Tue Jun 05 2018

What is onion router and how does it work?

Technology1615 views

The Onion Router

The Tor software as you know it today was originally open-sourced in October 2003 and is the 3rd generation of Onion Routing software. This idea of Onion Routing was simply that you can wrap traffic in encrypted layers in order to protect the contents of the data as well as the anonymity of the sender and receiver.

But the question is - how does Tor work under the hood? In this article, we’ll take a deep dive into the structure and protocols used by the Tor network. Before that, let's take a look at the concept of TOR.

So, what is TOR?

Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name - The Onion Router. It directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis.

Tor makes difficult to trace Internet activity to the user, includes - visit a website, online posts, instant messages, and other communication forms. Its intended use is to protect the personal privacy of the users as well as their freedom. Tor has the ability to conduct confidential communication and keeping the users' Internet activities safe from unauthorized intermediaries.

But remember that, Tor does not prevent an online service from determining when it is being accessed through Tor. Tor protects a user's privacy but does not hide the fact that someone is using Tor. Some websites restrict allowances through Tor.

The U.S. Naval Research Laboratory sponsored the development of onion routing in the 1990s, and Tor itself was developed by Navy and independent researchers in 2002. Today, Tor's original creators continue to support and update the protocol under the Tor Project, an independent, nonprofit organization that is partly funded by various arms of the U.S. government.

Why should you use Tor?

Tor protects you against a common form of Internet surveillance known as "traffic analysis" that can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic cause to allow others to track your behavior and interests. This can impact your checkbook if an e-commerce site uses price discrimination based on your country or institution of origin. It can be like threatening to your job and physical safety if reveal that who you are and where you are.

Internet data packets have two parts a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses the source, destination, size, timing, and so on.

A basic problem for the privacy-minded is that the recipient of your communications can see that you sent it by looking at headers. So it can be authorized intermediaries like Internet service providers or sometimes unauthorized intermediaries as well.

A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, and looking at headers. There are also more powerful kinds of traffic analysis like some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers since it only hides the content of Internet traffic, not the headers.

Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks, so no observer at any single point can tell where the data came from or where it's going.

How does it work?

Tor protects your identity online namely your IP address by encrypting your traffic in at least three layers and bouncing it through a chain of three volunteer computers chosen among thousands around the world, each of which strips off just one layer of encryption before bouncing your data to the next computer. All of that makes it very difficult for anyone to trace your connection from origin to destination. If there are more relays to choose from, it will be more difficult to track any one user.

By default, Tor bounces connections through 3 relays. Each of these has a specific role to play.

Entry/Guard relay is the entry point to the Tor network. Relays are selected to serve as guard relays after being around for a while, as well as having shown to be stable and having high bandwidth.

Middle relays are exactly that middle nodes used to transport traffic from the guard relay to the exit relay. This prevents the guard and exit relay from knowing each other.

Exit relays are the exit point at the edge of the Tor network. These relays send traffic to the final destination intended by the client.


  • To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network.

  • The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to.

  • No individual relay ever knows the complete path that a data packet has taken.

  • The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.

  • Once a circuit has been established, many kinds of data can be exchanged and several different sorts of software applications can be deployed over the Tor network. Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination.

  • Tor only works for TCP streams and can be used by any application with SOCKS support.

  • Tor software uses the same circuit for connections that happen within the same ten minutes or so.

  • Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.

  • Encrypted data is then encrypted again in such a way that only the middle relay can decrypt it.

  • Finally, this encrypted data is encrypted once more in such a way that only the guard relay can decrypt it.

  • You have wrapped your original data in layers of encryption.

  • By doing this, each relay only has the information it needs to know - where it got the encrypted data from, and where to send it to next. Encrypting data this way is beneficial to both parties.


Lastly says, nothing is full of anonymous or secure, whether you're using Tor, a VPN, or anything else. If you think you need something, think about what exactly you're doing and what you need to protect. Hope you like this article. Thank you!

We use cookies to improve your experience on our site and to show you personalised advertising. Please read our cookie policy and privacy policy.