This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Deploying Low-Latency Anonymity: Design Challenges and Social Factors
September/October 2007 (vol. 5 no. 5)
pp. 83-87
Roger Dingledine, The Tor Project
Nick Mathewson, The Tor Project
Paul Syverson, US Naval Research Laboratory
Tor (the Onion Routing) is an open source, distributed, low-latency anonymity network. This article examines how Tor works, the underlying design philosophy, and some of the challenges in building, deploying, and sustaining a network for anonymous communications.

1. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 303–319; http://tor.eff.orgtor-design.pdf.
1. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 303–319; http://tor.eff.orgtor-design.pdf.
1. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 303–319; http://tor.eff.orgtor-design.pdf.
2. D.M. Goldschlag, M.G. Reed, and P.F. Syverson, "Hiding Routing Information," Information Hiding—1st Int'l Workshop, R. Anderson, ed., LNCS 1174, Springer-Verlag, 1996, pp. 137–150.
2. D.M. Goldschlag, M.G. Reed, and P.F. Syverson, "Hiding Routing Information," Information Hiding—1st Int'l Workshop, R. Anderson, ed., LNCS 1174, Springer-Verlag, 1996, pp. 137–150.
2. D.M. Goldschlag, M.G. Reed, and P.F. Syverson, "Hiding Routing Information," Information Hiding—1st Int'l Workshop, R. Anderson, ed., LNCS 1174, Springer-Verlag, 1996, pp. 137–150.
3. M.G. Reed, P.F. Syverson, and D.M. Goldschlag, "Anonymous Connections and Onion Routing," IEEE J. Selected Areas in Comm., vol. 16, no. 4, 1998, pp. 482–494.
3. M.G. Reed, P.F. Syverson, and D.M. Goldschlag, "Anonymous Connections and Onion Routing," IEEE J. Selected Areas in Comm., vol. 16, no. 4, 1998, pp. 482–494.
3. M.G. Reed, P.F. Syverson, and D.M. Goldschlag, "Anonymous Connections and Onion Routing," IEEE J. Selected Areas in Comm., vol. 16, no. 4, 1998, pp. 482–494.
4. L. Øverlier and P. Syverson, "Locating Hidden Servers," Proc. 2006 IEEE Symp. Security and Privacy, IEEE CS Press, 2006, pp. 100–114.
4. L. Øverlier and P. Syverson, "Locating Hidden Servers," Proc. 2006 IEEE Symp. Security and Privacy, IEEE CS Press, 2006, pp. 100–114.
4. L. Øverlier and P. Syverson, "Locating Hidden Servers," Proc. 2006 IEEE Symp. Security and Privacy, IEEE CS Press, 2006, pp. 100–114.
5. G. Danezis, R. Dingledine, and N. Mathewson, "Mixminion: Design of a Type III Anonymous Remailer Protocol," Proc. 2003 IEEE Symp. Security and Privacy, IEEE CS Press, 2003, pp. 2–15.
5. G. Danezis, R. Dingledine, and N. Mathewson, "Mixminion: Design of a Type III Anonymous Remailer Protocol," Proc. 2003 IEEE Symp. Security and Privacy, IEEE CS Press, 2003, pp. 2–15.
5. G. Danezis, R. Dingledine, and N. Mathewson, "Mixminion: Design of a Type III Anonymous Remailer Protocol," Proc. 2003 IEEE Symp. Security and Privacy, IEEE CS Press, 2003, pp. 2–15.
6. O. Berthold, H. Federrath, and S. Köpsell, "Web MIXes: A System for Anonymous and Unobservable Internet Access," Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability, H. Federrath, ed., LNCS 2009, Springer-Verlag, 2000, pp. 30–45.
6. O. Berthold, H. Federrath, and S. Köpsell, "Web MIXes: A System for Anonymous and Unobservable Internet Access," Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability, H. Federrath, ed., LNCS 2009, Springer-Verlag, 2000, pp. 30–45.
6. O. Berthold, H. Federrath, and S. Köpsell, "Web MIXes: A System for Anonymous and Unobservable Internet Access," Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability, H. Federrath, ed., LNCS 2009, Springer-Verlag, 2000, pp. 30–45.
7. A. Back, I. Goldberg, and A. Shostack, "Freedom Systems 2.1 Security Issues and Analysis," white paper, Zero Knowledge Systems, May 2001.
7. A. Back, I. Goldberg, and A. Shostack, "Freedom Systems 2.1 Security Issues and Analysis," white paper, Zero Knowledge Systems, May 2001.
7. A. Back, I. Goldberg, and A. Shostack, "Freedom Systems 2.1 Security Issues and Analysis," white paper, Zero Knowledge Systems, May 2001.
8. M.J. Freedman and R. Morris, "Tarzan: A Peer-to-Peer Anonymizing Network Layer," Proc. 9th ACM Conf. Computer and Comm. Security (CCS 02), ACM Press, 2002, pp. 193–206.
8. M.J. Freedman and R. Morris, "Tarzan: A Peer-to-Peer Anonymizing Network Layer," Proc. 9th ACM Conf. Computer and Comm. Security (CCS 02), ACM Press, 2002, pp. 193–206.
8. M.J. Freedman and R. Morris, "Tarzan: A Peer-to-Peer Anonymizing Network Layer," Proc. 9th ACM Conf. Computer and Comm. Security (CCS 02), ACM Press, 2002, pp. 193–206.
9. M. Rennhard and B. Plattner, "Practical Anonymity for the Masses with Morphmix," Financial Cryptography, A. Juels, ed., Springer-Verlag, 2004.
9. M. Rennhard and B. Plattner, "Practical Anonymity for the Masses with Morphmix," Financial Cryptography, A. Juels, ed., Springer-Verlag, 2004.
9. M. Rennhard and B. Plattner, "Practical Anonymity for the Masses with Morphmix," Financial Cryptography, A. Juels, ed., Springer-Verlag, 2004.
10. M.K. Reiter and A.D. Rubin, "Crowds: Anonymity for Web Transactions," ACM Trans. Information and System Security, vol. 1, no. 1, 1998, pp. 66–92.
10. M.K. Reiter and A.D. Rubin, "Crowds: Anonymity for Web Transactions," ACM Trans. Information and System Security, vol. 1, no. 1, 1998, pp. 66–92.
10. M.K. Reiter and A.D. Rubin, "Crowds: Anonymity for Web Transactions," ACM Trans. Information and System Security, vol. 1, no. 1, 1998, pp. 66–92.
11. G. Danezis, "The Traffic Analysis of Continuous-Time Mixes," Proc. Privacy-Enhancing Technologies (PET 2004), D. Martin and A. Serjantov, eds., LNCS 3424, 2004; www.cl.cam.ac.uk/users/gd216cmm2.pdf.
11. G. Danezis, "The Traffic Analysis of Continuous-Time Mixes," Proc. Privacy-Enhancing Technologies (PET 2004), D. Martin and A. Serjantov, eds., LNCS 3424, 2004; www.cl.cam.ac.uk/users/gd216cmm2.pdf.
11. G. Danezis, "The Traffic Analysis of Continuous-Time Mixes," Proc. Privacy-Enhancing Technologies (PET 2004), D. Martin and A. Serjantov, eds., LNCS 3424, 2004; www.cl.cam.ac.uk/users/gd216cmm2.pdf.
12. A. Serjantov and P. Sewell, "Passive Attack Analysis for Connection-Based Anonymity Systems," Proc. 8th European Symp. Research in Computer Security (ESORICS), LNCS 2808, Springer-Verlag, 2003, pp. 116–131.
12. A. Serjantov and P. Sewell, "Passive Attack Analysis for Connection-Based Anonymity Systems," Proc. 8th European Symp. Research in Computer Security (ESORICS), LNCS 2808, Springer-Verlag, 2003, pp. 116–131.
12. A. Serjantov and P. Sewell, "Passive Attack Analysis for Connection-Based Anonymity Systems," Proc. 8th European Symp. Research in Computer Security (ESORICS), LNCS 2808, Springer-Verlag, 2003, pp. 116–131.
13. A. Acquisti, R. Dingledine, and P. Syverson, "On the Economics of Anonymity," Financial Cryptography, R.N. Wright, ed., LNCS 2742, Springer-Verlag, 2003, pp. 84–102.
13. A. Acquisti, R. Dingledine, and P. Syverson, "On the Economics of Anonymity," Financial Cryptography, R.N. Wright, ed., LNCS 2742, Springer-Verlag, 2003, pp. 84–102.
13. A. Acquisti, R. Dingledine, and P. Syverson, "On the Economics of Anonymity," Financial Cryptography, R.N. Wright, ed., LNCS 2742, Springer-Verlag, 2003, pp. 84–102.
14. A. Back, U. Möller, and A. Stiglic, "Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems," Proc. Information Hiding (IH 2001), I.S. Moskowitz, ed., LNCS 2137, Springer-Verlag, 2001, pp. 245–257.
14. A. Back, U. Möller, and A. Stiglic, "Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems," Proc. Information Hiding (IH 2001), I.S. Moskowitz, ed., LNCS 2137, Springer-Verlag, 2001, pp. 245–257.
14. A. Back, U. Möller, and A. Stiglic, "Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems," Proc. Information Hiding (IH 2001), I.S. Moskowitz, ed., LNCS 2137, Springer-Verlag, 2001, pp. 245–257.
15. R. Dingledine and N. Mathewson, "Anonymity Loves Company: Usability and the Network Effect," Designing Security Systems That People Can Use, O'Reilly Media, 2005, pp. 547–559.
15. R. Dingledine and N. Mathewson, "Anonymity Loves Company: Usability and the Network Effect," Designing Security Systems That People Can Use, O'Reilly Media, 2005, pp. 547–559.
15. R. Dingledine and N. Mathewson, "Anonymity Loves Company: Usability and the Network Effect," Designing Security Systems That People Can Use, O'Reilly Media, 2005, pp. 547–559.
16. G. Goodell and P. Syverson, "The Right Place at the Right Time: Examining the Use of Network Location in Authentication and Abuse Prevention," Comm. ACM, vol. 50, no. 5, 2007, pp. 113–117.
16. G. Goodell and P. Syverson, "The Right Place at the Right Time: Examining the Use of Network Location in Authentication and Abuse Prevention," Comm. ACM, vol. 50, no. 5, 2007, pp. 113–117.
16. G. Goodell and P. Syverson, "The Right Place at the Right Time: Examining the Use of Network Location in Authentication and Abuse Prevention," Comm. ACM, vol. 50, no. 5, 2007, pp. 113–117.
17. J. Holt, "Nym: Practical Pseudonymity for Anonymous Networks," white paper, 2005; www.lunkwill.org/srcnym/.
17. J. Holt, "Nym: Practical Pseudonymity for Anonymous Networks," white paper, 2005; www.lunkwill.org/srcnym/.
17. J. Holt, "Nym: Practical Pseudonymity for Anonymous Networks," white paper, 2005; www.lunkwill.org/srcnym/.
18. P.C. Johnson et al., "Nymble: Anonymous IP-Address Blocking," Proc. Privacy-Enhancing Technologies (PET 07), Springer-Verlag, 2007.
18. P.C. Johnson et al., "Nymble: Anonymous IP-Address Blocking," Proc. Privacy-Enhancing Technologies (PET 07), Springer-Verlag, 2007.
18. P.C. Johnson et al., "Nymble: Anonymous IP-Address Blocking," Proc. Privacy-Enhancing Technologies (PET 07), Springer-Verlag, 2007.

Index Terms:
emerging standards, Tor, onion routing, anonymizer, privacy, peer-to-peer, networking
Citation:
Roger Dingledine, Nick Mathewson, Paul Syverson, "Deploying Low-Latency Anonymity: Design Challenges and Social Factors," IEEE Security & Privacy, vol. 5, no. 5, pp. 83-87, Sept.-Oct. 2007, doi:10.1109/MSP.2007.108
Usage of this product signifies your acceptance of the Terms of Use.