This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
TOR and I2P are anonymous distributed networks that are based on Onion and Garlic routing respectively. Onion routing is a technology which purpose is to provide anonymous communication between users on a network. The idea is to provide low latency connections transparent to end-users, while the information exchange is immune against attacks like traffic analysis. This could be achieved by a set of encrypted layers and frequently changing paths between a subset of the routers that participates in the routing system. TOR is the most used onion routing system by the general public today.
Garlic routing is an evolution of onion routing with some changes in the way messages are wrapped and routes are selected. I2P is an anonymous peer-to-peer network that uses garlic routing and was developed independently and parallel to TOR. There are differences between the two mechanisms with respect to the way the network is organized.
TOR is a system intended to enable online anonymity, run by different organizations that donate their bandwidth and processing power. The software is open-source and free of charge, thus everyone can check for backdoors and other flaws.
The routing in TOR is done on the transport level and only supports TCP. Applications have access to the network through SOCKS interface. SOCKS is an Internet protocol that facilitates the routing of network packets between client-server applications via a proxy server. The network consists of Tor nodes (routers), run by contributors, and central directory servers run by the maintainer. The directory servers are in fact established routers responsible for monitoring the network, whereas the nodes just submit their information to other nodes by using a short time onion routing key. There the entries are cryptographically protected with signatures and only information from approved routers will be published in the database, to avoid attacks where someone adds a lot of subverted nodes. TOR traffic and routing consists of a circuit that is set up. The entry point negotiates a symmetric key session with the first hop and sends a request to it to extend the circuit. The process is repeated until the message reaches the last router in the path, called the exit node. The data to be sent is encrypted in several layers, like an onion (hence the name Onion Routing), together with routing information with the data destined for the exit node at the core of the onion. At each intermediate step, a router is unable to see where the data is destined to, where it is originating from or the data itself. An important feature of Tor is the Hidden Services. This feature allows any user to set up an Internet service, such as a web page or a message board, and let anybody use it without knowing where it is located or who is behind it. It also works the other way around; the service operator has no knowledge of who are using the service. Hidden services have the top level domain .onion, and the host name has to be looked up using the Tor network. This can be a problem, because all applications do not currently forward DNS lookups via SOCKS.
Attacks on onion routing
Tor is not designed to provide anonymity on the application level. There is also a privacy problem with DNS lookups, which often are sent outside the intermediate proxy through the regular network, which can expose what services a users is connecting to through Tor. Tor does not conceal that a user is connected to Tor, but it hides what the user does on the network.
There are some attacks that can reveal the identity of a Tor user to some degree, the main one being timing analysis excluding the DNS problem. By watching packets leaving a user and entering a target server one can correlate the traffic and make probable that the user is in fact connecting to it. This however requires the possibility to monitor both user and target, and is not practical for most individuals and organizations. Another probability-based attack is the intersection attacks, where an adversary observes when dynamic routers leave the network. This breaks some connections and by looking at traffic surviving this one can minimize the number of probable paths. To increase probability of some of the attacks mentioned or just hurt the network one can flood the routers with requests. This may cause a denial of service, as the mass of encrypted packets requires significant computing resources to process or simply exhaust the available bandwidth.
I2P, The Invisible Internet Project, was started in 2003 with the purpose of enabling anonymous communication in a dynamic decentralized network resilient to attacks. All communication is end-to-end encrypted and implemented as a garlic routing network layer leaving it open for use by any kind of client-server or peer-to-peer using it. The project is still in an alpha stage and is not considered mature for broad use yet. Garlic routing is based on onion routing with the following major change: Onion routers have the possibility to join several messages with independent routing information on each level into a new onion for the next node. The messages ("cloves", hence the name garlic) in an onion message can have arbitrary options such as a request to delay the message in the next node for some time or end there, while the rest of the clove is disassembled and reassembled in new onions. The onions can also include padding to masquerade how many actual cloves there are. All these operations make traffic analysis much more difficult as long as there are enough messages.
Attacks on garlic routing
Differences between Tor and I2P
I2P is a transport protocol comparable to IP. Data is sent in packets/datagrams and Tor clients randomly determine a tunnel path for a connection. In I2P the tunnels are one way.
While Tor has a concept of central directory servers for distribution of the network, I2P is fully distributed requiring a bootstrapping operation to find one peer to be able to join the network.
I2P was not designed to reach regular Internet services anonymously, and there are no exit nodes in the protocol. In the Tor part the exit nodes are susceptible to abuse and there are some security issues weakening the anonymity of the users.
Regular TCP/IP applications cannot be used directly in I2P, but have to be modified or run through software known as I2PTunnel to connect to other I2P hosts.
Both anonymous communication implementations provide a local proxy server, which the user is supposed to set his or her web browser to use. Tor has a SOCKS proxy which is typically connected to a separate HTTP proxy server on the same machine. They both provide anonymous communication between internal sites with the pseudo-names .onion and .i2p for Tor and i2p respectively. Additionally Tor provides, typically very slow, access to the normal www, i2p doesn't. I2p is significantly faster than Tor, perhaps because all nodes are participating in the routing by default, whereas one must actively reconfigure Tor to act as a router. Last but not least, I2P has its entire configuration UI interface as a HTTP server, Tor is mainly configured through text files.