Towards Predicting Efficient and Anonymous Tor Circuits

The Tor anonymity system provides online privacy for millions of users, but it is slower than typical web browsing. To improve Tor performance, we propose PredicTor, a path selection technique that uses a Random Forest classifier trained on recent measurements of Tor to predict the performance of a proposed path. If the path is predicted to be fast, then the client builds a circuit using those relays. We implemented PredicTor in the Tor source code and show through live Tor experiments and Shadow simulations that PredicTor improves Tor network performance by 11% to 23% compared to Vanilla Tor and by 7% to 13% compared to the previous state-of-the-art scheme. Our experiments show that PredicTor is the first path selection algorithm to dynamically avoid highly congested nodes during times of high congestion and avoid long-distance paths during times of low congestion. We evaluate the anonymity of PredicTor using standard entropy-based and time-to-first-compromise metrics, but these cannot capture the possibility of leakage due to the use of location in path selection. To better address this, we propose a new anonymity metric called CLASI: Client Autonomous System Inference. CLASI is the first anonymity metric in Tor that measures an adversary's ability to infer client Autonomous Systems (ASes) by fingerprinting circuits at the network, country, and relay level. We find that CLASI shows anonymity loss for location-aware path selection algorithms, where entropy-based metrics show little to no loss of anonymity. Additionally, CLASI indicates that PredicTor has similar sender AS leakage compared to the current Tor path selection algorithm due to PredicTor building circuits that are independent of client location.

[1]  Harsha V. Madhyastha,et al.  LASTor: A Low-Latency AS-Aware Tor Client , 2012, IEEE/ACM Transactions on Networking.

[2]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[3]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[4]  Mohsen Imani,et al.  Guard Sets in Tor using AS Relationships , 2018, Proc. Priv. Enhancing Technol..

[5]  Nick Feamster,et al.  Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[6]  Michael Schapira,et al.  Measuring and Mitigating AS-level Adversaries Against Tor , 2016, NDSS.

[7]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.

[8]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[9]  Armon Barton,et al.  : Destination-Naive AS-Awareness in Anonymous Communications , 2016 .

[10]  Claude E. Shannon,et al.  The Mathematical Theory of Communication , 1950 .

[11]  Micah Sherr,et al.  Never Been KIST: Tor's Congestion Management Blossoms with Kernel-Informed Socket Transport , 2014, USENIX Security Symposium.

[12]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[13]  Nicholas Hopper,et al.  How Low Can You Go: Balancing Performance with Anonymity in Tor , 2013, Privacy Enhancing Technologies.

[14]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[15]  Micah Adler,et al.  Passive-Logging Attacks Against Anonymous Communications Systems , 2008, TSEC.

[16]  Joshua Juen,et al.  Protecting anonymity in the presence of autonomous system and internet exchange level adversaries , 2012 .

[17]  Roger Dingledine,et al.  Methodically Modeling the Tor Network , 2012, CSET.

[18]  Martin Schmiedecker,et al.  NavigaTor: Finding Faster Paths to Anonymity , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.

[20]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[21]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[22]  Robert N. M. Watson,et al.  Metrics for Security and Performance in Low-Latency Anonymity Systems , 2008, Privacy Enhancing Technologies.

[23]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[24]  Rob Jansen,et al.  Safely Measuring Tor , 2016, CCS.

[25]  Micah Sherr,et al.  An Empirical Evaluation of Relay Selection in Tor , 2013, NDSS.

[26]  Tao Wang,et al.  Congestion-Aware Path Selection for Tor , 2012, Financial Cryptography.

[27]  Olivier Pereira,et al.  Waterfilling: Balancing the Tor network with maximum diversity , 2016, Proc. Priv. Enhancing Technol..

[28]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[29]  R. Dingledine,et al.  One Fast Guard for Life ( or 9 months ) , 2014 .

[30]  M. Crovella,et al.  Heavy-tailed probability distributions in the World Wide Web , 1998 .

[31]  T. Vincenty DIRECT AND INVERSE SOLUTIONS OF GEODESICS ON THE ELLIPSOID WITH APPLICATION OF NESTED EQUATIONS , 1975 .

[32]  Aniket Kate,et al.  AnoA: A Framework for Analyzing Anonymous Communication Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[33]  Nicholas Hopper,et al.  ABRA CADABRA: Magically Increasing Network Utilization in Tor by Avoiding Bottlenecks , 2016, WPES@CCS.

[34]  Micah Sherr,et al.  Scalable Link-Based Relay Selection for Anonymous Routing , 2009, Privacy Enhancing Technologies.

[35]  Joan Feigenbaum,et al.  Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection , 2015, NDSS.

[36]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[37]  Paul F. Syverson,et al.  Why I'm Not an Entropist , 2009, Security Protocols Workshop.