the Tor network.
How to Get Around Firewalls and Filtering Mechanisms
When you connect to a server via the Tor network, your firewall or filtering device only sees that you are connected to a node of the Anonymous network, not to the actual server with whom you are speaking. And because the data is encrypted, these filtering methods cannot check inside the packets or analyse the actual content. As a result, this information gets past firewalls and filtering devices.
Tor’s Anonymity Protection
Tor is an Onion Routing solution that provides Multi-Layer encryption for user data and relays it across a network of Onion Routers. So, what exactly is onion routing?
Assume a user is connected to a destination server via an Onion Router (or Relay) network. The data that the user delivers to the target server is encrypted in numerous layers, each of which can only be decrypted by one onion router in the network. So, if a user connects to a destination via four Onion routers, the data transferred is encrypted in four levels. A user is linked to three nodes in the Tor network. The diagram below is from Wikipedia and explains how data is encrypted in three stages.
When a user connects to the anonymous network using Tor as a proxy server, Tor discovers three Nodes (Entry Node, Middle Node, and Exit Node). Tor additionally produces three different shared secret keys (symmetric keys) with each node during this discovery using Diffie-Hellman Key Exchange. Any of these three routers has no knowledge what the other two’s keys are. Only the sender has the three keys required to encrypt the data he sends in three levels. As seen in the image above, once this three-layer encrypted data is passed across these three nodes, the Entry node decrypts the first layer of encryption using his shared secret key and determines where to relay the data. However, it is unable to decrypt the data since it is encrypted with a key that it does not possess. The 2-layer encrypted data from the Entry Node is then sent to the Middle Node. Then, as previously mentioned, it decrypts the next layer of encryption using its shared secret key. The decrypted data is then sent to the Exit node. The data arriving at the Exit Node is encrypted in only one layer. The actual plain text data is disclosed when it is decrypted using the Exit Node’s shared secret key. The real data is then delivered to the destination server in plain text.
As a result, we have a clear security risk with these Exit nodes. If an Exit node is attacked or managed by a malicious entity, the attacker can sniff all data coming out of the Exit node and steal sensitive information such as user credentials and bank information. As a result, for maximum security, users should view websites via a secured HTTPS connection. The outgoing communication from the exit node is then encrypted using a shared key known only to the sender and the destination, preventing the attacker from identifying the data.
How TOR works with and without HTTPS-
Please refer below article-