Hiding Routing information

  • David M. Goldschlag
  • Michael G. Reed
  • Paul F. Syverson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1174)


This paper describes an architecture, Onion Routing, that limits a network's vulnerability to traffic analysis. The architecture provides anonymous socket connections by means of proxy servers. It provides real-time, bi-directional, anonymous communication for any protocol that can be adapted to use a proxy service. Specifically, the architecture provides for bi-directional communication even though no-one but the initiator's proxy server knows anything but previous and next hops in the communication chain. This implies that neither the respondent nor his proxy server nor any external observer need know the identity of the initiator or his proxy server. A prototype of Onion Routing has been implemented. This prototype works with HTTP (World Wide Web) proxies. In addition, an analogous proxy for TELNET has been implemented. roxies for FTP and SMTP are under development.


Stream Cipher Proxy Server Expiration Time Traffic Analysis Phone Line 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    D. Chaum. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, Communications of the ACM, v. 24, n. 2, Feb. 1981, pages 84–88.Google Scholar
  2. 2.
    D. Chaum, The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, Journal of Cryptology, 1/1, 1988, pages 65–75.Google Scholar
  3. 3.
    S. Chuang. Security Management of ATM Networks, Ph.D. thesis, in progress, Cambridge University.Google Scholar
  4. 4.
    D. E. Comer. Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture, Prentice-Hall, Engelwood Cliffs, New Jersey, 1995.Google Scholar
  5. 5.
    L. Cottrell. Mixmaster and Remailer Attacks,∼loki/remailer/remailer-essay.htmlGoogle Scholar
  6. 6.
    C. Gulcu and G. Tsudik. Mixing Email with Babel, 1996 Symposium on Network and Distributed System Security, San Diego, February 1996.Google Scholar
  7. 7.
    A. Pfitzmann and B. Pfitzmann. How to Break the Direct RSA-implementation of MIXes, Advances in Cryptology-EUROCRYPT '89 Proceedings, Springer-Verlag, Berlin, 1990, pages 373–381.Google Scholar
  8. 8.
    A. Pfitzmann, B. Pfitzmann, and M. Waidner. ISDN-Mixes: Untraceable Communication with Very Small Bandwidth Overhead, GI/ITG Conference: Communication in Distributed Systems, Mannheim Feb, 1991, Informatik-Fachberichte 267, Springer-Verlag, Heildelberg 1991, pages 451–463.Google Scholar
  9. 9.
    A. Pfitzmann and M. Waidner. Networks Without User Observability, Computers & Security, 6/2 1987, pages 158–166.Google Scholar
  10. 10.
    B. Schneier. Applied Cryptography: Protocols, Algorithms and Source Code in C, John Wiley and Sons, 1994.Google Scholar
  11. 11.
    W. R. Stevens. TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols, Addison-Wesley, Reading, Mass., 1996.Google Scholar
  12. 12.
    L. D. Stein. How to Set up and Maintain a World Wide Web Site: The Guide for Information Providers, Addison-Wesley, Reading, Mass., 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • David M. Goldschlag
    • 1
  • Michael G. Reed
    • 1
  • Paul F. Syverson
    • 1
  1. 1.Naval Research LaboratoryCenter For High Assurance Computer SystemsWashington, D.C.USA

Personalised recommendations