Past, Present and Future of Tor Hidden Services

Abstract

Using the Internet reveals the IP addresses of both communication parties to everybody, who is able to observe the communication. Anonymity systems like Tor hide the IP addresses and the communication in such a way that the communication cannot be linked between the two parties. Tor is a low-latency anonymity network designed for interactive applications, which allows its users to stay anonymous while using the Internet, for example for Web browsing, e-mail or instant messaging. In order to achieve anonymity the users’ traffic is routed through the Tor network by choosing three random network nodes. Thus, the user stays anonymous, because his real IP address is not used to access the service and no single node in the network can link the user to the service he is accessing. In addition, Tor provides location-hidden services to allow services to operate anonymous as well. With location-hidden services the location of a service, i.e. its IP address, is not revealed by using the service. At the moment the Tor Project works on an overhaul of the design of location-hidden services. This paper introduces Tor, explains its design and specification with the goal to understand, how Tor is working to achieve its anonymity goals. It explains why Tor is built in the way as it is implemented today, but also states Tor’s limitations and situations in which Tor cannot guarantee anonymity. Furthermore, location-hidden services are introduced as well. The current hidden services design is examined in-depth with its shortcomings and drawbacks and it is presented why this design needs to be renewed. This gives a rationale for a new design of hidden services. The proposed new design is described as well. The paper finishes with a summary of open research questions, which are not yet addressed by the new hidden services design. The goal of this paper is to provide the reader with a thorough understanding of Tor and its location-hidden services. It goes beyond most introductions of Tor as it looks into Tor’s protocol specifications and explains the choices made by the designers and developers of Tor. After reading this paper the reader should be able explain, how Tor is built, why it is implemented this way, but also what Tor’s limitations are regarding anonymity and what aspects of Tor are not yet well understood. The focus of this paper is laid on the main Tor application and anonymity. It does not consider application-level issues such as the Tor Browser or the usage of Tor as a censorship circumvention tool.