Unlike the human-friendly domain names that we are used to using when navigating the Internet, Dark Web sites use the names of hidden Tor services. The top – level domain .onion is always preceded by values of 16 characters. Any computer with Tor software can be used as a platform for hosting a hidden (for example, online) service. Dark Web users find names through external channels, for example, from the Pastebin web application or Dark Web market lists.
The Tor software running on the Tor host creates a local file directory, assigns a port number for the service, and creates a public/private key pair when configuring a hidden service. The Tor software creates a hostname consisting of 16 characters as follows: first it calculates the hash of the public key of this pair, and then converts the first 80 bits into this hash from a binary value to ASCII so that these 16 characters meet the “letter-digit-hyphen” requirement of the Domain Name System (DNS) protocol.
Dark Web users do not use open DNS for resolution .onion to Internet Protocol (IP) addresses – on the contrary, the resolution occurs when using a completely independent protocol of hidden Tor services. This protocol allows services to notify customers of their existence and helps customers find services while maintaining anonymity and location (IP address) both the client and the service. Both the client and the main node of the hidden service play an active role in this process.
First, the main Tor node “advertises” the hidden service by creating and publishing a description of the service in a distributed directory of services.
This description contains the public key of the hidden service and a list of Tor nodes that will serve as dating points, reliable intermediaries for the hidden service. Then the main Tor node creates connections with the listed acquaintance points. Any Tor client who wants to connect to a hidden service can now do so through these dating points.
To connect to a hidden service, the Tor client sends a request to the catalog service for a description of the service. The point of acquaintance is chosen arbitrarily from the list in the description of the service. Then the Tor client randomly selects a “rendezvous point” on the Tor network, anonymously connects to the selected point of acquaintance through the rendezvous point and transmits a message to the hidden service through the point of acquaintance. This message contains the identification data of the rendezvous point encrypted with the public key of the hidden service, as well as the materials necessary to initiate a cryptographic “handshake”. The hidden service also creates a reverse connection to the selected rendezvous point and sends a message that completes this cryptographic handshake. At this stage, the client and the hidden service have created a private network route that cannot be tracked – and now they can exchange data with anonymity and confidentiality.