On Building Onion Routing into Future Internet Architectures

  • Daniele E. Asoni
  • Chen Chen
  • David Barrera
  • Adrian Perrig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9591)


User privacy on the Internet has become a pressing concern in recent years largely due to the revelations of large scale network surveillance programs. Research initiatives around future Internet architectures (FIAs) offer a unique opportunity to integrate privacy protection measures into the architecture of the network itself. In this paper, we survey the main design challenges of network layer onion routing protocols in FIAs. We empirically investigate the requirements and trade-offs of different design choices. Our goal is to identify promising research directions and incentivize further exploration of the field.


Internet Service Provider Threat Model Forward Secrecy Cryptographic Operation Private Information Retrieval 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    AlSabah, M., Goldberg, I.: PCTCP: per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. In: ACM CCS (2013)Google Scholar
  2. 2.
    Backes, M., Kate, A.: AnoA: a framework for analyzing anonymous communication protocols. In: IEEE CSF (2013)Google Scholar
  3. 3.
    CAIDA UCSD Anonymized Internet Traces 2014. Accessed 30 Apr 2015.
  4. 4.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  5. 5.
    Chaum, D., et al.: cMix: Anonymization by high-performance scalable mixing. Technical report (2016).
  6. 6.
    Chen, C., et al.: HORNET: High-speed Onion Routing at the Network Layer. In: ACM CCS (2015)Google Scholar
  7. 7.
    Chor, B., et al.: Private information retrieval. J. ACM 45(6), 965–981 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: IEEE S&P (2003)Google Scholar
  9. 9.
    Danezis, G., Goldberg, I.: Sphinx: a compact and provably secure mix format. In: IEEE S&P (2009)Google Scholar
  10. 10.
    DiBenedetto, S., et al.: ANDaNA: anonymous named data networking application. In: NDSS (2011)Google Scholar
  11. 11.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security (2004)Google Scholar
  12. 12.
    Dingledine, R., Murdoch, S.J.: Performance Improvements on Tor or, Why Tor is slow and what we’re going to do about it. Technical report, The Tor Project (2009).
  13. 13.
    Farrell, S., Tschofenig, H.: Pervasive Monitoring Is an Attack. IETF RFC 7258Google Scholar
  14. 14.
    Federrath, H.: AN.ON - Privacy protection on the Internet. ERCIM News 49, 11 (2002)Google Scholar
  15. 15.
    Federrath, H., Fuchs, K.-P., Herrmann, D., Piosecny, C.: Privacy-preserving DNS: analysis of broadcast, range queries and mix-based protection methods. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 665–683. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  16. 16.
    Geddes, J., Jansen, R., Hopper, N.: IMUX: managing tor connections from two to infinity, and beyond. In: WPES (2014)Google Scholar
  17. 17.
    Godfrey, P.B., et al.: Pathlet routing. In: ACM SIGCOMM (2009)Google Scholar
  18. 18.
    Gülcü, C., Tsudik, G.: Mixing email with babel. In: NDSS (1996)Google Scholar
  19. 19.
    He, Y., et al.: On routing asymmetry in the internet. In: IEEE GLOBECOM (2005)Google Scholar
  20. 20.
    Hsiao, H.C., et al.: LAP: lightweight anonymity and privacy. In: IEEE S&P (2012)Google Scholar
  21. 21.
    Johnson, A., et al.: Users get routed: traffic correlation on tor by realistic adversaries. In: ACM CCS (2013)Google Scholar
  22. 22.
    JonDonym. Accessed 24 Feb 2016.
  23. 23.
    Liu, V., et al.: Tor instead of IP. In: ACM HotNets (2011)Google Scholar
  24. 24.
    Minarik, T., Osula, A.M.: Tor does not stink: Use and abuse of the Tor anonymity network from the perspective of law. Comput. Law Secur. Rev. 32(1), 111–127 (2016)CrossRefGoogle Scholar
  25. 25.
    Mittal, P., et al.: Scalable anonymous communication with provable security. In: USENIX HotSec (2010)Google Scholar
  26. 26.
    Pan, J., Paul, S., Jain, R.: A survey of the research on future internet architectures. IEEE Commun. Mag. 49(7), 26–36 (2011)CrossRefGoogle Scholar
  27. 27.
    Reardon, J., Goldberg, I.: Improving tor using a TCP-over-DTLS tunnel. In: USENIX Security (2009)Google Scholar
  28. 28.
    Sankey, J., Wright, M.: Dovetail: stronger anonymity in next-generation internet routing. In: De Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 283–303. Springer, Heidelberg (2014)Google Scholar
  29. 29.
    Seo, K., Kent, S.: Security architecture for the Internet protocol. IETF RFC 4301 (2005)Google Scholar
  30. 30.
    Tor Metrics. Accessed 13 May 2015.
  31. 31.
    Yang, X., Clark, D., Berger, A.W.: NIRA: a new inter-domain routing architecture. IEEE/ACM Trans. Networking 15(4), 775–788 (2007)CrossRefGoogle Scholar
  32. 32.
    Zantout, B., Haraty, R.: I2P data communication system. In: ICN (2011)Google Scholar
  33. 33.
    Zhang, L., et al.: Named data networking. ACM SIGCOMM 44(3), 66–73 (2014)CrossRefGoogle Scholar
  34. 34.
    Zhang, X., et al.: SCION: scalability, control, and isolation on next-generation networks. In: IEEE S&P (2011)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Daniele E. Asoni
    • 1
  • Chen Chen
    • 1
  • David Barrera
    • 1
  • Adrian Perrig
    • 1
  1. 1.Network Security Group, Department of Computer ScienceETH ZürichZurichSwitzerland

Personalised recommendations