Researchers Unveil Better, Faster Alternative to Tor
The Onion Router – more commonly known as Tor – is a network that provides a high degree of anonymity by encrypting a user’s data multiple times on multiple levels. The data is routed through volunteer relays on Tor’s network. Each time the data reaches a relay a layer is removed and the next location is revealed. This makes it almost impossible to know the data’s source and destination, without first knowing the path that the data took through the network.
Tor has become massively popular among journalists, activists and privacy enthusiasts as well as being used to combat cooperate and government censorship. Tor now has over 2 million daily users. Each time a user joins the network they volunteer as a relay, increasing the number of stops the traffic has to make, effectively slowing the network with each relay. HORNET has been developed to combat this issue.
HORNET is a low-latency onion routing system designed by a group of researchers at the Swiss Federal Institute of Technology and the University College of London. The paper, published on the 21st July 2015 states that each HORNET network relay can process anonymous traffic at 93Gb/s. If this is an achievable figure, it would allow developers to create a global anonymity network that is not limited by its size, like its predecessor Tor is.
HORNET addresses the performance and scalability issues of Tor by building protocols into the network layer as opposed to appending them as overlays like Tor does. This allows the network to have minimal relay overheads, providing a scalable platform. Lightweight network layer anonymity protocols have been developed before. Lightweight Anonymity and Privacy (LAP) is a highly efficient protocol that uses packet-carried forwarding state and forwarding state encryption to enhance anonymity, however, it relies on having a trusted ISP and does not take into account a global threat such as a government. HORNET allows high security to be combined with low latency by carrying the connection state (onion layer decryption keys, routing information etc.) within the packet headers, allowing intermediate nodes to quickly forward the traffic.
This poses the problem that while the data may travel faster if either one of the endpoints was exposed, the attacker could decrypt the traffic and de-anonymise the user.
“When an adversary controls more than one node on a path, it can launch confirmation attacks by leveraging flow-dynamics analysis, timing, and packet tagging, all of which can be further assisted by replay attacks. HORNET, like other low-latency onion routing schemes, cannot prevent such confirmation attacks targeting individual users,”
HORNET is still in a very early stage of development. The paper is yet to be peer-reviewed and the system is still to be tested with real internet traffic. Like Tor, HORNET is not completely immune to all attacks, it does however significantly raise the bar for security against strong attackers like governments.
The full paper can be found at Cornell University Library