PeerFlow: Secure Load Balancing in Tor

Abstract We present PeerFlow, a system to securely load balance client traffic in Tor. Security in Tor requires that no adversary handle too much traffic. However, Tor relays are run by volunteers who cannot be trusted to report the relay bandwidths, which Tor clients use for load balancing. We show that existing methods to determine the bandwidths of Tor relays allow an adversary with little bandwidth to attack large amounts of client traffic. These methods include Tor’s current bandwidth-scanning system, TorFlow, and the peer-measurement system EigenSpeed. We present an improved design called PeerFlow that uses a peer-measurement process both to limit an adversary’s ability to increase his measured bandwidth and to improve accuracy. We show our system to be secure, fast, and efficient. We implement PeerFlow in Tor and demonstrate its speed and accuracy in large-scale network simulations.

[1]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[2]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[3]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[4]  Nikita Borisov,et al.  EigenSpeed: secure peer-to-peer bandwidth evaluation , 2009, IPTPS.

[5]  Ivan Damgård,et al.  A Length-Flexible Threshold Cryptosystem with Applications , 2003, ACISP.

[6]  Robin A. Snader,et al.  Path Selection for Performance- and Security-Improved Onion Routing , 2009 .

[7]  Micah Sherr,et al.  Never Been KIST: Tor's Congestion Management Blossoms with Kernel-Informed Socket Transport , 2014, USENIX Security Symposium.

[8]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[9]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[10]  Ghassan O. Karame,et al.  On the Security of Bottleneck Bandwidth Estimation Techniques , 2009, SecureComm.

[11]  Roger Dingledine,et al.  Methodically Modeling the Tor Network , 2012, CSET.

[12]  Alex Biryukov,et al.  Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Mike Perry,et al.  TorFlow: Tor Network Analysis , 2009 .

[14]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[15]  Nicholas Hopper,et al.  How much anonymity does network latency leak? , 2007, TSEC.

[16]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[17]  Karsten Loesing,et al.  Hidden-service statistics reported by relays , 2015 .

[18]  Tao Wang,et al.  Improved website fingerprinting on Tor , 2013, WPES.

[19]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[20]  Paul F. Syverson,et al.  LIRA: Lightweight Incentivized Routing for Anonymity , 2013, NDSS.

[21]  Gregor Schiele,et al.  Efficient bandwidth estimation for peer-to-peer systems , 2011, 2011 IEEE International Conference on Peer-to-Peer Computing.

[22]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[23]  Andrew Miller,et al.  From Onions to Shallots: Rewarding Tor Relays with TEARS , 2014 .

[24]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[25]  Nikita Borisov,et al.  Improving Security and Performance in the Tor Network through Tunable Path Selection , 2011, IEEE Transactions on Dependable and Secure Computing.

[26]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[27]  Tao Wang,et al.  Effective Attacks and Provable Defenses for Website Fingerprinting , 2014, USENIX Security Symposium.