Distributed Systems Tor And I2P Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

TOR and I2P are anonymous distributed networks that are based on Onion and Garlic routing respectively. Onion routing is a technology which purpose is to provide anonymous communication between users on a network. The idea is to provide low latency connections transparent to end-users, while the information exchange is immune against attacks like traffic analysis. This could be achieved by a set of encrypted layers and frequently changing paths between a subset of the routers that participates in the routing system. TOR is the most used onion routing system by the general public today.

Garlic routing is an evolution of onion routing with some changes in the way messages are wrapped and routes are selected. I2P is an anonymous peer-to-peer network that uses garlic routing and was developed independently and parallel to TOR. There are differences between the two mechanisms with respect to the way the network is organized.

TOR Overview

TOR is a system intended to enable online anonymity, run by different organizations that donate their bandwidth and processing power. The software is open-source and free of charge, thus everyone can check for backdoors and other flaws.

The routing in TOR is done on the transport level and only supports TCP. Applications have access to the network through SOCKS interface. SOCKS is an Internet protocol that facilitates the routing of network packets between client-server applications via a proxy server. The network consists of Tor nodes (routers), run by contributors, and central directory servers run by the maintainer. The directory servers are in fact established routers responsible for monitoring the network, whereas the nodes just submit their information to other nodes by using a short time onion routing key. There the entries are cryptographically protected with signatures and only information from approved routers will be published in the database, to avoid attacks where someone adds a lot of subverted nodes. TOR traffic and routing consists of a circuit that is set up. The entry point negotiates a symmetric key session with the first hop and sends a request to it to extend the circuit. The process is repeated until the message reaches the last router in the path, called the exit node. The data to be sent is encrypted in several layers, like an onion (hence the name Onion Routing), together with routing information with the data destined for the exit node at the core of the onion. At each intermediate step, a router is unable to see where the data is destined to, where it is originating from or the data itself. An important feature of Tor is the Hidden Services. This feature allows any user to set up an Internet service, such as a web page or a message board, and let anybody use it without knowing where it is located or who is behind it. It also works the other way around; the service operator has no knowledge of who are using the service. Hidden services have the top level domain .onion, and the host name has to be looked up using the Tor network. This can be a problem, because all applications do not currently forward DNS lookups via SOCKS.

Attacks on onion routing

Tor is not designed to provide anonymity on the application level. There is also a privacy problem with DNS lookups, which often are sent outside the intermediate proxy through the regular network, which can expose what services a users is connecting to through Tor. Tor does not conceal that a user is connected to Tor, but it hides what the user does on the network.

There are some attacks that can reveal the identity of a Tor user to some degree, the main one being timing analysis excluding the DNS problem. By watching packets leaving a user and entering a target server one can correlate the traffic and make probable that the user is in fact connecting to it. This however requires the possibility to monitor both user and target, and is not practical for most individuals and organizations. Another probability-based attack is the intersection attacks, where an adversary observes when dynamic routers leave the network. This breaks some connections and by looking at traffic surviving this one can minimize the number of probable paths. To increase probability of some of the attacks mentioned or just hurt the network one can flood the routers with requests. This may cause a denial of service, as the mass of encrypted packets requires significant computing resources to process or simply exhaust the available bandwidth.

I2P Overview

I2P, The Invisible Internet Project, was started in 2003 with the purpose of enabling anonymous communication in a dynamic decentralized network resilient to attacks. All communication is end-to-end encrypted and implemented as a garlic routing network layer leaving it open for use by any kind of client-server or peer-to-peer using it. The project is still in an alpha stage and is not considered mature for broad use yet. Garlic routing is based on onion routing with the following major change: Onion routers have the possibility to join several messages with independent routing information on each level into a new onion for the next node. The messages ("cloves", hence the name garlic) in an onion message can have arbitrary options such as a request to delay the message in the next node for some time or end there, while the rest of the clove is disassembled and reassembled in new onions. The onions can also include padding to masquerade how many actual cloves there are. All these operations make traffic analysis much more difficult as long as there are enough messages.

Attacks on garlic routing

On the application layer I2P is vulnerable to the same anonymity attacks as Tor (and other similar anonymous services such as Freenet): applications/protocols reporting their real IP and leaking local information through JavaScript/Java etc. Another possible anonymity attack against I2P that has been discussed is flooding a specific node with requests effectively causing a denial of service and monitoring if a hidden service goes offline. By repeating this from different locations and using statistical analysis one can infer that the service was hosted on that node (false positives may be the closest node relaying traffic to that service). This becomes increasingly difficult as the network grows. Most of the statistical attacks from Tor apply to I2P, such as observing timing of packets leaving nodes and which peers connect to which. The garlic part makes these attacks much harder, but not impossible if the attacker controls a lot of nodes near the user. Because I2P is still in early development there may also be flaws in the actual implementation that can reveal information about the user or be used for denial of service. A number of different scenarios for denial of service attacks exist, from the most simple ones where nodes are flooded with traffic which either consumes all bandwidth or CPU resources for cryptographic operations.

Differences between Tor and I2P

I2P is a transport protocol comparable to IP. Data is sent in packets/datagrams and Tor clients randomly determine a tunnel path for a connection. In I2P the tunnels are one way.

While Tor has a concept of central directory servers for distribution of the network, I2P is fully distributed requiring a bootstrapping operation to find one peer to be able to join the network.

I2P was not designed to reach regular Internet services anonymously, and there are no exit nodes in the protocol. In the Tor part the exit nodes are susceptible to abuse and there are some security issues weakening the anonymity of the users.

Regular TCP/IP applications cannot be used directly in I2P, but have to be modified or run through software known as I2PTunnel to connect to other I2P hosts.


Both anonymous communication implementations provide a local proxy server, which the user is supposed to set his or her web browser to use. Tor has a SOCKS proxy which is typically connected to a separate HTTP proxy server on the same machine. They both provide anonymous communication between internal sites with the pseudo-names .onion and .i2p for Tor and i2p respectively. Additionally Tor provides, typically very slow, access to the normal www, i2p doesn't. I2p is significantly faster than Tor, perhaps because all nodes are participating in the routing by default, whereas one must actively reconfigure Tor to act as a router. Last but not least, I2P has its entire configuration UI interface as a HTTP server, Tor is mainly configured through text files.