Shadow: Running Tor in a Box for Accurate and Efficient Experimentation

Abstract : Tor is a large and popular overlay network providing both anonymity to its users and a platform for anonymous communication research. New design proposals and attacks on the system are challenging to test in the live network because of deployment issues and the risk of invading users privacy, while alternative Tor experimentation techniques are limited in scale, are inaccurate, or create results that are difficult to reproduce or verify. We present the design and implementation of Shadow, an architecture for efficiently running accurate Tor experiments on a single machine. We validate Shadow s accuracy with a private Tor deployment on PlanetLab and a comparison to live network performance statistics. To demonstrate Shadow s powerful capabilities, we investigate circuit scheduling and find that the EWMA circuit scheduler reduces aggregate client performance under certain loads when deployed to the entire Tor network. Our software is open source and available for download.

[1]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[2]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[3]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[4]  K. Walsh,et al.  Scalability and accuracy in a large-scale network emulator , 2002, OPSR.

[5]  Kevin Jeffay,et al.  Tracking the evolution of Web traffic: 1995-2003 , 2003, 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003..

[6]  Roger Dingledine,et al.  On the Economics of Anonymity , 2003, Financial Cryptography.

[7]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[8]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[9]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[10]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[11]  Rui Guo,et al.  WiDS: An Integrated Toolkit for Distributed System Development , 2005, HotOS.

[12]  Cameron Kiddle,et al.  Scalable network emulation , 2004 .

[13]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[14]  Ian Wakeman,et al.  Towards Yet Another Peer-to-Peer Simulator , 2006 .

[15]  Dongho Kim,et al.  Design, Deployment, and Use of the DETER Testbed , 2007, DETER.

[16]  Ian Wakeman,et al.  The state of peer-to-peer simulators and simulations , 2007, CCRV.

[17]  Nicholas Hopper,et al.  How much anonymity does network latency leak? , 2007, TSEC.

[18]  S. Blott,et al.  Large scale simulation of Tor: modelling a global passive adversary , 2007 .

[19]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[20]  Stephen C. Graves,et al.  Little's Law , 2008 .

[21]  Noen Given UDP-OR: A Fair Onion Transport Design , 2008 .

[22]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.

[23]  Robert N. M. Watson,et al.  Metrics for Security and Performance in Low-Latency Anonymity Systems , 2008, Privacy Enhancing Technologies.

[24]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[25]  Ian Goldberg,et al.  Improving Tor using a TCP-over-DTLS Tunnel , 2009, USENIX Security Symposium.

[26]  Nicholas Hopper,et al.  On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design , 2009, WPES '09.

[27]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[28]  Nicholas Hopper,et al.  Recruiting new tor relays with BRAIDS , 2010, CCS '10.

[29]  Roger Dingledine,et al.  Building Incentives into Tor , 2010, Financial Cryptography.

[30]  Ian Goldberg,et al.  An improved algorithm for tor circuit scheduling , 2010, CCS '10.

[31]  Denis Foo Kune,et al.  The Distributed Virtual Network for High Fidelity , Large Scale Peer to Peer Network Simulation , 2010 .

[32]  George F. Riley,et al.  The ns-3 Network Simulator , 2010, Modeling and Tools for Network Simulation.

[33]  Angelos D. Keromytis,et al.  Traffic Analysis against Low-Latency Anonymity Networks Using Available Bandwidth Estimation , 2010, ESORICS.

[34]  Ian Goldberg,et al.  DefenestraTor: Throwing Out Windows in Tor , 2011, PETS.

[35]  Micah Sherr,et al.  ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation , 2011, CSET.

[36]  Jim Euchner Design , 2014, Catalysis from A to Z.