The IPv4 Address Crisis in IoT

The Internet of Things (IoT) revolution faces a fundamental infrastructure challenge: address exhaustion. With projections estimating 75 billion connected devices by 2025, the limitations of IPv4’s 4.3 billion addresses (2³²) become starkly apparent. This scarcity drives up costs for IP addresses and forces complex Network Address Translation (NAT) schemes that complicate device-to-device communication.

graph TD
    subgraph "Traditional IoT Architecture"
        A1[IoT Devices<br/>75B by 2025] --> B1[IPv4 Addresses<br/>Only 4.3B Available]
        B1 --> C1[NAT Gateway<br/>Address Sharing]
        C1 --> D1[Limited Scalability]
    end

    subgraph "Internet of Onion Things"
        A2[IoT Devices<br/>Unlimited] --> B2[.onion Addresses<br/>2²⁵⁶ Address Space]
        B2 --> C2[Tor Network<br/>Privacy + Anonymity]
        C2 --> D2[Infinite Scalability]
    end

    style B1 fill:#FF5722
    style D1 fill:#FF5722
    style B2 fill:#4CAF50
    style D2 fill:#4CAF50

Address Space Comparison:

  • IPv4: 2³² = 4.3 billion addresses (insufficient)
  • IPv6: 2¹²⁸ = 340 undecillion addresses (slow adoption)
  • Tor v3: 2²⁵⁶ = Astronomically larger (2¹²⁸ × IPv6)

The integration of Tor hidden services in the Internet of Things (IoT) offers an innovative solution to these limitations. IoT devices span diverse categories:

  • Smart Home: Thermostats, lighting systems, door locks, security cameras
  • Industrial IoT: Sensors monitoring temperature, vibration, pressure, air quality (PM2.5)
  • Connected Vehicles: Telematics systems, diagnostic sensors, entertainment units
  • Medical Devices: Wearable health monitors, remote patient monitoring equipment
  • Smart City: Traffic sensors, environmental monitors, public infrastructure

Traditionally, these devices rely on Bluetooth for local communication and WiFi/Ethernet for internet connectivity. They typically connect to a central gateway unit equipped with both Bluetooth and a network interface card to aggregate and transmit data to cloud services. However, this architecture struggles when devices need direct internet addressability.

Tor in IoT architecture diagram showing secure anonymous communication between IoT devices through Tor network

The “Internet of Onion Things” Solution

In a world where IPv6 adoption remains sluggish (less than 40% global penetration as of 2024) and IPv4 addresses are scarce, an innovative approach, named “The Internet of Onion Things,”1 was proposed by security researchers. Unlike traditional IP-based addressing, .onion addresses in the Tor network use cryptographic keys as unique identifiers.

Cryptographic Address Space: The Key Advantage

The evolution from Tor v2 to v3 demonstrates the scalability potential:

  • Tor v2 (deprecated): Used RSA-1024, providing 2¹⁰²⁴ possible addresses
  • Tor v3: Uses Ed25519, providing 2²⁵⁶ possible addresses

Taking Ed25519 (Tor v3) as an example, address generation starts with a 256-bit private key. This translates to a configuration space of 2²⁵⁶, enabling the creation of 2²⁵⁶ unique device identifiers—a number so vast it exceeds the estimated number of atoms in the observable universe.

Address Quantity Comparison:

IPv4:   2³² =   ~4.3 billion addresses
IPv6:   2¹²⁸ =  ~340 undecillion addresses
Tor v3: 2²⁵⁶ =  Astronomically larger (2¹²⁸ times IPv6)

This massive address space ensures that every IoT device—from a smart lightbulb to an industrial sensor—can have a globally unique, cryptographically secure identifier without risk of address exhaustion.

Ed25519 Overview2

Ed25519 keys originate from a 32-byte (256-bit) uniformly random binary seed, typically the output of a SHA256 hash on random input. This seed undergoes a SHA512 hash, resulting in 64 bytes (512 bits), divided into two halves. The first 32 bytes are converted into a curve25519 private scalar “a” after some bit manipulations. The public key is then derived by multiplying this scalar by the generator point “B”, resulting in a 32-byte (256-bit) group element “A”.

Layering Security: Tor Over Existing Infrastructure

Interestingly, Tor’s network operates as an overlay atop the existing IPv4 or IPv6 infrastructure. This architectural approach offers several advantages:

Infrastructure Reuse: Tor doesn’t require new physical infrastructure or ISP changes. Devices connect to the internet normally, then establish Tor circuits through existing connections.

Address Multiplication: The limited 2³² IPv4 addresses can support exponentially more Tor-addressable devices. A single IPv4 address can gateway hundreds of IoT devices, each with unique .onion identifiers.

Backward Compatibility: Devices can maintain both traditional IP addresses (for local network access) and .onion addresses (for secure internet communication).

This expansion alleviates concerns about the scarcity of IPv4 addresses for devices like IP cameras, industrial sensors, and smart home appliances.

Enhanced Security Through Obscurity and Cryptography

Beyond addressing, .onion-based IoT offers substantial security improvements:

1. Resistance to Mass Scanning

An added advantage of using .onion addresses in IoT is the increased difficulty for attackers to target these devices. The vast address space of 2²⁵⁶ in Tor v3 presents a much higher challenge for scanning and attacking compared to the 2³² space of IPv4.

IPv4 Reality: Automated scanners can sweep the entire IPv4 space in hours, discovering vulnerable cameras, routers, and sensors. The Mirai botnet demonstrated this threat, compromising millions of devices.

Tor v3 Reality: Scanning 2²⁵⁶ addresses is computationally infeasible. Even at 1 billion addresses per second, it would take longer than the age of the universe to scan a tiny fraction of the space.

2. Built-in End-to-End Encryption

Tor hidden services provide automatic encryption for all communication:

  • No need for separate TLS/SSL configuration
  • Protection against man-in-the-middle attacks
  • Encrypted data in transit through multiple relay nodes

3. Network Location Privacy

Unlike IP addresses that reveal geographical and network information:

  • .onion addresses disclose no location data
  • Devices can move between networks without address changes
  • ISPs cannot easily identify device types from traffic patterns

4. DDoS Mitigation

Tor’s architecture naturally provides DDoS protection:

  • Attackers don’t know the device’s real IP address
  • Traffic is distributed across multiple relay nodes
  • Introduction points can rate-limit connection attempts

Real-World Applications of “The Internet of Onion Things”

This concept has been practically applied in various innovative ways:3

1. Secure Vehicle Telematics

Use Case: Connected cars generate sensitive data about location, driving patterns, and vehicle diagnostics. Transmitting this data via .onion addresses provides:

  • Driver Privacy: Location data encrypted and anonymized through Tor
  • Anti-Tracking: Prevents automotive manufacturers and third parties from building movement profiles
  • Secure Remote Diagnostics: Mechanics can access vehicle data without exposing the car to internet-wide attacks

2. Privacy-Preserving Smart Home

Use Case: Home security cameras, smart locks, and environmental sensors:

  • Devices accessible remotely without exposing home IP address
  • Prevents burglars from scanning IP ranges to find vulnerable homes
  • Family members can access home systems through Tor Browser from anywhere

3. Industrial Sensor Networks

Use Case: Factory and infrastructure monitoring sensors:

  • Sensors report data to central monitoring without public IP requirements
  • Resistance to industrial espionage (competitors can’t discover sensor locations)
  • Secure over hostile networks (sensors in remote locations)

4. Medical Device Communication

Use Case: Remote patient monitoring and medical implants:

  • HIPAA-compliant communication without complex VPN setups
  • Patient location privacy preserved
  • Prevents targeting of individuals based on medical device signatures

Challenges and Limitations

While promising, Tor-based IoT faces several practical challenges:

Performance Overhead

  • Latency: Tor routing through multiple relays adds 100-300ms latency
  • Bandwidth: Three-hop circuits consume 3x bandwidth compared to direct connections
  • Unsuitability: Real-time applications (voice calls, video streaming) may experience quality degradation

Resource Constraints

  • Memory: Tor client requires 10-50 MB RAM—challenging for low-power microcontrollers
  • Computation: Cryptographic operations drain battery on wireless devices
  • Storage: Tor consensus documents and relay lists require periodic updates

Network Reliability

  • Circuit Failures: Tor circuits occasionally fail, requiring reconnection
  • Bootstrap Time: Initial Tor connection can take 10-30 seconds
  • Relay Availability: Dependence on volunteer relay network availability

Accessibility Trade-offs

  • User Experience: Requires Tor Browser or special client software to access devices
  • Mobile Access: Tor browsers on mobile platforms have limitations
  • Service Discovery: No DNS-like directory for discovering .onion IoT devices

Implementation Considerations

For developers building Tor-enabled IoT systems:

  1. Lightweight Tor Implementations: Use stripped-down Tor clients like mini-tor or tor-embedded for resource-constrained devices
  2. Hybrid Approaches: Maintain both local IP access (for LAN) and .onion access (for internet)
  3. Power Management: Implement aggressive circuit caching and connection pooling
  4. Fallback Mechanisms: Provide alternative access methods if Tor network is unavailable

Conclusion: A Promising Alternative for Privacy-Conscious IoT

The “Internet of Onion Things” represents an innovative approach to solving two critical IoT challenges simultaneously: address scarcity and security. By leveraging Tor’s 2²⁵⁶ cryptographic address space, IoT deployments can scale indefinitely without IPv4 limitations.

While performance and resource constraints currently limit widespread adoption, the concept demonstrates particular value for:

  • Security-critical applications requiring strong anonymity
  • Deployments in adversarial network environments
  • Devices requiring long-term stable identifiers independent of network changes

As IoT devices become more powerful and Tor protocols optimize for lower latency, the “Internet of Onion Things” may evolve from an experimental concept to a practical privacy-preserving infrastructure layer for billions of connected devices.

For more insights into Tor’s cryptographic foundations, see our article on generating .onion addresses.

  1. The Internet of Onion Things - Presentation 

  2. Ed25519 Keys - Technical Overview 

  3. Secure Car Sensor Analytics - Application Example