Swiss researchers have described HORNET, a Tor equivalent that works faster

The anonymous cryptographic network of virtual tunnels Tor has a number of advantages. Tor easily replaces the address of the connection, allowing you to enter the normal Internet using the IP of one of the output nodes. It is also possible to place hidden web sites on the Tor network, which will not be able to establish the actual physical location (at least in theory ). This makes Tor an instrument of political activists, drug dealers, journalists, and ordinary users of the Network. For all its attractiveness and security from wiretapping and tracking, Tor has a significant drawback: it works too slowly. Researchers at the Zurich Swiss Higher Technical School have created the concept of a tor-like anonymous network that is faster.

The team called its creation High-speed Onion Routing at the NETwork layer or HORNET (hornet). In a paper published last week , they described the principles of the proposed concept, which in theory could be the next generation of Tor. Already in the summary, they promise the speed of passing traffic through individual nodes up to 93 Gbit / s. Researchers say the possibility of quickly adding new users to the network.

Like Tor, HORNET uses a multilayered network with a bulb. Each node decrypts the “onion” layer to obtain data on where to transfer a portion of data. Then the packet is transmitted to the next node. HORNET uses two versions of the onion protocol to protect anonymity: one to access the public Internet, the second uses a modified version of the Tor meeting points protocol to access hidden web sites.

To access an unprotected site on the external network, HORNET uses the torped-like Sphinx onion marshaling protocol. The source creates for each of the nodes a pair of symmetric keys using the Diffie-Hellman protocol. The keys are used to encrypt the so-called Forwarding Segment (segment of the transfer), a fragment that contains information about the status of the transfer, hop, information about subsequent data packets and so on.
')
To transfer the actual data, transfer segments are collected from each of the nodes in the chain to what the researchers called anonymous header (AHDR, anonymous header). Each node gets access to its own forwarding segment without disclosing information about the path, except for data about the past and the next nodes. The data is encrypted using keys for each of the nodes, and the transmission of cryptographic layers is removed. As the researchers say, the advantage of this scheme is a significant reduction in the computational load for transmitting each packet and the amount of service data transmitted about the connection.

HORNET package type comparison

But there are also .onion sites in Tor that can only be accessed inside the anonymous network. To hide both the client and the site server, a system of meeting points is used, which excludes the possibility of eavesdropping traffic. The hidden site selects the meeting point, then the information about the connectivity signed by the cryptographic key is posted to the distributed database - the hidden service descriptor. Later, when building a request, the client finds data about the meeting point and from there begins to connect. In HORNET, common methods are similar with slight differences in details and terminology. For example, the hidden service descriptor here is called AHDR. There are a number of useful improvements. As meeting points become obsolete, the client and hidden service can select a new meeting point, which will give a faster connection. Hidden service when announcing its own existence can choose several meeting points, and the client will be able to choose one with the best channel for him. The disadvantage with respect to Tor is the doubled header size.

The researchers also tested the possibility of embedding HORNET network nodes in software routers. The HORNET code was inserted into routers with Intel software using the Data Plane Development Kit (DPDK) version 1.7. HORNET client was written in Python. According to the researchers, no other anonymous network was written at the SDK level of the router.

A separate chapter of the report is devoted to security research. Like Tor, HORNET is vulnerable. If government agencies or any other intruders control more than one node on the data path, they can try to detect traffic detection. This will require analysis of timing and traffic paths, packet labels, and other methods that some studies have shown work against Tor. HORNET is not able to protect against such attacks directed at individual users, researchers acknowledge.

Based on Ars Technica . arXiv: 1507.05724 [cs.CR]. Photograph of Abispa ephippium , James Niland, CC BY 2.0.