The Path Less Travelled : Overcoming Tor ’ s Bottlenecks with Multipaths

Tor is the most popular low-latency anonymity network for enhancing ordinary users’ online privacy and resisting censorship. While it has grown in popularity, Tor has a variety of performance problems that result in poor quality of service, a strong disincentive to use the system, and weaker anonymity properties for all users. We observe that one reason why Tor is slow is due to low-bandwidth volunteeroperated routers. When clients use a low-bandwidth router, their throughput is limited by the capacity of the slowest node. With the introduction of bridges—unadvertised Tor routers that provide Tor access to users within censored regimes like China— low-bandwidth Tor routers are becoming more common and essential to Tor’s ability to resist censorship. In this paper, we present Conflux, a multipath circuit construction and stream-splitting approach that increases performance for clients using low-bandwidth bridges. Moreover, Conflux significantly improves the experience of users who watch streaming videos online. Through live measurements and a whole-network evaluation conducted on a scalable network emulator, we show that our approach offers an improvement of approximately 30% in expected download time for web browsers who use Tor bridges and for streaming application users. We also show that our scheme has no significant impact on users’ security or anonymity.

[1]  Charles L. Hedrick Rutgers An introduction to igrp , 1991 .

[2]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[4]  K. Walsh,et al.  Scalability and accuracy in a large-scale network emulator , 2002, OPSR.

[5]  Fiona Fui-Hoon Nah,et al.  A study on tolerable waiting time: how long are Web users willing to wait? , 2004, AMCIS.

[6]  Kevin Jeffay,et al.  Tracking the evolution of Web traffic: 1995-2003 , 2003, 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003..

[7]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[9]  Peter Sewell,et al.  Passive-attack analysis for connection-based anonymity systems , 2004, International Journal of Information Security.

[10]  Steven J. Murdoch,et al.  Message Splitting Against the Partial Adversary , 2005, Privacy Enhancing Technologies.

[11]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[12]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[13]  Nick Mathewson,et al.  Anonymity Loves Company: Usability and the Network Effect , 2006, WEIS.

[14]  Klaus Wehrle,et al.  Dynamic Multipath Onion Routing in Anonymous Peer-To-Peer Overlay Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[15]  G. Danezis,et al.  Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity , 2007 .

[16]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[17]  Tadayoshi Kohno,et al.  Challenges and Directions for Monitoring P2P File Sharing Networks - or - Why My Printer Received a DMCA Takedown Notice , 2008, HotSec.

[18]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.

[19]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[20]  Nicholas Hopper,et al.  Hashing it out in public: common failure modes of DHT-based anonymity schemes , 2009, WPES '09.

[21]  Roger Dingledine,et al.  Performance Improvements on Tor or, Why Tor is slow and what we're going to do about it , 2009 .

[22]  Ian Goldberg,et al.  Improving Tor using a TCP-over-DTLS Tunnel , 2009, USENIX Security Symposium.

[23]  Robin A. Snader,et al.  Path Selection for Performance- and Security-Improved Onion Routing , 2009 .

[24]  Nicholas Hopper,et al.  Scalable onion routing with torsk , 2009, CCS.

[25]  Nicholas Hopper,et al.  On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design , 2009, WPES '09.

[26]  Anja Feldmann,et al.  On dominant characteristics of residential broadband internet traffic , 2009, IMC '09.

[27]  Micah Sherr,et al.  Scalable Link-Based Relay Selection for Anonymous Routing , 2009, Privacy Enhancing Technologies.

[28]  Nicholas Hopper,et al.  Recruiting new tor relays with BRAIDS , 2010, CCS '10.

[29]  Roger Dingledine,et al.  Building Incentives into Tor , 2010, Financial Cryptography.

[30]  Ian Goldberg,et al.  An improved algorithm for tor circuit scheduling , 2010, CCS '10.

[31]  Joan Feigenbaum,et al.  Preventing Active Timing Attacks in Low-Latency Anonymous Communication , 2010, Privacy Enhancing Technologies.

[32]  Mark Allman,et al.  Initial Congestion Window Specification , 2010 .

[33]  Micah Sherr,et al.  Exploring the potential benefits of expanded rate limiting in Tor: slow and steady wins the race with Tortoise , 2011, ACSAC '11.

[34]  Walid Dabbous,et al.  One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users , 2011, LEET.

[35]  Carmela Troncoso,et al.  PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval , 2011, USENIX Security Symposium.

[36]  Ian Goldberg,et al.  BridgeSPA: improving Tor bridges with single packet authorization , 2011, WPES.

[37]  Ian Goldberg,et al.  DefenestraTor: Throwing Out Windows in Tor , 2011, PETS.

[38]  Zhuoqing Morley Mao,et al.  Internet Censorship in China: Where Does the Filtering Occur? , 2011, PAM.

[39]  Nikita Borisov,et al.  Securing Tor Tunnels under the Selective-DoS Attack , 2011, ArXiv.

[40]  Micah Sherr,et al.  ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation , 2011, CSET.

[41]  Nicholas Hopper,et al.  Throttling Tor Bandwidth Parasites , 2012, NDSS.

[42]  Tao Wang,et al.  Congestion-Aware Path Selection for Tor , 2012, Financial Cryptography.

[43]  Ming Yang,et al.  Extensive analysis and large-scale empirical evaluation of tor bridge discovery , 2012, 2012 Proceedings IEEE INFOCOM.

[44]  尤达亚玛卡尔·斯瑞尼瓦桑,et al.  Dynamic load balancing without packet reordering , 2012 .

[45]  Nandita Dukkipati,et al.  Increasing TCP's Initial Window , 2013, RFC.