This is the new home of the cebolla IP anonymity project.
Cebolla provides multi-hop anonymous IP tunnels which use UDP for transport. The tunnel end-points are presented as networking devices on the client and on the final hop. The current implementation is linux only.
If you want to contribute to the project see the source download link below.
Cebolla was written by Zach Brown;
I Adam Back, am it's
current interim maintainer.
Etymology: "Cebolla" is "Onion" in Spanish.
Papers
For details see Zach Brown's paper at the OLS 2002:
Source
Download source code from [source].
The tunnel establishment process negotiates keys shared between the client and each node along the path. The keys are associated with the tunnel ID, packets travelling down the tunnel have tunnel IDs at the link layer. The links between nodes are in addition encrypted to hide the tunnel IDs.
Without end-to-end forward-anonymity, ie with the weaker hop-by-hop forward-anonymity offered by most other anonymity related systems, a single rogue node in the path can compromise forward-anonymity by recording information which would allow him to later compromise the anonymity of the connection by coercing other nodes to hand over long term private keys.
Cebolla's symmetric re-keying scheme is also forward-secret (keys are replaced with the one-way hash of the previous key). The symmetric re-keying scheme is much cheaper than a Diffie-Hellman key negotiation, which allows Cebolla to offer pretty immediate forward-anonymity (down to the level of seconds).