{
	"id": "82576f95-47f5-4bce-83f3-2b0fbd572f6d",
	"created_at": "2026-04-06T01:30:42.570641Z",
	"updated_at": "2026-04-10T03:20:31.712589Z",
	"deleted_at": null,
	"sha1_hash": "36dbe72b823f4324d25ffc478ef9c82b3ba2817a",
	"title": "Onion routing",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 198719,
	"plain_text": "Onion routing\r\nBy Contributors to Wikimedia projects\r\nPublished: 2004-01-08 · Archived: 2026-04-06 01:12:12 UTC\r\nFrom Wikipedia, the free encyclopedia\r\n\"Onion network\" redirects here. For the parody news program, see Onion News Network.\r\nThis article's factual accuracy may be compromised due to out-of-date information. Please help\r\nupdate this article to reflect recent events or newly available information. (March 2017)\r\nIn this example onion, the source of the data sends the onion to Router A, which removes a layer of\r\nencryption to learn only where to send it next and where it came from (though it does not know if\r\nthe sender is the origin or just another node). Router A sends it to Router B, which decrypts another\r\nlayer to learn its next destination. Router B sends it to Router C, which removes the final layer of\r\nencryption and transmits the original message to its destination.\r\nOnion routing is a technique for anonymous communication over a computer network. In an onion network,\r\nmessages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is\r\ntransmitted through a series of network nodes called \"onion routers,\" each of which \"peels\" away a single layer,\r\nrevealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The\r\nsender remains anonymous because each intermediary knows only the location of the immediately preceding and\r\nfollowing nodes.[1] While onion routing provides a high level of security and anonymity, there are methods to\r\nbreak the anonymity of this technique, such as timing analysis.[2]\r\nOnion routing was developed in the mid-1990s at the U.S. Naval Research Laboratory by employees Paul\r\nSyverson, Michael G. Reed, and David Goldschlag[3][4] to protect U.S. intelligence communications online.[5] It\r\nhttps://en.wikipedia.org/wiki/Onion_routing\r\nPage 1 of 6\n\nwas then refined by the Defense Advanced Research Projects Agency (DARPA) and patented by the Navy in\r\n1998.[4][6][7]\r\nThis method was publicly released by the same employees through publishing an article in the IEEE Journal on\r\nSelected Areas in Communications the same year. It depicted the use of the method to protect the user from the\r\nnetwork and outside observers who eavesdrop and conduct traffic analysis attacks. The most important part of this\r\nresearch is the configurations and applications of onion routing on the existing e-services, such as virtual private\r\nnetworks, web-browsing, email, remote login, and electronic cash.\r\n[8]\r\nBased on the existing onion routing technology, computer scientists Roger Dingledine and Nick Mathewson\r\njoined Paul Syverson in 2002 to develop what has become the largest and best-known implementation of onion\r\nrouting, then called The Onion Routing project (Tor project).\r\nAfter the Naval Research Laboratory released the code for Tor under a free license,\r\n[5][9][10]\r\n Dingledine,\r\nMathewson and five others founded The Tor Project as a non-profit organization in 2006, with the financial\r\nsupport of the Electronic Frontier Foundation and several other organizations.[12]\r\nA diagram of an onion routed connection, using Tor's terminology of guard, middle, and exit relays\r\nMetaphorically, an onion is the data structure formed by \"wrapping\" a message with successive layers of\r\nencryption to be decrypted (\"peeled\" or \"unwrapped\") by as many intermediary computers as there are layers\r\nbefore arriving at its destination. The original message remains hidden as it is transferred from one node to the\r\nnext, and no intermediary knows both the origin and final destination of the data, allowing the sender to remain\r\nanonymous.[13]\r\nOnion creation and transmission\r\n[edit]\r\nTo create and transmit an onion, the originator selects a set of nodes from a list provided by a \"directory node\".\r\nThe chosen nodes are arranged into a path, called a \"chain\" or \"circuit\", through which the message will be\r\ntransmitted. To preserve the anonymity of the sender, no node in the circuit is able to tell whether the node before\r\nit is the originator or another intermediary like itself. Likewise, no node in the circuit is able to tell how many\r\nother nodes are in the circuit and only the final node, the \"exit node\", is able to determine its own location in the\r\nchain.[13]\r\nhttps://en.wikipedia.org/wiki/Onion_routing\r\nPage 2 of 6\n\nAn onion node in use.\r\nUsing asymmetric key cryptography, the originator obtains a public key from the directory node to send an\r\nencrypted message to the first (\"entry\") node, establishing a connection and a shared secret (\"session key\"). Using\r\nthe established encrypted link to the entry node, the originator can then relay a message through the first node to a\r\nsecond node in the chain using encryption that only the second node, and not the first, can decrypt. When the\r\nsecond node receives the message, it establishes a connection with the first node. While this extends the encrypted\r\nlink from the originator, the second node cannot determine whether the first node is the originator or just another\r\nnode in the circuit. The originator can then send a message through the first and second nodes to a third node,\r\nencrypted such that only the third node is able to decrypt it. The third, as with the second, becomes linked to the\r\noriginator but connects only with the second. This process can be repeated to build larger and larger chains but is\r\ntypically limited to preserve performance.[13]\r\nWhen the chain is complete, the originator can send data over the Internet anonymously. When the final recipient\r\nof the data sends data back, the intermediary nodes maintain the same link back to the originator, with data again\r\nlayered, but in reverse such that the final node this time adds the first layer of encryption and the first node adds\r\nthe last layer of encryption before sending the data, for example a web page, to the originator, who is able to\r\ndecrypt all layers.[13]\r\nOne of the reasons why the typical Internet connections are not considered anonymous is the ability of Internet\r\nservice providers to trace and log connections between computers. For example, when a person accesses a\r\nparticular website, the data itself may be secured through a connection like HTTPS such that the user's password,\r\nemails, or other content is not visible to an outside party, but there is a record of the connection itself, what time it\r\noccurred, and the amount of data transferred. Onion routing creates and obscures a path between two computers\r\nsuch that there is no discernible connection directly from a person to a website, but there still exist records of\r\nconnections between computers. Traffic analysis searches those records of connections made by a potential\r\noriginator and tries to match the timing and data transfers to connections made to a potential recipient. If an\r\nattacker has compromised both ends of a route, a sender may be seen to have transferred an amount of data to an\r\nunknown computer a specified amount of seconds before a different unknown computer transferred data of the\r\nsame exact size to a particular destination.[14][15] Factors that may facilitate traffic analysis include nodes failing\r\nhttps://en.wikipedia.org/wiki/Onion_routing\r\nPage 3 of 6\n\nor leaving the network[15]\r\n and a compromised node keeping track of a session as it occurs when chains are\r\nperiodically rebuilt.[16]\r\nGarlic routing is a variant of onion routing associated with the I2P network that encrypts multiple messages\r\ntogether, which both increases the speed of data transfer and makes it more difficult[17] for attackers to perform\r\ntraffic analysis.[18]\r\nExit node vulnerability\r\n[edit]\r\nAlthough the message being sent is transmitted inside several layers of encryption, the job of the exit node, as the\r\nfinal node in the chain, is to decrypt the final layer and deliver the message to the recipient. A compromised exit\r\nnode is thus able to acquire the raw data being transmitted, potentially including passwords, private messages,\r\nbank account numbers, and other forms of personal information. Dan Egerstad, a Swedish researcher, used such\r\nan attack to collect the passwords of over 100 email accounts related to foreign embassies.[19]\r\nExit node vulnerabilities are similar to those on unsecured wireless networks, where the data being transmitted by\r\na user on the network may be intercepted by another user or by the router operator. Both issues are solved by\r\nusing a secure end-to-end connection like SSL/TLS or secure HTTP (S-HTTP). If there is end-to-end encryption\r\nbetween the sender and the recipient, and the sender isn't lured into trusting a false SSL certificate offered by the\r\nexit node, then not even the last intermediary can view the original message.\r\nAnonymous remailer\r\nBitblinder\r\nChaum mixes\r\nCryptography\r\nDegree of anonymity\r\nDiffie–Hellman key exchange\r\nJava Anon Proxy\r\nKey-based routing\r\nMix network\r\nMixmaster anonymous remailer\r\nPublic-key cryptography\r\nProxy server\r\nTox – implements onion routing\r\nTribler – implements onion routing\r\n1. ^ Goldschlag D., Reed M., Syverson P. (1999.) Onion Routing for Anonymous and Private Internet\r\nConnections, Onion Router.\r\n2. ^ Soltani, Ramin; Goeckel, Dennis; Towsley, Don; Houmansadr, Amir (2017-11-27). \"Towards Provably\r\nInvisible Network Flow Fingerprints\". 2017 51st Asilomar Conference on Signals, Systems, and\r\nComputers. pp. 258–262. arXiv:1711.10079. doi:10.1109/ACSSC.2017.8335179. ISBN 978-1-5386-1823-\r\n3. S2CID 4943955.\r\nhttps://en.wikipedia.org/wiki/Onion_routing\r\nPage 4 of 6\n\n3. ^ Reed M. G., Syverson P. F., Goldschlag D. M. (1998) \"Anonymous connections and onion routing\",\r\nIEEE Journal on Selected Areas in Communications, 16(4):482–494.\r\n4. ^ Jump up to: a\r\n \r\nb\r\n US patent 6266704, Reed; Michael G. (Bethesda, MD), Syverson; Paul F. (Silver Spring,\r\nMD), Goldschlag; David M. (Silver Spring, MD), \"Onion routing network for securely moving data\r\nthrough communication networks\", assigned to The United States of America as represented by the\r\nSecretary of the Navy (Washington, DC)\r\n5. ^ Jump up to: a\r\n \r\nb\r\n Levine, Yasha (16 July 2014). \"Almost everyone involved in developing Tor was (or is)\r\nfunded by the US government\". Pando Daily. Retrieved 30 August 2014.\r\n6. ^ Fagoyinbo, Joseph Babatunde (2013-05-24). The Armed Forces: Instrument of Peace, Strength,\r\nDevelopment and Prosperity. AuthorHouse. ISBN 9781477226476. Retrieved August 29, 2014.\r\n7. ^ Leigh, David; Harding, Luke (2011-02-08). WikiLeaks: Inside Julian Assange's War on Secrecy.\r\nPublicAffairs. ISBN 978-1610390620. Retrieved August 29, 2014.\r\n8. ^ Reed, M. G.; Syverson, P. F.; Goldschlag, D. M. (May 1998). \"Anonymous connections and onion\r\nrouting\". IEEE Journal on Selected Areas in Communications. 16 (4): 482–494.\r\nBibcode:1998IJSAC..16..482R. doi:10.1109/49.668972. ISSN 1558-0008.\r\n9. ^ Dingledine, Roger (20 September 2002). \"pre-alpha: run an onion proxy now!\". or-dev (Mailing list).\r\nRetrieved 17 July 2008.\r\n10. ^ \"Tor FAQ: Why is it called Tor?\". Tor Project. Retrieved 1 July 2011.\r\n11. ^ Krebs, Brian (8 August 2007). \"Attacks Prompt Update for 'Tor' Anonymity Network\". Washington Post.\r\nArchived from the original on April 27, 2011. Retrieved 27 October 2007.\r\n12. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n Roger Dingledine; Nick Mathewson; Paul Syverson. \"Tor: The Second-Generation\r\nOnion Router\" (PDF). Retrieved 26 February 2011.\r\n13. ^ Shmatikov, Wang; Ming-Hsiu Vitaly (2006). \"Timing Analysis in Low-Latency Mix Networks: Attacks and\r\nDefenses\". Computer Security – ESORICS 2006. ESORICS'06. Vol. 4189. pp. 18–33.\r\nCiteSeerX 10.1.1.64.8818. doi:10.1007/11863908_2. ISBN 978-3-540-44601-9.\r\n14. ^ Jump up to: a\r\n \r\nb\r\n Dingledine, Roger; Mathewson, Nick; Syverson, Paul (August 2004). \"Tor: The Second-Generation Onion Router\". San Diego, CA: USENIX Association. Retrieved 24 October 2012.\r\n15. ^ Wright, Matthew. K.; Adler, Micah; Levine, Brian Neil; Shields, Clay (November 2004). \"The\r\nPredecessor Attack: An Analysis of a Threat to Anonymous Communications Systems\" (PDF). ACM\r\nTransactions on Information and System Security. 7 (4): 489–522. doi:10.1145/1042031.1042032.\r\nS2CID 7711031. Archived from the original (PDF) on 2016-03-04. Retrieved 2012-07-04.\r\n16. ^ \"Common Darknet Weaknesses: An Overview of Attack Strategies\". 27 January 2014.\r\n17. ^ Zantour, Bassam; Haraty, Ramzi A. (2011). \"I2P Data Communication System\". Proceedings of ICN\r\n2011: The Tenth International Conference on Networks: 401–409.\r\n18. ^ Bangeman, Eric (2007-08-30). \"Security researcher stumbles across embassy e-mail log-ins\". Ars\r\nTechnica. Retrieved 2010-03-17.\r\nOnion-Router.net – site formerly hosted at the Center for High Assurance Computer Systems of the U.S.\r\nNaval Research Laboratory\r\nSyverson, P.F.; Goldschlag, D.M.; Reed, M.G. (1997). \"Anonymous connections and onion routing\" (PDF).\r\nProceedings. 1997 IEEE Symposium on Security and Privacy. pp. 44–54.\r\ndoi:10.1109/SECPRI.1997.601314. ISBN 0-8186-7828-3. S2CID 1793921.\r\nhttps://en.wikipedia.org/wiki/Onion_routing\r\nPage 5 of 6\n\nSource: https://en.wikipedia.org/wiki/Onion_routing\r\nhttps://en.wikipedia.org/wiki/Onion_routing\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://en.wikipedia.org/wiki/Onion_routing"
	],
	"report_names": [
		"Onion_routing"
	],
	"threat_actors": [],
	"ts_created_at": 1775439042,
	"ts_updated_at": 1775791231,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/36dbe72b823f4324d25ffc478ef9c82b3ba2817a.pdf",
		"text": "https://archive.orkl.eu/36dbe72b823f4324d25ffc478ef9c82b3ba2817a.txt",
		"img": "https://archive.orkl.eu/36dbe72b823f4324d25ffc478ef9c82b3ba2817a.jpg"
	}
}