HORNET, the High-Speed Tor-Like encrypted anonymous network

Pierluigi Paganini July 26, 2015

A group of six academics has developed Hornet, a new high-speed anonymity network that promises to be a valid alternative to the popular Tor network.

Hornet allows for anonymous web surfing protecting the user’s privacy.

The principal advantage HORNET has respect other anonymizing networks like Tor, is the speed. The Hornet is able to manage anonymous traffic at speeds of more than 93 Gbps.

The HORNET anonymous network was designed by researcher Chen Chen of Carnegie Mellon University, with the colleagues Daniele Enrico Asoni, Adrian Perrig and David Barrera of the Zurich’s Federal Institute of Technology, and George Danezis of University College London.

“Our system uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes. This design enables HORNET nodes to process anonymous traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal processing overhead per additional anonymous channel. We discuss design and implementation details, as well as a performance and security evaluation.” is the description provided by the experts in the paper titled HORNET: High-speed Onion Routing at the Network Layer.

In order to speed up data transfer, HORNET doesn’t keep the state at each relay, connection state is carried within packet headers, this means that intermediate nodes can quickly forward traffic for large numbers of nodes.

HORNET does not “perform computationally expensive operations for data forwarding,” allowing it to scale as required without any limitations.

HORNET encrypts encapsulated network requests in “onions,” like Tor each layer being decrypted by each node passing the traffic along to retrieve information on next hop where to forward data. HORNET uses two onion protocols for protecting the anonymity of requests to online resources and a modified version of Tor’s “rendezvous point” negotiation to connect with a site in the HORNET network.

When a user wants to access a website on the Internet a Tor-like “Sphinx” onion protocol is first used to set up the channel.

“Each Sphinx packet allows a source node to establish a set of symmetric keys, one for each node on the path through which packets are routed,” states the paper. A chain of keys is created via a Diffie-Helman exchange and each key is used to encrypt a “Forwarding Segment.”

“The [Forwarding Segment] allows its creating node to dynamically retrieve the embedded information (i.e., next hop, shared key, session expiration time), while hiding this information from unauthorized third parties,” reports the paper.

The sender inserts the forwarding segments related to each node on the channel to the destination in the anonymous header (AHDR).

Hornet packet

“An AHDR grants each node on the path access to the [forwarding segment] it created, without divulging any information about the path except for a node’s previous and next nodes,” states the paper.

The data traffic is encrypted with the keys for each of the nodes in the channel. According to the experts, the methodology developed for the HORNET project is more resilient to confirmation attacks respect the Tor network.

The data proposed in the paper confirm that the new High-Speed Tor-Like encrypted anonymous network could be of a great instrument to protect anonymity online.

Pierluigi Paganini

(Security Affairs – Hornet, Anonymity)

you might also like

leave a comment