Privacy-Preserving Dynamic Learning of Tor Network Traffic

Experimentation tools facilitate exploration of Tor performance and security research problems and allow researchers to safely and privately conduct Tor experiments without risking harm to real Tor users. However, researchers using these tools configure them to generate network traffic based on simplifying assumptions and outdated measurements and without understanding the efficacy of their configuration choices. In this work, we design a novel technique for dynamically learning Tor network traffic models using hidden Markov modeling and privacy-preserving measurement techniques. We conduct a safe but detailed measurement study of Tor using 17 relays (~2% of Tor bandwidth) over the course of 6 months, measuring general statistics and models that can be used to generate a sequence of streams and packets. We show how our measurement results and traffic models can be used to generate traffic flows in private Tor networks and how our models are more realistic than standard and alternative network traffic generation~methods.

[1]  Lei Yang,et al.  Enhancing traffic analysis resistance for Tor hidden services with multipath routing , 2015, IEEE Conference on Communications and Network Security.

[2]  Matthew Wright,et al.  DeNASA: Destination-Naive AS-Awareness in Anonymous Communications , 2016, Proc. Priv. Enhancing Technol..

[3]  Christopher Soghoian Enforced Community Standards for Research on Users of the Tor Anonymity Network , 2011, Financial Cryptography Workshops.

[4]  Ian Goldberg,et al.  DefenestraTor: Throwing Out Windows in Tor , 2011, PETS.

[5]  Padhraic Smyth,et al.  Clustering Sequences with Hidden Markov Models , 1996, NIPS.

[6]  Nicholas Hopper,et al.  Throttling Tor Bandwidth Parasites , 2012, NDSS.

[7]  Nicholas Hopper,et al.  IMUX: Managing Tor Connections from Two to Infinity, and Beyond , 2014, WPES.

[8]  Mohsen Imani,et al.  Guard Sets in Tor using AS Relationships , 2018, Proc. Priv. Enhancing Technol..

[9]  Nicholas Hopper,et al.  PeerFlow: Secure Load Balancing in Tor , 2017, Proc. Priv. Enhancing Technol..

[10]  Akira Kato,et al.  Traffic Data Repository at the WIDE Project , 2000, USENIX Annual Technical Conference, FREENIX Track.

[11]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[12]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[13]  Roger Dingledine,et al.  Building Incentives into Tor , 2010, Financial Cryptography.

[14]  Nicholas Hopper,et al.  Challenges in Protecting Tor Hidden Services from Botnet Abuse , 2014, Financial Cryptography.

[15]  Nikita Borisov,et al.  EigenSpeed: secure peer-to-peer bandwidth evaluation , 2009, IPTPS.

[16]  Zhen Ling,et al.  TorWard: Discovery of malicious traffic over Tor , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[17]  Venkata N. Padmanabhan,et al.  Analyzing and Improving a BitTorrent Networks Performance Mechanisms , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[18]  Claudia Díaz,et al.  Inside Job: Applying Traffic Analysis to Measure Tor from Within , 2018, NDSS.

[19]  Roger Dingledine,et al.  Methodically Modeling the Tor Network , 2012, CSET.

[20]  Micah Sherr,et al.  Never Been KIST: Tor's Congestion Management Blossoms with Kernel-Informed Socket Transport , 2014, USENIX Security Symposium.

[21]  Nicholas Hopper,et al.  How Low Can You Go: Balancing Performance with Anonymity in Tor , 2013, Privacy Enhancing Technologies.

[22]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[23]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[24]  Ian Goldberg,et al.  The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting , 2013, Privacy Enhancing Technologies.

[25]  Rob Jansen,et al.  Safely Measuring Tor , 2016, CCS.

[26]  Björn Scheuermann,et al.  The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network , 2014, NDSS.

[27]  Roger Dingledine,et al.  A Case Study on Measuring Statistical Data in the Tor Anonymity Network , 2010, Financial Cryptography Workshops.

[28]  Prateek Mittal,et al.  TorPolice: Towards enforcing service-defined access policies for anonymous communication in the Tor network , 2017, 2017 IEEE 25th International Conference on Network Protocols (ICNP).

[29]  Jr. G. Forney,et al.  The viterbi algorithm , 1973 .

[30]  Micah Sherr,et al.  ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation , 2011, CSET.

[31]  Fatemeh Shirazi,et al.  Analyzing the Effectiveness of DoS Attacks on Tor , 2014, SIN.

[32]  Claudia Díaz,et al.  Tor Experimentation Tools , 2015, 2015 IEEE Security and Privacy Workshops.

[33]  Paul F. Syverson,et al.  LIRA: Lightweight Incentivized Routing for Anonymity , 2013, NDSS.

[34]  Nicholas Hopper,et al.  ABRA CADABRA: Magically Increasing Network Utilization in Tor by Avoiding Bottlenecks , 2016, WPES@CCS.

[35]  Ian Goldberg,et al.  PCTCP: per-circuit TCP-over-IPsec transport for anonymous communication overlay networks , 2013, CCS.

[36]  Olivier Pereira,et al.  Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols , 2018, Proc. Priv. Enhancing Technol..

[37]  Rob Jansen,et al.  Tor's Been KIST: A Case Study of Transitioning Tor Research to Practice , 2017, ArXiv.

[38]  Olivier Pereira,et al.  Waterfilling: Balancing the Tor network with maximum diversity , 2016, Proc. Priv. Enhancing Technol..

[39]  Micah Sherr,et al.  Exploring the potential benefits of expanded rate limiting in Tor: slow and steady wins the race with Tortoise , 2011, ACSAC '11.

[40]  Gareth Owen,et al.  Empirical analysis of Tor Hidden Services , 2016, IET Inf. Secur..

[41]  Joan Feigenbaum,et al.  Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection , 2015, NDSS.

[42]  George Danezis,et al.  PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks , 2014, CCS.

[43]  Mohamed Ali Kâafar,et al.  Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network , 2010, 2010 Fourth International Conference on Network and System Security.

[44]  Lei Yang,et al.  mTor: A multipath Tor routing beyond bandwidth throttling , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[45]  Micah Sherr,et al.  HisTorε: Differentially Private and Robust Statistics Collection for Tor , 2017, NDSS.

[46]  Micah Sherr,et al.  Scalable and Anonymous Group Communication with MTor , 2016, Proc. Priv. Enhancing Technol..

[47]  Claudia Díaz,et al.  Towards Measuring Resilience in Anonymous Communication Networks , 2015, WPES@CCS.

[48]  Nadia Heninger,et al.  Torchestra: reducing interactive traffic delays over tor , 2012, WPES '12.

[49]  Micah Sherr,et al.  Distributed Measurement with Private Set-Union Cardinality , 2017, CCS.

[50]  Junghee Lee,et al.  Analysis on end-to-end node selection probability in Tor network , 2015, 2015 International Conference on Information Networking (ICOIN).

[51]  Ian Goldberg,et al.  Performance and Security Improvements for Tor , 2016, IACR Cryptol. ePrint Arch..

[52]  Nicholas Hopper,et al.  Recruiting new tor relays with BRAIDS , 2010, CCS '10.

[53]  Micah Sherr,et al.  An Empirical Evaluation of Relay Selection in Tor , 2013, NDSS.