An Empirical Evaluation of Relay Selection in Tor

While Tor is the most popular low-latency anonymity network in use today, Tor suffers from a variety of performance problems that continue to inhibit its wide scale adoption. One reason why Tor is slow is due to the manner in which clients select Tor relays. There have been a number of recent proposals for modifying Tor’s relay selection algorithm, often to achieve improved bandwidth, latency, and/or anonymity. This paper explores the anonymity and performance trade-offs of the proposed relay selection techniques using highly accurate topological models that capture the actual Tor network’s autonomous system (AS) boundaries, points-of-presence, inter-relay latencies, and relay performance characteristics. Using realistic network models, we conduct a wholenetwork evaluation with varying traffic workloads to understand the potential performance benefits of a comprehensive set of relay selection proposals from the Tor literature. We also quantify the anonymity properties of each approach using our network model in combination with simulations fueled by data from the live Tor network.

[1]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[2]  Christopher Soghoian Enforced Community Standards for Research on Users of the Tor Anonymity Network , 2011, Financial Cryptography Workshops.

[3]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[4]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[6]  Lixin Gao,et al.  CAM04-4: AS Path Inference by Exploiting Known AS Paths , 2006, IEEE Globecom 2006.

[7]  Ian Goldberg,et al.  Improving Tor using a TCP-over-DTLS Tunnel , 2009, USENIX Security Symposium.

[8]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  Nicholas Hopper,et al.  Recruiting new tor relays with BRAIDS , 2010, CCS '10.

[10]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.

[11]  Arun Venkataramani,et al.  iPlane Nano: Path Prediction for Peer-to-Peer Applications , 2009, NSDI.

[12]  S. Hahn,et al.  Privacy-preserving Ways to Estimate the Number of Tor Users , 2012 .

[13]  Roger Dingledine,et al.  Performance Improvements on Tor or, Why Tor is slow and what we're going to do about it , 2009 .

[14]  Ian Goldberg,et al.  An improved algorithm for tor circuit scheduling , 2010, CCS '10.

[15]  Krishna P. Gummadi,et al.  King: estimating latency between arbitrary internet end hosts , 2002, IMW '02.

[16]  Micah Sherr,et al.  Exploring the potential benefits of expanded rate limiting in Tor: slow and steady wins the race with Tortoise , 2011, ACSAC '11.

[17]  S. Blott,et al.  Large scale simulation of Tor: modelling a global passive adversary , 2007 .

[18]  Micah Sherr,et al.  A3: An Extensible Platform for Application-Aware Anonymity , 2010, NDSS.

[19]  Arun Venkataramani,et al.  iPlane: an information plane for distributed services , 2006, OSDI '06.

[20]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[21]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[22]  Paul Francis,et al.  IDMaps: a global internet host distance estimation service , 2001, TNET.

[23]  G. Danezis,et al.  Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity , 2007 .

[24]  Micah Sherr,et al.  ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation , 2011, CSET.

[25]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.

[26]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[27]  Roger Dingledine,et al.  Methodically Modeling the Tor Network , 2012, CSET.

[28]  Robert N. M. Watson,et al.  Metrics for Security and Performance in Low-Latency Anonymity Systems , 2008, Privacy Enhancing Technologies.

[29]  Robert Tappan Morris,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM '04.

[30]  Nick Mathewson,et al.  Trust-based anonymous communication: adversary models and routing algorithms , 2011, CCS '11.

[31]  Tao Wang,et al.  Congestion-Aware Path Selection for Tor , 2012, Financial Cryptography.

[32]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[33]  Ian Goldberg,et al.  DefenestraTor: Throwing Out Windows in Tor , 2011, PETS.

[34]  Ian Goldberg,et al.  Changing of the guards: a framework for understanding and improving entry guard selection in tor , 2012, WPES '12.

[35]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[36]  Roger Dingledine,et al.  Building Incentives into Tor , 2010, Financial Cryptography.

[37]  Micah Sherr,et al.  Scalable Link-Based Relay Selection for Anonymous Routing , 2009, Privacy Enhancing Technologies.

[38]  Mike Perry,et al.  TorFlow: Tor Network Analysis , 2009 .

[39]  Harsha V. Madhyastha,et al.  LASTor: A Low-Latency AS-Aware Tor Client , 2012, IEEE/ACM Transactions on Networking.

[40]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[41]  Paul Francis,et al.  An architecture for a global Internet host distance estimation service , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).