What is Tor? How Tor Works?

Tor or The Onion Router, allows anonymous use of internet veiling the actual identity of the user. It protects the user from any traffic analysis and network spying. Tor is perhaps the most popular and secure option available for anonymous internet connectivity.

Where it came from?

Tor is based on the principle of ‘onion routing’ which was developed by Paul Syverson, Michael G. Reed and David Goldschlag at the United States Naval Research Laboratory in the 1990’s. The alpha version of Tor named ‘The Onion Routing Project’ or simply TOR Project was developed by Roger Dingledine and Nick Mathewson, launched on September 20, 2002. Further development was carried under the financial roof of Electronic Frontier Foundation (EFF).
The Tor Project Inc. is a non-profit organisation that currently maintains Tor and is responsible for its development. It is mainly funded by the United States Government, further aid is provided by Swedish Government and different NGOs & individual sponsors.

 

How it Works?

 

Tor works on the concept of ‘onion routing’ method in which the user data is first encrypted, and then transferred through different relays present in the Tor network, thus creating a multi-layered encryption (layers like an onion), thereby keeping the identity of the user safe. At each relay, one layer is decrypted and the remaining data is forwarded to any random relay until it reaches its destination server. For the destination server, the last Tor node/exit relay appears as the origin of the data. It is thus very difficult to trace the identity of user or the server by any surveillance systems acting in the mid-way.
Other than providing anonymity to standalone users, Tor can also provide anonymity to websites and servers this comes under the category of hidden services. Also, P2P applications like Bittorrent can be configured to use tor network and download torrent files.

 

Controversies and Influence:

 

Tor has been eulogized for the anonymity and privacy it provides to the users who want to bypass censorship, who are abused and traumatized by stalkers and social activists who are afraid of being arrested by the authorities. It has been used by different security agencies to share confidential information.
The NSA whistle-blower Edward Snowden used Tor to leak information about PRISM to The Guardian and The Washington Post.
Tor has been criticized for the reason that it acts as a medium for different illegal activities like data breaching, drug dealing, gambling etc. Tor is also used by malevolent people to communicate over the internet while keeping their identity hidden which makes it difficult for the security agencies to trace them.
The U.S. National Security Agency (NSA) has called Tor “the king of high-secure, low-latency Internet anonymity” and similar comments by BusinessWeek magazine, “perhaps the most effective means of defeating the online surveillance efforts of intelligence agencies around the world”.
Another speculation made is that Tor takes its funding from the U.S. Government which may lead to the assumption that NSA may have compromised the identities of individual Tor users, but the executive director Andrew Lewman has disclaimed any confederations with NSA.
Also Read: Tor or VPN? What’s Best And Which One Should I Use?

 

Can it be Compromised?

 

Various claims have been made to compromise Tor’s anonymity and security from time to time. The most famous is the Bad Apple Attack in which the researchers claimed to have identified around 10k IP addresses of active Bittorrent users who were connected via Tor.
Another famous compromise was done by the Heartbleed bug in April 2014 which halted Tor network for several days.
Traffic Fingerprinting is a method used to analyse web traffic by analysing the patterns, responses and packets in a particular direction. This can be used to attack the Tor network by making the attacker’s computer act as the guard.
The main vulnerability found is at its exit points where the level of security is very low as compared to the rest of the Tor network.

 

Products based on Tor:

 

The Tor Project Inc. has released Tor Browser which is a modification of an Extended Support Release version of Mozilla Firefox browser. The browser is made portable so that it be used from an external media and reduces the hazel of installation. It removes the user history after every use, thus reducing the risk of any kind of cookie tracking.
Other products like Orbot – an android version of Tor, Orfox – a mobile version of Tor Browser are developed by The Guardian Project which is a global developer community founded by Nathan Freitas.
We can set-up SOCKS (Socket Secure) based applications to use the Tor network by configuring them with loop-back address.

 

Tor Alternatives:

 

Hornet is a new anonymity network that provides higher network speeds compared to Tor. I2P, Tails, SubgraphOS, Freenet and Freepto are other top alternatives that can be used.
To know more about these alternatives, please visit this link.

 

Winding Up:

 

Tor has proved to be a great medium for safe, secure and anonymous web presence that can be provided to a user at no cost. Although it is available for a positive intention, but is also used by malignant people in fulfilling their needs. The Tor project has led to an optimistic approach towards censorship and surveillance-free internet.

Create an encryption decryption Software

This Encryption is the process of translating plain text data (plain text) into something that

appears to be random and meaningless (cipher text).Decryption is the process of converting cipher text back to plain text. There are two types of encryption methods as symmetric encryption and asymmetric encryption.

Here is the encryption decryption software that i created   ----------->   http://bit.ly/2oZHj4E

In symmetric encryption, a symmetric key is used to encrypt and decrypt purposes. key is a secret like a password used to encrypt and decrypt information.

Symmetric encryption is an old encryption technique. The key which is used to encrypt and decrypt data is known as the secret key. Secret key can be either a number, a word or a string which contains random letters.It is blended with the plain text of a message to change the content in a particular way. In order to decrypt the message, receiver also should know the secret key. DES, 3DES, AES are some of the symmetric encryption algorithms. The biggest challenge in symmetric encryption is that both sender and the receiver has to securely share the secret key before sending the message.

package com.javapapers.java.security;

import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

public class EncryptionDecryptionAES {
 static Cipher cipher;

 public static void main(String[] args) throws Exception {
  KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
  keyGenerator.init(128);
  SecretKey secretKey = keyGenerator.generateKey();
  cipher = Cipher.getInstance("AES");

  String plainText = "AES Symmetric Encryption Decryption";
  System.out.println("Plain Text Before Encryption: " + plainText);

  String encryptedText = encrypt(plainText, secretKey);
  System.out.println("Encrypted Text After Encryption: " + encryptedText);

  String decryptedText = decrypt(encryptedText, secretKey);
  System.out.println("Decrypted Text After Decryption: " + decryptedText);
 }

 public static String encrypt(String plainText, SecretKey secretKey)
   throws Exception {
  byte[] plainTextByte = plainText.getBytes();
  cipher.init(Cipher.ENCRYPT_MODE, secretKey);
  byte[] encryptedByte = cipher.doFinal(plainTextByte);
  Base64.Encoder encoder = Base64.getEncoder();
  String encryptedText = encoder.encodeToString(encryptedByte);
  return encryptedText;
 }

 public static String decrypt(String encryptedText, SecretKey secretKey)
   throws Exception {
  Base64.Decoder decoder = Base64.getDecoder();
  byte[] encryptedTextByte = decoder.decode(encryptedText);
  cipher.init(Cipher.DECRYPT_MODE, secretKey);
  byte[] decryptedByte = cipher.doFinal(encryptedTextByte);
  String decryptedText = new String(decryptedByte);
  return decryptedText;
 }
}

Asymmetric encryption is also known as the public key cryptography where two keys are used as public key and private key. Public key is available to anyone. Private key is only known by yourself. outsiders don’t know the private key.A message that is encrypted using a public key can only be decrypted using a private key, while also, a message encrypted using a private key can be decrypted using a public key.

When the message is encrypted by the sender’s private key, it can only be decypted by sender’s public key. Here , as the public key is publicly available, anyone who get to know the sender’s public key can read the message, which is integrity and availability is not preserved.

when the message is encrypted using receiver’s public key, then receiver’s private key is needed to decrypt the message. As the receiver’s private key is known only by the receiver, it can only decrypted by the receiver.

In order to use asymmetric encryption, we have to find a way of discover correct public keys. For that, we can use digital certificates in a client-server model communication. A certificate is a package of information that identifies a user and a server. It contains information such as an organization’s name, the organization that issued the certificate, the user’s email address and country, and users public key.

When a server and a client require a secure encrypted communication, they send a query over the network to the other party, which sends back a copy of the certificate. The other party’s public key can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.