Red Tor (Funcionamiento)/en

From FdIwiki ELP
Jump to: navigation, search

TOR (The Onion Router), also known as the Darknet or the DeepWeb, is low latency comunnication net on internet. The exchanged messages doesn't reveal the user's IP adress. Inside the TOR network, the data travels between the origin and the destiny through a series of specials routers named 'onion router'. TOR is possible thanks to a group of organizations and individuals that donate their bandwidth and proccesing power.


The main objective of Tor is to be anonymous in internet, this is possible beacuse the forwarding of messages protects the user's id. Tor encrypts the data when it enters and decrypts it when exiting the network. Therefore, the owner of the exiting router can see all of the information when is decrypted and doesnt know who is the sender.


The network is formed by a series of nodes that communicates through the TLS protocol, which is a TCP/IP encrypted protocol. They are two entitys: • Nodes OR or just OR: they work as forwarders and in some cases as directory servers. The OR nodes maintain a TLS connection with each of the others OR nodes. OR-OR conecctions are never closed willingly unless inactivity. • Nodes OP o just OP: their function is to obtain information from the directory service, establish random circuits through the net and to manage conecction of application from the user. It works as a local software that communicates with the user. OR-OP conecctions are not permanent. An OP should close the connection with a OR if there are not circuits being executed on the connection and a certain amount of time has passed.

Directory Services

A Directory Service (DS)' is an application o a group of applications that stores and organizes the information about the users of a net. In Tor's case the directoy service publish a data base that associates information to each OR. This information is accesible to all the OR and to all the final users and is used to know the network. If there is few directory servers its possible to have a failure point that can crash all the system.


The Tor networks works this way:

  • With the informtain obtained from its configuration and the directoy service of the OP, Tor decides a circuit from where the packets are going to circulate. By default the circuits has 3 OR nodes.
  • The OP negotiates the encrypting keys needed with each OR of the circuit to protect its data in the transmission. The obtention of symmetric keys for both the directions of communication (Kf<- forward key, Kb<-backward key), is done through Diffie-Hellman protocol to obtain a shared key and to created two symmetric keys from the shared one.

Diffie-Helmman works like this.

For two parts: Alice and Bob that wants to establish a secret key and an adversary named Mallory, the basic version is:

1. A cousin p and a gEZp generator are created (2 ). These are public, know to Alice, Bob and Mallory.

2. Alice chosses a∈Zp−1 randomly, calculates A=g^amodp, and sends A to Bob.

3. Bob chosses b∈Zp−1 randomly, calculates B=g^bmodp, and sends B to Alice.

4. Both know the value of K, wich is what they use to encrypt and decrypt.

  • Encrypt the package with the key from the last OR of the circuit.
  • With the remmants nodes it does the same that the first.
  • It sends the package generated by the first node wrap in layers with the OR node keys.
  • The first OR remove its onion layer and send the package to the next node.
  • Each OR node removes the layer of the last package. This way allows to know a piece of the data but not all of it.


Onece the TLS connection is establish, the entities sends information structure package named cells. Formato:

• circID.- Is the ID of the circuit and its specify the circuits that its refer the cell. Ecah circuit has a unique CircId for each OR and OP in the circuit.

• CMD.- Specify the meannig of the command of the cell. There are two cells depending on the command: Control cells and transmission cells.

Control cells The control cell are proccesed by the receive node and allows to control the comunication. Commands:

• CREATE :creates a circuit

• CREATED :Indicates that the circuit has been close.

• DESTROY :Destroy circuit

• CREATE_FAST : Create a circuit using existing public keys.

• CREATED_FAST : Inidcates that a fast circuit has been created.

Transmission Cell Transmission cells are used to communicate between the OP and any of the OR of the circuit, usally the exit node.

This type of cell has fields that are part of the payload.

  • Relay command.- Indicates the functioning of the cell.

There are three types of relay subcommands:

• forward: Send from the origin OP of the circuit.

• backward: Send from the OR of the circuit to the OP origin.

• ambos: Can work has forward or backward

Possibles subcommands:

• RELAY_BEGIN type forward

• RELAY_DATA type forward or backward

• RELAY_END type forward or backward.

• RELAY_CONNECTED (code 4).- type backward

• RELAY_SENDME type forward or backward. Sometime it is used as control functions (streamID=0)

• RELAY_EXTEND type forward. Used as control functions (streamID=0)

• RELAY_EXTENDED type backward. Used as control functions (streamID=0)

• RELAY_TRUNCATE type forward. Used as control functions (streamID=0)

• RELAY_TRUNCATED type backward. Used as control functions (streamID=0)

• RELAY_DROP type forward o backward. Used as control functions (streamID=0)

• RELAY_RESOLVE type forward

• RELAY_RESOLVED type backward

• RELAY_BEGIN_DIR type forward

  • Recognized: Field which, with digest, allows to identify if the cell is for local processing.
  • StreamID: Is the flow identificator. Many flows can be multiplexed in one circuit. This field allows to identify the stream that is being used. Is choosen by the OP and allows the OP and the exit node to distinguish between multiples stream in a circuit. The cells that affect the whole circuit instead of a particular streamID as this field has value 0 and can be considered as control.
  • Digest.- Allows end-to-end integrity checking. Contains the first four bytes of executing SHA-1 on all of the cell's bytes relays that were sent to this node of the circuit or originated from this node in the circuitr (Only known by the origin and the destiny)
  • length.- Indictes the number of bytes for the field DATA. The remaining of the field will be filled by NULL.

A cell is decrypted if the Recognized field has value 0 and the Diges field is the first of the 4 resulting btytes of executing the digest funciton of all the bytes that are 'from' or 'to' this part of the circuit. If the cell is completely decrypted but the command cell malfunction, the cell is deleted. The Recognized field allows to discard cells as candidates to be completely decrypted.

The main difference between control cells and trasnmission cells is that the firsts can be read by anyone, but the others only by a specific node. For example when a destroy cell is send, the OP send the this cell to the first OR, closes all the flows and send it to the next. This way until the end. For celularelay the OP assigns the digest and then encrypts the cell with each one of the keys from the OR nodes. Because diges is encrypted with differents value in each step only the objective node can receive the correct value and make the function that indicates the cell. When a OR node recieves a checked cell checkes if when decrypting the cell with its key, its give out a correct digest code; if not the next node is checked, the value of CircID changes.


Nowadays a IRC channel exist where a lots of users connects to treat problems and give up to date information of the network.

[1] the channel is #tor-dev

Maintaning privacy

Tor browser, indicates that is not enough to maintain privacy, differents habits of surfing the web has to be changed:

1. Use Tor browser:

Tor doest protect from all the traffic in internet that your computer generates. Only protects from applications that are configurated to deviated its traffic through Tor. To avoid problems with Tor configuration, we recommend not using this browser. Its pre-configurated to protect your privacy and anonimaty in the web, only when you do this taks through the same Tor browser.

2. Dont used Torrents in Tor:

File sharing applications through torrents ignores the proxy configuration and make direct conecctions even if Tor is being used. Even if your application only connects through Tor, you will only send your real IP when the tracker makes a GET petition, because thats how Torrent works.

3. Dont install plugins in your browers:

Tor browser block plugins like Flash, RealPlayer, Quicktime, y others: they can be tamper with to reveal your IP adress.

4.Use the HTTPS version of the webpages:

Tor encrypts its traffic inside of the Tor network, but the decryption of the final destiny depends of the recieving web. To help a correct decryption, the browers includes HTTPS Everywhere to force the use of HTTPS in most webs. Nevertheless, you must watch the URL of the browser to make sure that the web that you are providing information to has a green or blue button in the tool bar, with https:// in the address, and that show the expected name of the web. We recommend viewing the interactive webpage of the EFFS where they explain how Tor and HTPPS communicates.

5. Dont open download file from Tor while being online:

The Tor browser will let you know before automatic opening file in external applications. DO NOT IGNORE THIS WARNING. You have to be very careful when downloading file with Tor (espacially DOC and PDF)because they can contain internet sources that can download outside of Tor. This reveals you real IP. If you must work with this files, we recommend using then without an internet connection, downloading Vitual Box, and using them through a virtual machine with network connection disable. Do not use in any circustances BitTorrent and Tor.

6. Using brigdes and/or Find Company

Tor intenta prevenir a los atacantes de conocer cuáles son a las webs que te conectas. Sin embargo, por defecto, no previene que alguien este observando tu tráfico de internet para ver que estas utilizando Tor. Si esto te importa, puedes reducir este riesgo configurando Tor para que use pun "puente Tor" en ved de conectar directamente a la red Tor. Por último, la mejor protección es un aproximamiento social: cuantos más usuarios Tor haya cerca de ti y más diverso sean sus intereses, menos peligroso será que se sepa que es uno de ellos. ¡Convence a más gente para que use Tor!

TOR try to prevent the attackers that he has to know what are the the networ where you connect. But, by default, It don't prevent if someone is watching your internet traffic for know if you are using TOR. You can to reduce the risk if you configure TOR for use a "TOR Bridge" instead of to connect to TOR network directly. Finally, the best protection is an social aproximation: If there are many TOR users near of you and more different be their interests, It will be better to they don't know if you are one of them. You should to convince all users as you can get to use TOR!

Pagina Oficial

Manual Acceso Castellano

Spanish Version