TOR browser How it works

Tor is a open source software that make your identity incognito on network.

Many may think that that since it is open source and process of concealing your IP is known, there may exist any possibilities of someone figuring out ways to reverse the routing process used to hide your IP address and strip you down! If you look at it, the tor uses a stream cipher, a public-key cipher, Diffie-Hellman protocol, and a hash function. So until and unless the attacker has enough information example Decryption keys, he can't figure out the source IP or look at the data.

Tor only works for TCP streams and can be used by any application with SOCKS support.

How it works?

For example, say I decided to talk to B then F then Q then A Then C, I'd take my information encrypt it so that only C can read it and tell it where the destination is. Then I'd take that, encrypt it so that only A can read it with information to pass it on to C. Then I'd encrypt that with Q etc. Until eventually I have an overall packet that only B can read. Each node can unwrap only their routing information and the package that they need to deliver to the next node.

Even though the last node is the one which has the plain text it doesn't know what is the ip of the original sender. Reason for this is the header of http does not contain information about the real sender but still there exist the information of the sender with underlying IP protocol and that’s what tor is covering.

Keep in mind that Tor is a proxy network, not a set of routers forwarding IP packets.

The exit node will not know your address. The principle is that every server only knows the address of the previous and the next host but never the whole path. There are three steps between your TOR browser and the webserver:

  • Entry-Node (Knows your address and relay nodes address)

  • Relay-Node (knows entry-node and exit-node address)

  • Exit-Node (knows address of relay-node and webserver)

What happens to the main data (the packet that has my IP address and gets three times encryption)? Since it's only the exit node which could see and change the source address in it.

The payload gets encrypted and forwarded not the metadata - which includes your IP address. Your IP-Address is in no way part of the packet that reaches the exit node!

The packet you send is traveling this chain and the answer is travelling the same chain backwards. When you use HTTPS none of that TOR servers will ever know the content of packages sent/received. What they all do is adding encryption on top of your connection even if it is already encrypted using SSL.

When you use Tor your Internet traffic is routed via Tor which goes through several random relays before exiting the Tor network. Tor is "designed" so that it is theoretically impossible to know the original computer that the information came from assuming you are using Tor the right way. Exit node can see your plaintext traffic assuming you aren't using HTTPS.

If you use HTTPS you should be fine. Tor does not leak your identify, it is the users who don’t use tor correctly who are responsible for the leakage.

There are some ways you can use Tor, and still leak personal information:

  • By attracting attention because you're using Tor. It is possible to detect that someone on your network is using Tor (e.g. You're a network administrator at a workplace, and an employee is using it), and the fact that you're using it is interesting information and story line findings

  • As has been mentioned by g3k, if you use Tor to connect to websites on the "normal" internet, the exit node can see the traffic in plain text. (This doesn't apply to websites hosted on the Tor network itself).

Here's a list of some common mistakes tor users make that could reveal information about the original user up to leaking the actual IP address.

  • Changing proxy settings

  • Installing browser add-ons

  • Installing/Using plugins such as Flash

  • Some recommend to disable Javascript altogether *- Example: Vulnerability uncovered in Windows firefox & chrome "new ip check" option allows sites to determine users actual IP even when using VPN, because Javascript code within visitors browser can

  • executed behind the scenes without users ever knowing see Reddit Post.

  • Always keep browser updated - Vulnerabilities - Leak information Example: Browser vulnerability may reveal users real IP Address

How are the keys exchanged securely so the circuits can be built?

As Per the Wiki

To create and transmit an onion, the following steps are taken:

  1. The originator picks nodes from a list provided by a special node called the directory node (traffic between the originator and the directory node may also be encrypted or otherwise anonymised or decentralised); the chosen nodes are ordered to provide a path through which the message may be transmitted; this ordering of the nodes is called a chain or a circuit. No node within the circuit, except for the exit node, can infer where in the chain it is located, and no node can tell whether the node before it is the originator or how many nodes are in the circuit.

  2. Using asymmetric key cryptography, the originator uses the public key (obtained from the directory) of the first node in the circuit, known as the entry node, to send it an encrypted message, called a create cell.

To quote torproject.org/docs/faq.html.en#WhatIsTor: A bad first of three servers can see encrypted Tor traffic coming from your computer. It still doesn't know who you are and what you are doing over Tor. It merely sign "This IP address is using Tor".

TOR uses the principle of onion routing.

Why we need a service like Tor:

  • Even simply watching a video, video player the browser may be using may leak your information

  • Avoid DNS Leaks When your browser is not setup correctly and queries DNS directly instead via VPN/Tor all your anonymity is lost. How DNS Leaks Can Destroy Anonymity

There is no "return trip". The routing creates a TCP connection chain, which is full-duplex.

the return path of the TCP connection is kind of "hand waved" away. Could you update your answer to give a better explanation of how a reply packet (even something as simple as the SYN-ACK packet of the 3 way handshake) on the TCP connection is sent back through the tor network and get to the original sender?

There is no end-to-end TCP connection. Tor handles data in logical Streams, so each hop is free to fragment or combine data as it sees fit (though for intermediate hops this would likely break the crypto). In other words, the client only establishes a TCP session with the first hop. Everything from there out is a Stream, just like using a SOCKS proxy.

I see. You are the first person ever to be able to explain that. So it’s Me <--(TCP connection1)--> Tor Entry point <--(Tor Protocol Stream)--> Tor Server <--(Tor Protocol Stream)--> Tor Server <--(Tor Protocol Stream)--> Tor Exit Point <--(TCP connection2)-->Destination Server.
So I only have a TCP connection to the entry point and the final destination only has a TCP connection to the exit point.

Ads

Popular Posts