Identity Based Onion Routing – A Secure and Efficient New Scheme for Tor
The onion routing internet protocol promotes anonymous networking on various forms of public networks. Today, there are several onion routing schemes, such as Tor, to deploy the anonymous networking protocol across public networks. Despite the fact that the multi-pass schemes for the construction of the cryptographic circuit are somehow satisfactory, their circuit construction algorithms exhibit some drawbacks when it comes to security and efficiency.
A newly published paper proposed a new identity based onion routing scheme that enables users to communicate with public networks via unique anonymous channels. The newly presented scheme excludes interactive and iterative procedures of symmetric keys, between network users and onion routers, via implementing a circuit construction into the process of non-interactive message delivery. It greatly improves the costs of communication, in terms of computing resources and storage capacity, required from each internet user and the onion router, when compared to the previous protocols of onion routing; thus, offering internet users secure anonymous connection to the internet at competitive computation costs.
Security Analysis of the New Onion Routing Scheme:
The newly presented scheme makes use of the Boneh Franklin’s basic encryption algorithm as the basis for the encryption, which has been proven to be immune against the chosen plaintext attack (IND-CPA). Nevertheless, the security features of the new scheme can be extended to include chosen ciphertext attack (IND-CCA) in an efficient manner via application of a random oracle technique e.g. Fujisaki Okamoto transformation.
The newly proposed scheme promotes integrity and correctness. Additionally, confidentiality is also endorsed via the CPA security that belongs to the primitive identity based encryption algorithm, provided that the BDH problem is hard enough (beyond a specific hardness threshold). The CPA security guarantees that no entity (e.g. an adversary) , except the intended service provider or onion router, can ever decipher the external layer of encryption. When considering an anonymous user, riP represents the sole parameter which is exposed to the onion router Ol in the circuit, and riP ≠rjP for i ≠j. This blinds the user’s identity perfectly and ensures that the user remains anonymous during usage of the protocol.
Throughout the previous schemes, forward secrecy is successfully achieved on a coarse grained level. The network’s protocol periodically changes the keys of all onion routers in an attempt to lessen the exposed period under control of symmetric keys, which is also referred to as the “window of vulnerability”, to adversaries who have successfully sniffed and undermined any onion router on the network. This will lead to a considerably enormous communication overhead for users to establish communication with onion routers, or KGC, in order to sniff any updated keys. On the other hand, throughout the newly proposed scheme, forward secrecy could be enhanced, oppositely to the past schemes, as a user will not have to establish keys for his/her session with each onion router he/she connects to. This successfully addresses the “windows of vulnerability” problem which is prominent in previous schemes.
The proposed scheme maximizes the security and efficiency of the onion routing protocol via elimination of the requirement of iterative and interactive procedures of symmetric key agreement that takes place between internet users and onion routers. When the essentiality of scalability across large scaled public networks such as the internet is considered, the newly proposed scheme can be utilized as an ideal solution for various forms of anonymous networks.
The great thing also about the new scheme is that it markedly reduces the computation costs when compared to previous schemes that are also identity based. In the new scheme, a user has to perform only multiplication and pairing operations. Even when the computation overhead of a given users is higher than that of Tor, it is ideally efficient within an identity based cryptographic setting. Furthermore, the computation overhead of a given onion router is by far the least among the schemes. These features denote that the newly proposed scheme can represent an efficient and practical means to permit graceful scaling of anonymity networks.