Onion Routing

The Onion Routing research project is building an Internet-based system that strongly resists traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). It prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network.

This protection is not designed to hide the identity of the initiator of a connection (the sender) from the receiver of the connection, or vice versa. There are many ways that a web server can deduce the identity of a client who visits it; several of these are demonstrated by our own "Snoop Server". Onion routing can provide a filtering proxy that removes cookies and some of the more straightforward means by which a server might identify a client, but if (for example) your browser permits the execution of Javascript, Java applets, ActiveX, a server can easily identify the IP address of your machine regardless of the protections that Onion Routing provides. Preventing your browser from executing programs in these languages will help you hide your client's identity from a server, but there is no exhaustive list of vulnerabilities. In general, your client's identity could be revealed to a server, intentionally or inadvertently, by any program running on your client that is able to write to the OR connection you have opened to that server.

The Onion Routing research project is also concerned with the problem of providing communication in which the anonymity of the individual providing a report can be guaranteed; stay tuned for future developments.

Over FIFTEEN MILLION requests processed by the NRL testbed Onion Routing Network to date (averaging over 50,000 hits a day now -- that's more than 1 million connections per month -- peak reported load of 84,022 connections on 12/31/98) since we began keeping statistics back in February 1998! (okay, so we have nothing on McDonald's hamburger count, but we thought it was impressive! :-)

To use the network yourself, read this!

Recent upgrade! We're now running on an Ultra-450 with four (4) 300Mhz processors instead of an Ultra 2 with two (2) 168Mhz processors. We've also moved to a direct 100Mbit backbone network feed...You should notice a sizeable speedup!

We are experiencing failure problems with the 9000 and 9200 proxies of an unknown origin. Currently we have a watchdog process that will kill and restart the proxies if it detects them deadlocking. This may result in perfectly normal connections being broken. We are sorry for the inconvenience, but until the next generation code is available, we will have to live with this interim solution.





Page maintained by Onion-Info (onion-info@itd.nrl.navy.mil)
Last updated on Tuesday, July 20, 1999 @ 11:09:29 (EDT)
Privacy Statement NOTICE: All Department of Defense telecommunications and automated information systems and related equipment are for the communication, transmission, processing, and storage of U.S. Government information only. The systems and equipment are subject to authorized monitoring to ensure proper functioning, to protect against unauthorized use, and to verify the presence and performance of applicable security features. Such monitoring may result in the acquisition, recording, and analysis of all data being communicated, transmitted, processed, or stored in this system by a user. If monitoring reveals possible evidence of criminal activity, such evidence may be provided to law enforcement personnel. Anyone using this system expressly consents to such monitoring. This website approved for public distribution under NRL Publication Release #81221.1-1746 NRL Seal