Modified Relay Selection and Circuit Selection for Faster Tor

Users of the Tor anonymity system suffer from lessthan- ideal performance, in part because circuit building and selection processes are not tuned for speed. In this paper, we examine both the process of selecting among pre-built circuits and the process of selecting the path of relays for use in building new circuits to improve performance while maintaining anonymity. First, we show that having three pre-built circuits available allows the Tor client to identify fast circuits and improves median time to first byte (TTFB) by 15% over congestion-aware routing, the current state-of-the-art method. Second, we propose a new path selection algorithm that includes broad geographic location information together with bandwidth to reduce delays. In Shadow simulations, we find 20% faster median TTFB and 11% faster median total download times over congestion-aware routing for accessing webpage-sized objects. Our security evaluations show that this approach leads to better or equal security against a generic relay-level adversary compared to Tor, but increased vulnerability to targeted attacks. We explore this trade-off and find settings of our system that offer good performance, modestly better security against a generic adversary, and only slightly more vulnerability to a targeted adversary.

[1]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[2]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[3]  Martin Schmiedecker,et al.  NavigaTor: Finding Faster Paths to Anonymity , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[5]  Nick Mathewson,et al.  Anonymity Loves Company: Usability and the Network Effect , 2006, WEIS.

[6]  Nicholas Hopper,et al.  Recruiting new tor relays with BRAIDS , 2010, CCS '10.

[7]  Ian Goldberg,et al.  An improved algorithm for tor circuit scheduling , 2010, CCS '10.

[8]  Micah Sherr,et al.  An Empirical Evaluation of Relay Selection in Tor , 2013, NDSS.

[9]  Tao Wang,et al.  Congestion-Aware Path Selection for Tor , 2012, Financial Cryptography.

[10]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[11]  Nicholas Hopper,et al.  How much anonymity does network latency leak? , 2007, TSEC.

[12]  R. Dingledine,et al.  One Fast Guard for Life ( or 9 months ) , 2014 .

[13]  Roger Dingledine,et al.  On the Economics of Anonymity , 2003, Financial Cryptography.

[14]  Roger Dingledine,et al.  Methodically Modeling the Tor Network , 2012, CSET.

[15]  Lixin Gao,et al.  CAM04-4: AS Path Inference by Exploiting Known AS Paths , 2006, IEEE Globecom 2006.

[16]  Micah Sherr,et al.  Scalable Link-Based Relay Selection for Anonymous Routing , 2009, Privacy Enhancing Technologies.

[17]  Prateek Mittal,et al.  Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting , 2011, CCS '11.

[18]  Nicholas Hopper,et al.  How Low Can You Go: Balancing Performance with Anonymity in Tor , 2013, Privacy Enhancing Technologies.

[19]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[20]  Micah Adler,et al.  Passive-Logging Attacks Against Anonymous Communications Systems , 2008, TSEC.

[21]  Ian Goldberg,et al.  The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting , 2013, Privacy Enhancing Technologies.

[22]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.

[23]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[24]  Roger Dingledine,et al.  Building Incentives into Tor , 2010, Financial Cryptography.

[25]  Harsha V. Madhyastha,et al.  LASTor: A Low-Latency AS-Aware Tor Client , 2012, IEEE/ACM Transactions on Networking.

[26]  Micah Sherr,et al.  Never Been KIST: Tor's Congestion Management Blossoms with Kernel-Informed Socket Transport , 2014, USENIX Security Symposium.

[27]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[28]  Micah Sherr,et al.  ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation , 2011, CSET.

[29]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.