14

I have been studying about computer security and at some point i came across the terms of onion routing and crowds. From what i have understood they are very similar in their usage (interchangeable).

Is there any specific situation where anyone would want to use the one or the other better?

RoraΖ
  • 12,347
  • 4
  • 51
  • 83
mpla_mpla
  • 281
  • 2
  • 5

2 Answers2

18

Crowds and Onion Routing are both used to create anonymous networks, but implemented in two different ways.

Onion Routing

Basic Operation

Anonymous networks like Tor rely on passing through multiple nodes with a layer of encryption added at each node. This circuit is randomly predetermined when a node enters the network. As the data passes through each node a layer is peeled off (like an onion) until the Exit Node. At which the data sent is forwarded in the "clear1" to its destination. As long as there are at least three nodes in the circuit taken to the destination no one node knows where the data originated and its destination at once. This is how anonymity is achieved, but remember that Tor does not guarantee security.

Key Distribution

Tor uses its own protocol to negotiate symmetric keys for each hop. This is done by requesting session keys from each of the hops in the circuit. The nodes then respond with a session key encrypted using public key cryptography (I believe Tor uses Diffie Hellman). With a key for each circuit node the data can now be encrypted. It's encrypted with the last node's key first, and then layers the encryption backwards ending with a final layer of encryption with the first node's key.

Crowds

Basic Operation

With Crowds a user will join a crowd. This is done using a client, Jondo (John Doe, get it!) on the user's machine. To join a crowd you go through a server called a blender. Here's an exerpt from the Wiki page:

Each user joins a crowd of other users by registering himself at the blender which is a single server responsible for membership management. When a user registers, all the other members in the crowd are notified. The blender is also responsible for key distribution, as it distributes symmetric keys to individual pairs of jondos, used for encryption and decryption, respectively of packets routed along the virtual paths.

So once you're in the crowd you can make requests, and the request will randomly (uniform probability) choose a jondo to forward the request through. At that point a coin flip (figuratively, probably equal to Pf > 0.5) is used to either forward to another random node, or forward to the destination. In this sense the request gets mixed in with all other requests moving through the jondos. Each node records the predecessor to create a tunnel from the source to the destination. Due to the coin flip each node cannot tell if the message originated with its predecessor or not.

Key Distribution According to the white paper (linked below):

To make use of the blender (and thus the crowd), the user must establish an account with the blender, i.e., an account name and password that the blender stores.When the user starts a jondo, the jondo and the blender use this shared password to authenticate each other’s communication. As a result of that communication (and if the blender accepts the jondo into the crowd; see Section 8.2), the blender adds the new jondo (i.e., its IP address, port number, and account name) to its list of members, and reports this list back to the jondo. In addition, the blender generates and reports back a list of shared keys, each of which can be used to authenticate another member of the crowd. The blender then sends each key to the other jondo that is intended to share it (encrypted under the account password for that jondo) and informs the other jondo of the new member.

It also states that in a future version (unsure what is considered to be a future version at this point) that it will use Diffie Hellman for key distribution.

We anticipate that in future versions of Crowds, jondos will establish shared keys using Diffie-Hellman key exchange [Diffie and Hellman 1976], where the blender serves only to distribute the Diffie-Hellman public keys of crowd members. This will eliminate the present reliance on the blender for key generation.

Differences

The difference here is that with Crowds each pair of nodes has a different symmetric key used to encrypt the data between nodes. A path key is established for each path that will encrypt the actual request and response. This is forwarded along the path by using the symmetric key of each pair of nodes. But there is no layering here. With the randomness of Crowds you wouldn't want to encrypt the data 10 times. The latency could grow out of control.

Also, Tor does not require an account to establish an initial connection to the network. Now once Crowds begins using DH this account might no longer be necessary, and anonymous2 connections to a crowd could be possible.

The other main difference is how circuits are chosen. While Tor relies on choosing a circuit of 3 Crowds relies on randomness to determine how many nodes are taken. It could be 2, 3, or 15. Depends on that coin flip.


As far as use cases, they're both anonymous technologies. In that sense they're interchangeable, but they are very different implementations of anonymous networks. I think it's more a preference as to which one you choose to use. Obviously having to create an account to use the Crowds service might be a disadvantage, but perhaps you like randomness of its circuits more. Either one will be suitable for the purpose it just depends on your comfort level, and what you prefer in the end.

Details on each Protocol

Crowds white paper (PDF)
Tor white paper (PDF)


1 Clear is defined as how the data was originally sent from the source. If this data was encrypted then its not technically plaintext, but there is no added encryption by Onion Routing to data passed through the circuit.

2 By anonymous I mean no account that could possibly link a user to a specific crowd.

RoraΖ
  • 12,347
  • 4
  • 51
  • 83
  • How is the symmetric key passed to the nodes? Do all the nodes have the same symmetric key at a time? – mpla_mpla Jul 22 '15 at 13:07
  • As the quoted portion says, the **blender** is responsible for key distribution. When a new jondo enters the crowd all nodes are notified of its presence. Each pair of nodes gets a symmetric key. – RoraΖ Jul 22 '15 at 13:10
  • Yeah how do the symmetric keys reach from the blender to the users/jondos? Assymetric encryption? – mpla_mpla Jul 22 '15 at 13:20
  • @mpla_mpla Updated my answer – RoraΖ Jul 22 '15 at 13:35
  • _When the user starts a jondo, the jondo and the blender use this shared password_. This is what i ask, which is this shared password and how do they know it? Do any of them trasmit it to each other? – mpla_mpla Jul 22 '15 at 13:54
  • Sorry, my copy and paste missed the first sentence. You must have a previously established account with the blender. – RoraΖ Jul 22 '15 at 14:07
  • If I'm following your explanation of how Crowds works; all users in it are functioning as exit points for other users traffic. That seems like a major potential risk to participants. (Based on articles I've read about why you shouldn't run a Tor exit node with your home internet connection/etc.) – Dan Is Fiddling By Firelight Jul 22 '15 at 15:46
1

I suppose onion routing as implemented by Tor is a "crowd" implementation (I believe you are referring to google sharing by Moxie and the like with crowds? - please correct me if not).

Crowds in general protect your identity from the end point, in the Google Sharing example, Google, but of course you're moving that trust to another third party in most cases.

Tor, as said before is a kind of crowd implementation, with the exit node being where the crowding occurs. This has an additional enhancement that the exit nodes can't generally know your identity either (unless you're doing/infected by something that compromises the privacy).

user2867314
  • 610
  • 3
  • 12