Towards an Analysis of Onion Routing Security

  • Paul Syverson
  • Gene Tsudik
  • Michael Reed
  • Carl Landwehr
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2009)


This paper presents a security analysis of Onion Routing, an application independent infrastructure for traffic-analysis-resistant and anonymous Internet connections. It also includes an overview of the current system design, definitions of security goals and new adversary models.


Security privacy anonymity traffic analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 2.
    R. Canetti and A. Herzberg. “Maintaining Security in the Presence of Transient Faults”, Advances in Cryptology-CRYPTO’94, LNCS vol. 839, Springer-Verlag, 1994, pp. 425–438.Google Scholar
  2. 3.
    D. Chaum. “Untraceable Electronic Mail, Return Addresses, and Digital Pseudo-nyms”, Communications of the ACM, vol. 24, no. 2, Feb. 1981, pages 84–88.CrossRefGoogle Scholar
  3. 4.
    D. Chaum. “The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability”, Journal of Cryptology, vol. 1, no. 1, 1988, pages 65–75.zbMATHCrossRefMathSciNetGoogle Scholar
  4. 5.
    L. Cottrell. Mixmaster and Remailer Attacks,
  5. 6.
    A. Fasbender, D. Kesdogan, O. Kubitz. “Variable and Scalable Security: Protection of Location Information in Mobile IP”, 46th IEEE Vehicular Technology Society Conference, Atlanta, March 1996.Google Scholar
  6. 7.
    E. Gabber, P. Gibbons, Y. Matias, and A. Mayer. “How to Make Personalized Web Browsing Simple, Secure, and Anonymous”, in Financial Cryptography: FC`97, Proceedings, R. Hirschfeld (ed.), Springer-Verlag, LNCS vol. 1318, pp. 17–31, 1998.Google Scholar
  7. 8.
    I. Goldberg and D. Wagner. “TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web”, First Monday, vol. 3 no. 4, April 1998.Google Scholar
  8. 9.
    D. Goldschlag, M. Reed, P. Syverson. “Hiding Routing Information”, in Information Hiding, R. Anderson, ed., LNCS vol. 1174, Springer-Verlag, 1996, pp. 137–150.Google Scholar
  9. 10.
    D. Goldschlag, M. Reed, P. Syverson. “Onion Routing for Anonymous and Private Internet Connections,” Communications of the ACM, vol. 42, num. 2, February 1999.Google Scholar
  10. 11.
    C. Gülcü and G. Tsudik. “Mixing Email with Babel”, in 1996 Symposium on Network and Distributed System Security, San Diego, February 1996.Google Scholar
  11. 12.
    D. Martin Jr., “Local Anonymity in the Internet”, Ph.D. Dissertation, Boston University, 1999.Google Scholar
  12. 13.
    R. Ostrovsky and M. Yung. “How to Withstand Mobile Virus Attacks”, in Proceedings of the Tenth ACM Symposium on Principles of Distributed Computing (PODC’ 91), ACM Press, 1991, pp. 51–59.Google Scholar
  13. 14.
    A. Pfitzmann, B. Pfitzmann, and M. Waidner. “ISDN-Mixes: Untraceable Communication with Very Small Bandwidth Overhead”, GI/ITG Conference: Communication in Distributed Systems, Mannheim Feb, 1991, Informatik-Fachberichte 267, Springer-Verlag, Heidelberg 1991, pp. 451–463.Google Scholar
  14. 15.
    M. Reed, P. Syverson, and D. Goldschlag. “Protocols using Anonymous Connections: Mobile Applications”, in Security Protocols: Fifth International Workshop, B. Christianson, B. Crispo, M. Lomas, and M. Roe, eds., LNCS vol. 1361, Springer-Verlag, 1997, pp. 13–23.Google Scholar
  15. 16.
    M. Reed, P. Syverson, and D. Goldschlag. “Anonymous Connections and Onion Routing”, IEEE Journal on Selected Areas in Communications, vol. 16 no. 4, May 1998, pp. 482–494. (A preliminary version of this paper appeared in [19].)CrossRefGoogle Scholar
  16. 17.
    M. Reiter and A. Rubin. “Crowds: Anonymity for Web Transactions”, ACM Transactions on Information System Security, vol. 1, no. 1, November 1998, pp. 66–92. (A preliminary version of this paper appeared in [18].)CrossRefGoogle Scholar
  17. 18.
    M. Reiter and A. Rubin. Crowds: Anonymity for Web Transactions, DIMACS Technical Reports 97–15, April 1997 (Revised August 1997).Google Scholar
  18. 19.
    P. Syverson, D. Goldschlag, and M. Reed. “Anonymous Connections and Onion Routing”, in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, IEEE CS Press, May 1997, pp. 44–54.Google Scholar
  19. 20.
    P. Syverson, M. Reed, and D. Goldschlag. “Onion Routing Access Configurations”, in DISCEX 2000: Proceedings of the DARPA Information Survivability Conference and Exposition, Hilton Head, SC, IEEE CS Press, January 2000, pp. 34–40.Google Scholar
  20. 21.
    P. Syverson, S. Stubblebine, and D. Goldschlag, “Unlinkable Serial Transactions”, in Financial Cryptography: FC `97, Proceedings, R. Hirschfeld (ed.), Springer-Verlag, LNCS vol. 1318, pp. 39–55, 1998.Google Scholar
  21. 22.
    A. Pfitzmann and M. Waidner, “Networks without User Observability”, Computers & Security, vol. 6 (1987), pp. 158–166.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Paul Syverson
    • 1
  • Gene Tsudik
    • 2
  • Michael Reed
    • 1
  • Carl Landwehr
    • 3
  1. 1.Center for High Assurance Computer SystemsNaval Research LaboratoryWashingtonUSA
  2. 2.Information and Computer Science Dept.University of CaliforniaIrvineUSA
  3. 3.Mitretek Systems, Inc.McLeanUSA

Personalised recommendations