Analysis of The Onion Routing Project

(TOR Project)
Anthony Prasetyo - 1701320781
Evan Korius - 170
Rahadian Adinugroho - 1701358641
Raymond Haryanto - 17013120674

Table of Contents
Chapter I: Project Description................................................................3
Project Brief..................................................................................3

Introduction................................................................................3
What is TOR?...............................................................................3
Background....................................................................................4
Why The Internet is not secure.........................................................4
Surface Web................................................................................5
Deep Web...................................................................................5
Dark Web....................................................................................6
Dark Web or Deep Web...................................................................7
Chapter II: Objective...........................................................................8
Chapter III: Research...........................................................................8
Why Dark Web Cannot be Accessed Directly?............................................8
How to access deep and dark web?.......................................................8
What is TOR Project?........................................................................9
Who Uses TOR?..............................................................................10
What are .onion sites?.....................................................................10
How do .onion sites work?..............................................................10
Chapter IV: Type of Transparency...........................................................11
Chapter V: System Architecture.............................................................11
Chapter VI: Process / Communication.....................................................12
Chapter VI: Fault Tolerance..................................................................14
Chapter VII: Security..........................................................................14
Security mechanisms.......................................................................15
Chapter VIII: Current Weaknesses..........................................................16
Exit node eavesdropping...................................................................16
Sniper attack................................................................................16
Bandwidth hogging.........................................................................16
Email.........................................................................................16
Chapter IX: Conclusion.......................................................................17

Chapter I: Project Description

Project Brief

Introduction
What is Internet? A means of connecting a computer to any other
computer anywhere in the world via dedicated routers and servers. When
two computers are connected over the Internet, they can send
and receive all kinds of information such as text, graphics, voice, video,
and computer programs. However all the activities that we had done and
our identities would be recorded into logs and easily tracked by other
parties. Therefore, there is an organization that created another dimension
of internet to help us to maintain our privacy called The Dark Web.
The Dark Web is a term that refers specifically to a collection of
websites that are available to everyone, but protects the identity such as IP
addresses of the servers and the user. Thus these servers can be visited by
any web user, but it is very difficult to work out who is behind the sites. And
you cannot find these sites using search engines. Almost all sites on the socalled Dark Web hide their identity using the Tor encryption tool. You may
know Tor for its end-user-hiding properties. You can use Tor to hide your
identity, and spoof your location. When a website is run through Tor it has
much the same effect.
Indeed, it multiplies the effect. To visit a site on the Dark Web that is
using Tor encryption, the web user needs to be using Tor. Just as the end
user's IP is bounced through several layers of encryption to appear to be at
another IP address on the Tor network, so is that of the website. So there
are several layers of magnitude more secrecy than the already secret act of
using Tor to visit a website on the open internet - for both parties.

What is TOR?
Tor is software that allows users to browse the web anonymously.
Developed by the Tor Project, a nonprofit organization that advocates for
anonymity on the internet, Tor was originally called The Onion Router
because it uses a technique called onion routing to conceal information
about user activity. The TOR Browser is made on top of Firefox platform
which makes it very secure and stable browser. Mozilla Firefox & Tor
browser shares almost equal set of features. The Tor Browser Bundle (TBB)
uses Mozilla Firefox Extended Support Release (ESR). Since TBB has the goal
to be secure and stable, it uses the ESR version, not the latest and greatest
Firefox. The TBB is regularly updated with the latest version of Firefox ESR.

Background

Why The Internet is not secure

As the tech got more advanced, engineers were able to physically link
computers together, creating early networks. These networks still required
the computers to be relatively near each other, however.
Eventually, advances in fiber optics enabled networks to connect across
continents, allowing for the Internet to be born.
Some computers house the data stored on the Internet, including web
pages like Google. These computers are known as servers. A device used
to access this information, such as a smartphone or PC, is known as a client.
The transmission lines that connect clients to servers come in a variety of
forms, whether fiber optic cables or wireless signals, but they are all
connections.
Although clients initiate connections to get information from servers,
the flow goes both ways. Data is exchanged across the Internet in packets.
These packets contain information about the sender and the destination,
and certain individuals and organizations can use this data to monitor who is
doing certain things or accessing certain information on the Web. It is not
just the server that can see this data. Traffic analysis is big business, and
many organizations, both private and governmental, can monitor the
messages flowing between clients and servers.

Surface Web
This is the easy one. Its the common Internet everyone uses to read
news, visit Facebook, and shop. Just consider this the regular Internet.

Figure 1 - Example of Surface Web

Deep Web
The deep Web is the part of the Internet that is inaccessible to
conventional search engine s, and consequently, to most users. According to
researcher Marcus P. Zillman of DeepWebResearch.info, as of January 2006,
the deep Web contained somewhere in the vicinity of 900 billion pages of
information. In contrast, Google, the largest search engine, had indexed
just 25 billion pages.
Deep Web content might include information in private databases
that are accessible over the Internet but not intended to be crawled by
search engines. For example, some universities, government agencies and
other organizations maintain databases of information that were not
created for general public access. Other sites may restrict database access
to members or subscribers.
Deep web sites are not indexed because they use dynamic databases
that are devoid of hyperlinks and can only be found by performing an
internal search query.

Figure 2 - Example of Deep Web

Dark Web
The Dark Web (also called darknet) is a subset of the Deep Web that
is not only not indexed, but that also requires something special to be able
to access it, e.g., specific proxying software or authentication to gain
access. The Dark Web is often associated with criminal activity of various
degrees, including buying and selling drugs, pornography, gambling, etc.
While the Dark Web is definitely used for those things more than the
standard Internet or the Deep Web, there are many legitimate uses for the
Dark Web as well.

Figure 3 - Example of Dark Web Sites

Dark Web or Deep Web

Although all of these terms tend to be used interchangeably, they
don't refer to exactly the same thing. An element of nuance is required. The
'Deep Web' refers to all web pages that search engines cannot find. Thus the
'Deep Web' includes the 'Dark Web', but also includes all user databases,
webmail pages, registration-required web forums, and pages behind
paywalls. There are huge numbers of such pages, and most exist for
mundane reasons.
We have a staging version of all of our websites that is blocked from
being indexed by search engines, so we can check stories before we set
them live. Thus for every page publicly available on this website (and there
are literally millions), there is another on the Deep Web. The content
management system into which I am typing this article is on the Deep Web.
So that is another page for every page that is on the live site. Meanwhile our
work intranet is hidden from search engines, and requires a password. It has
been live for nearly 20 years, so there are plenty of pages there.

Figure 4 - Diagram of Web Levels

Chapter II: Objective

What is TOR Project?

How dark web works
How TOR protects users and servers identity
Research why we cannot access the dark web directly.
How to access dark web?

Chapter III: Research

Why Dark Web Cannot be Accessed Directly?

Basically, all kinds of website (Internet, Deep Web, Dark Web) rides on the
same infrastructure, but due to encryption method on data transfer and domain
naming, dark webs doesnt appear in most search engines and cannot be opened
on conventional web application. TOR browser will be needed in order to access
the dark web since TOR browser can decrypt the data from TOR network.
In Short, you need to set your connection protocol using TOR network
because the dark web (.onion) only be accessed through a hidden network called
TOR.
How to access dark web?
We cant just access the dark web from a normal web browser like
Firefox for example since you can only access the dark web through a dark
web browser. The most famous of these dark web browsers is called Tor and
this is the one we recommend you get if youre looking to get onto the dark
web. Downloads of Tor soared in August by almost 100% as the general
population became more and more concerned about their privacy amid
revelations about US and UK intelligence agencies monitoring web traffic. In
short, more and more people are turning to the dark web to get their
internet fix and protect their information.

What is TOR Project?

TOR - The Onion Router - known by its acronym TOR- refers to the
process of removing encryption layers from internet communications,
similar to peeling back the layers of an onion. TOR offers an anonymous
connection to the Deep Web. It is, in effect, the Deep Web search engine.
TOR was developed by US Naval Intelligence to allow for anonymous and
untraceable communication via the internet. Intelligence agents, law
enforcement officers, and political dissidents in foreign countries with
oppressive governments are trained in its use by the State Department.
The Tor Project was originally developed by the United States Naval
Research Laboratory, along with a mathematician Paul Syverson and
computer specialists Michael Reed and David Goldschlag in the 1990s as a
way to protect sensitive intelligence communications. It was during this
time that the core principle behind Toronion routingwas originally
developed. This same technique, which protects users anonymity by
protecting online activity through a series of encrypted layers, is how Tor
still works today.
The anonymity offered through TOR created a breeding ground for
criminal elements who are taking advantage of the opportunity to hide
illegal activities. Silk Road (Shut down by the FBI just last year) forged the
illicit online structure and business model for how an illegal marketplace
could operate via its own anonymous currency (Bitcoin) in the deep web
with the certainty of anonymity. Everything from murder-for-hire, to
hackers, to child sex crimes, once limited to back alleys could now move
freely throughout a global marketplace. Since the shutdown of Silk Road,
many other black-market bazaars have sprung up in its place: TOM, Agora
Beta, and Evolution to name a few.
The TOR Project is a non-profit organization that conducts research
and development into online privacy and anonymity. It is designed to stop
people, including government agencies and corporations, from learning your
location or tracking your browsing habits. Based on that research, it offers a
technology that bounces internet traffic through "relays" which are hosted
by thousands of volunteers around the world. This makes it extremely hard
for anyone to identify the source of the information or the location of the
user.
TOR makes it possible for users to hide their locations while offering
various kinds of services, such as web publishing or an instant messaging
server. Using Tor "rendezvous points," other Tor users can connect to these
hidden services, each without knowing the other's network identity. A hidden
service needs to advertise its existence in the Tor network before clients
will be able to contact it. Therefore, the service randomly picks some
relays, builds circuits to them, and asks them to act as introduction points
by telling them its public key. Note that in the following figures the green

links are circuits rather than direct connections. By using a full Tor circuit,
it's hard for anyone to associate an introduction point with the hidden
server's IP address. While the introduction points and others are told the
hidden service's identity (public key), we don't want them to learn about the
hidden server's location (IP address).

Who Uses TOR?

The TOR project team say its users fall into four main groups:

Normal people who want to keep their internet activities private

from websites and advertisers
Those concerned about cyber spying
Users evading censorship in certain parts of the world
Those engaged in black-market commerce (illegal, drugs, weapons,
gambling, hacking, child porn, etc.)

What are .onion sites?

They are sites that do not have a real domain name or IP address that
exists on the "regular" internet. The TOR network arranges anonymity for
the server and its visitors. The things you can find on .onion sites include
image and file hosting, whistleblower websites (Wikileaks), forums offering
complete freedom of speech, search engines, hacking, programming, and so
on. Some of these websites (such as search engines) are completely legal,
some would be considered illegal in some countries (hacking tutorials),
others are completely illegal (drugs, weapons, child pornography, credit
card fraud and other scams).

How do .onion sites work?

Computers in the TOR cloud work together to encrypt data and
pass it on between each other for the purpose of providing anonymity
to you. Whether you want to visit a website or BE a webserver on the
internet, normally you need an IP address. If you have an IP address,
you can be traced. On the TOR network however, your IP address is
hidden behind the IP address of other TOR nodes, so finding the real
one is much harder

Chapter IV: Type of Transparency

Access transparency Nobody can retrieve the information how the
resource is accessed since all connection might be done under different
relay paths
Location transparency Users does not know where all the relays are exactly
located, all users and server location are also unknown.
Migration transparency Because TOR is a bridge of internet connection so you do
not need to worry about the location. If the resource are available in multiple servers, if at
least 1 server is connected to the internet then you should be able to be able to retrieve
the resources.
Relocation transparency When user cant connect using particular relay, user just
need to wait like waiting to connect to the domain however what happened behind it is
the application is looking for other relay.
Replication transparency An user wont know if the website(resources) have 1 or
several servers
Concurrent transparency Since under TOR network every party are anonymous, an
user will not be able the know who is using the resources they also had in the dark web.
Failure transparency The user will not be notified if any of the relay nodes broken
during usage, it will use another relay node.

Chapter V: System Architecture

System Architecture that is used in the TOR system is hybrid, since there are
a lot of clients to use services from servers. However there is a little bit
difference where in TOR network, there are upper layer of architecture
which is between relays and both client and web server, both client and web
server needs to connect to the relay in order to communicate securely. The
way the relay connect to each other is random and all relays are in the same
level
Client in this network means the one that using internet to browse either
surface or deep or even dark web
Relays are provided by voluntary who supports this network around the
world. Currently, there are 7000 routers that supports TOR Project.

Figure 5 - TOR Architecture

Chapter VI: Process / Communication

In this TOR Network, all the communication between each relay is encrypted
however the connection between the exit funnel and the destination is not
encrypted by TOR, but do not worry because if the website is having a good
security standard like HTTPS or SSL and also although the data is not encrypted the
only things that could be seen by the exit funnel is meta data or the basic
information about data.

Below, we provide the basic process of how TOR connect us to the destination

First, the clients Tor-enabled software determines the list of available Tor
nodes that are present in the network. By doing so, it ensures a random node
selection each time so that no pattern can be observed by anyone spying, ensuring
that you remain private throughout your activities. Random path selection also
leaves no footprints, as no Tor node is aware of the origin or destination other than
the terminal ones receiving from the clients. And since, from the millions of Tor
nodes available, anyone can act as the first receiving node, therefore it is virtually
impossible to trace the origin.

Now, the client generates an encrypted message which is relayed to the first
Tor node. The Onion router on this node would peel off one layer of encryption and
read the information identifying the second node. The second node would repeat
the same process and pass on to third. This would go on until the final node
receives the location of the actual recipient, where it transmits an unencrypted
message to ensure complete anonymity.

Finally, when the client computer wants to establish another path, supposed
to visit another website, or even the same one, the Tor network will select an
entirely different, random path this time.

Chapter VI: Fault Tolerance

Fault Prevention Whenever user use TOR network, the application would
check the active router / relay and it would choose the path who gave the
fastest response.
Fault Tolerance When the current middleman or exit funnel is got down,
the TOR network would create another path which is random and impossible
to be same as before. Right at that time, the browser would pretend like
there was a slow response from the destination.

Chapter VII: Security

Availability It is high because there is more or less 7000 relays around
this world
Reliability It has high reliability in case of privacy however if its about
speed we could not measure the bandwidth of each relay.
Safety Obviously it is secure because the actual person who request the
data is could not be located however its kind of dangerous if we act as the
exit funnel because the exit funnel could be traced (connected directly with
the destination).
Besides, the TOR Browser could disabled certain capability of HTML such as

 Integrity The exit funnels could see your packet metadata, however it
does not have any privilege to change or alter it.
Confidentiality The packet header is encrypted lots of time (or at least 3
times)
Security mechnisms
Encryption The Encryption is done by onion routing using their own
algorithm called Onion routing. Why it is called onion routing? Because
the encrypted data is transmitted through a series of network nodes
called onion routers, each of which "peels" away a single layer,
uncovering the data's next destination. When the final layer is
decrypted, the message arrives at its destination. The sender remains
anonymous because each intermediary knows only the location of the
immediately preceding and following nodes.

 Authentication No authentication is happened because anonymity is

the key of this system
Authorization Once you set your router or server become one of the
TOR Project relay you cant disallow anyone to connect to you.
Auditing No one could auditing the data.

Chapter VIII: Current Weaknesses

Exit node eavesdropping
You have to remember that TOR exit node is the most vulnerable part
of the system, and government might act as exit node to snoop data
transaction. Several researches and experiments had shown that whoever
operating the exit nodes are able to mine whatever data is passing by. That
means if youre a TOR user, you better hope your exit node is operated by
legitimate good guys.
Sniper attack
Jensen et al., describe a DDoS attack targeted at the TOR node
software, as well as defenses against that attack and its variants. The attack
works using a colluding client and server, and filling the queues of the exit

node until the node runs out of memory, and hence can serve no other
(genuine) clients. By attacking a significant proportion of the exit nodes this
way, an attacker can degrade the network and increase the chance of
targets using nodes controlled by the attacker.
Bandwidth Hogging
It is considered impolite to transfer massive amounts of data
across the TOR network, the onion routers are run by volunteers
using their own bandwidth at their own cost.
Email
Anonymous usage of SMTP (i.e., email) can result in spam.
Consequently the default exit policy of TOR nodes rejects outgoing
connections to port 25, the port used for SMTP.

Chapter IX: Conclusion

Here we presented a protocol called Onion Routing. The purpose of Onion
Routing is to protect the anonymity of a user who wants to communicate over a
network. In particular, it will hide the destinations of all communications initiated
by the user. Any outside observers will not be able to tell whom the user is
communicating with and for how long. To achieve this goal, Onion Routing uses
Public Key Encryption to put multiple layers of encryption around the original data
packet, thus creating an object called an onion. This onion will follow a specific
route through the network, and at each route a layer of encryption will be peeled
off. Once the onion reaches its destination it will have been reduced to the
original data packet. When a router decrypts the onion using its private key it will
only get the address of the next router along the path. So no router will ever know

the full path that is travelled by the onion. Since no outside observer will be able
to follow an onion while it is travelling through the network, the communication is
completely anonymous.