reserving privacy means not only hiding the content of messages, but also hiding who is talking to whom (traffic analysis). Much like a physical envelope, the simple application of cryptography within a packet-switched network hides the contents of messages being sent, but can reveal who is talking to whom, and how often. Onion Routing is a general-purpose infrastructure for private communication over a public network [3, 4, 6]. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. The connections are bidirectional, near real-time, and can be used for both connection-based and connectionless traffic. Onion Routing interfaces with off-theshelf application software and systems through specialized proxies, making it easy to integrate into existing systems. Prototypes have been running since July 1997. At press time, the prototype network is processing more than one million Web connections per month from more than six thousand IP addresses in twenty countries and in all six main top level domains. Onion Routing operates by dynamically building anonymous connections within a network of real-time Chaum Onion Routing
[1]
David Chaum,et al.
Untraceable electronic mail, return addresses, and digital pseudonyms
,
1981,
CACM.
[2]
Yossi Matias,et al.
On secure and pseudonymous client-relationships with multiple servers
,
1998,
TSEC.
[3]
Paul F. Syverson,et al.
Private Web Browsing
,
1997,
J. Comput. Secur..
[4]
David A. Wagner,et al.
TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web
,
1998,
First Monday.
[5]
Paul F. Syverson,et al.
Hiding Routing Information
,
1996,
Information Hiding.
[6]
Paul F. Syverson,et al.
Anonymous connections and onion routing
,
1997,
Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).