Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

# What is onion routing?

Omer Kamran

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Onion routing is a technique used to make anonymous browsing more secure. It utilizes nodes acting as hop pointsThis refers to a node in a crowd where a packet lands and then "hops-off" to another node. in a crowdA collection of nodes on a network is considered a crowd. Nodes are users (hosts) acting as stations for the packet to travel through while on it's way to it's destination. of relays to add layers of encryption to a packet, that is to travel over a network until it reaches its destination.

### Procedure

For explanation purposes, we assume that a node is communicating with a server that does not involve encryption. So the packet will only be encrypted with the symmetric keys of the nodes in the crowd.

### From source to destination

The procedure followed for sending a packet over the internet with onion routing implemented is as follows:

• The client first determines the circuit (route) of the packet to traverse over the internet.
• The client assembles the shared symmetric keys of the nodes included in the circuit.
• The client then encapsulates the packet in the encryption keys of the nodes.
• The packet is then sent to each node included in the circuit, and they use their keys to "peel off" each layer of encryption, one by one.
• The packet reaches its destination with each encryption layer removed, and the destination gains access to its contents.

Below is the illustration of a packet's one-way travel (from source to destination):

Source retrieves symmetric keys of the nodes in the circuit
1 of 7

### Explanation

• Initially, the client node encrypts the packet in shared symmetric keys $K_{N}$ of the nodes.

• The packet is sent over to the first node in the circuit, which decrypts the first layer of encryption using its shared symmetric key $K_{N}$ and sends it over to the next node. This process repeats until the packet is delivered to its destination.

### From destination to source

The following is the procedure the nodes follow while sending the packet back into the circuit:

• The destination node encrypts the packet in the encryption key of the last node it received it from and sends the packet to it.
• The rest of the nodes also follow the same procedure until the packet arrives back at the source.
• The source node decrypts the packet using the symmetric keys of the nodes which encrypted the packet to gain access to its contents.
The destination acquires the keys of the nodes in the circuit
1 of 6

### Explanation

• The destination sends the packet back into the circuit (to the first node it received the packet from).
• The second node encrypts the packet with its symmetric key $K_3$ and sends it to the node it received the packet from.
• The first node adds a layer of encryption by encrypting the packet with its symmetric key $K_2$ and sends it back to the source.
• The source decrypts the two layers of encryption to gain access to the contents of the packet.

### Applications

The browser implements onion routing as a protocol and ensures at least three hops per packet before it reaches its destination to ensure the privacy of the person using the browser.

• This protocol ensures web privacy, which prevents third-party applications from tracking user activity to target them with personalized ads.
• Journalists make use of this protocol to communicate with whistleblowers and dissidents.
• Law enforcement agencies also use this technique for surveilling illegal dark web portals and gathering open source information.
• Unfortunately, on the flip-side, this technique is also used for illegal purposes by criminals with the sole purpose of hiding their tracks, and by hackers to cover their malware tracks.

RELATED TAGS

CONTRIBUTOR

Omer Kamran