Introduction

Beneath the surface of the internet lies the dark web, a hidden realm accessible through tools like Tor. The Onion Router (Tor) is a free and open-source project that serves as the backbone of this concealed network, enabling anonymous communication and hosting private services. However, Tor is more than just a gateway to the dark web, it’s a powerful tool for safeguarding privacy and anonymity online. From protecting sensitive sources to bypassing censorship, Tor empowers user to reclaim control of their digital footprint.

What is tor?

Tor network is a overlay network designed for anonymous communication over internet. Instead of direct user to website communication, data is routed through multiple random volunteer-operated relays or onion routers (computer running specialized tor software, 7000+ in total).

To join the Tor network, users can use the official Tor Browser or other browsers that support Tor connections. They also need to obtain a up-to-date ‘consensus‘, which is a type of document containing all the information about the relays and gives an overview of the whole network, managed by directory authorities.

The principle of Tor

The principle of Tor is onion routing. The client first form a circuit with multiple relays and sends the traffic through the circuit with multiple layers of encryption as many as the number of relay present in the circuit (usually three), thus forming an onion like shape. Each relay peels off one layer of encryption and sends it to the next node, exposing only the information needed to forward the data.

This ensures: -

No single relay knows both the user’s identity and their final destination.
The contents of the message remain hidden from the intermediate relays.

More about the circuit

When a user initiates a connection, their tor client constructs a circuit (a path) of three relays chosen randomly from the 7000+ relays described in the ‘consensus‘. The client establishes a unique symmetric key with each of the three relays. These relays are strategically chosen to ensure anonymity: -

Guard relays: - This is the entry to the tor network. It knows the IP address of the user’s, but does not know the final destination of the traffic. Guard relays are chosen carefully for their reliability and stability.
Middle relays: - It acts as an intermediary, it connects the guard and the exit relay. It doesn’t know both the location of the user and the destination.
Exit relay: - The final relay in the circuit, it sends the data to its intended destination, after decrypting the final layer. While it sees the unencrypted contented of traffic (if not HTTPS), it doesn’t know the identity of the traffic. It is the only relay that knows the final destination.

Relays decrypts data using their unique symmetric keys, which are intended only for them.

After establishing the circuit, the client sends the three layer encrypted data to the guard node. By the time the data reaches its destination, all the encryption layer’s are removed, and the exit relay sends the raw request or traffic to the server. The server sees the request coming from the exit relay, not from the user.

What are onion/hidden services?

Onion services are anonymous network services (or websites) that are accessible exclusively through Tor network. These onion services are not indexed by standard search engines and are accessible only through tor using the onion addresses, which consist of a string of 56 random characters followed by ‘.onion'. Each onion service is identified by unique .onion address. .onion is a special type of TLD (Top-Level Domain) reserved only for Tor network. Unlike traditional domains that are resolved through the Domain Name System (DNS), .onion addresses are looked up by Distributed Hash Table(DHT), a mechanism used by Tor. At a high level, these .onion address are derived as a hash of the public key associated with the service.

How onion/hidden services work?

When a onion service comes to life, it will pick three random relays as their introduction point and establish circuits to them. It generates a hidden service descriptor containing its public key, IP address of each of the introduction points and other metadata. The hidden service signs the descriptor with its private key and uploads to six Hidden Service Directories (HSDirs), specialized relays chosen using a Distributed Hash Table (DHT).

How can client and hidden services talk to each other: -

“To make the explanation more relatable, let us use Naruto (as the client) trying to order ramen from ichiraku shop (acting as the hidden service)”.

Naruto will fetch the hidden service descriptor from the HSDirs. With this information it knows how to reach the ichiraku shop and its introduction points.
Using the descriptor’s details, the Naruto picks randomly one of the introduction points and forms a circuit to it. At the same time, he will select a random relay and creates a circuit to it(we will refer this relay as rendezvous point). Then Naruto send a request to the introduction point, including:-
- Rendezvous cookie: Randomly generated, one-time identifier for the session.
- Information about the selected Rendezvous point (encrypted using hidden service public key).

Each arrow describes a full tor circuit.

Introduction point forwards the client request to the onion service. Ichiraku shop decrypts the request and learns about:-
- The rendezvous point selected by the Naruto.
- The rendezvous cookie, used to identify the session.
The Ichiraku shop creates a circuit to the rendezvous point and sends the rendezvous cookie to confirm its identity. And Naruto also sends the rendezvous cookie to the rendezvous point.

Now both the Naruto and Ichiraku shop have a circuit to the rendezvous point. The rendezvous point verifies the rendezvous cookie from both parties to confirm they belong to the same session. Once verified, the rendezvous point connects the two circuits, effectively completing a single, end-to-end encrypted circuit (with six hops) between Naruto and Ichiraku shop. From this point onwards, the rendezvous point forwards encrypted communication between the two, ensuring their interactions remains within the Tor network. Dattebayo!!.

Conclusion

This article provides an overview of Tor, the backbone of the dark web, and its role in ensuring online anonymity and privacy. While it only scratches the surface, the technology behind Tor is very vast. If this piqued your interest, check out the the detailed documentation linked below to dive deeper into its working.

Link:-

Tor Specifications

Inside Tor: The Network That Safeguards Privacy and Fuels the Dark Web