Onion routing

Naval Research Laboratory by employees Paul Syverson, Michael G. Reed, and David Goldschlag[3][4] to protect U.S. intelligence communications online.

[5] It was then refined by the Defense Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998.

[4][6][7] This method was publicly released by the same employees through publishing an article in the IEEE Journal on Selected Areas in Communications the same year.

It depicted the use of the method to protect the user from the network and outside observers who eavesdrop and conduct traffic analysis attacks.

The most important part of this research is the configurations and applications of onion routing on the existing e-services, such as Virtual private network, Web-browsing, Email, Remote login, and Electronic cash.

The chosen nodes are arranged into a path, called a "chain" or "circuit", through which the message will be transmitted.

A compromised exit node is thus able to acquire the raw data being transmitted, potentially including passwords, private messages, bank account numbers, and other forms of personal information.

Dan Egerstad, a Swedish researcher, used such an attack to collect the passwords of over 100 email accounts related to foreign embassies.

In this example onion, the source of the data sends the onion to Router A, which removes a layer of encryption to learn only where to send it next and where it came from (though it does not know if the sender is the origin or just another node). Router A sends it to Router B, which decrypts another layer to learn its next destination. Router B sends it to Router C, which removes the final layer of encryption and transmits the original message to its destination.
A client, represented as a phone, sending traffic to an onion labelled "Guard" with four nested lines, then going to a "Middle" onion with three nested lines, then going to an "Exit" onion with two nested lines, and finally going to the Server with one line.
A diagram of an onion routed connection, using Tor 's terminology of guard, middle, and exit relays.