On the Optimal Path Length for Tor

Choosing a path length for low latency anonymous networks that optimally balances security and performance is an open problem. Tor’s design decision to build paths with precisely three routers is thought to strike the correct balance. In this paper, we investigate this design decision by experimentally evaluating several of the key benefits and drawbacks of two-hop and three-hop paths. We find that (1) a threehop design is slightly more vulnerable to endpoint compromise than a two-hop design in the presence of attackers who employ simple denialof-service tactics; (2) two-hop paths trivially reveal entry guards to exit routers, but even with three-hop paths the exit can learn entry guards by deploying inexpensive middle-only routers; and (3) three-hop paths incur a performance penalty relative to two-hop paths. Looking forward, we identify and discuss a number of open issues related to path length.

[1]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[2]  Anton Stiglic,et al.  Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems , 2001, Information Hiding.

[3]  Peter Sewell,et al.  Passive Attack Analysis for Connection-Based Anonymity Systems , 2003, ESORICS.

[4]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[5]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[6]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[7]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[9]  Stefan Köpsell,et al.  Low Latency Anonymous Communication - How Long Are Users Willing to Wait? , 2006, ETRICS.

[10]  Nick Mathewson,et al.  Anonymity Loves Company: Usability and the Network Effect , 2006, WEIS.

[11]  Steven J. Murdoch,et al.  Sampled Traffic Analysis by Internet-Exchange-Level Adversaries , 2007, Privacy Enhancing Technologies.

[12]  Eric C. Price,et al.  Browser-Based Attacks on Tor , 2007, Privacy Enhancing Technologies.

[13]  Hannes Federrath,et al.  Performance Comparison of Low-Latency Anonymisation Services from a User Perspective , 2007, Privacy Enhancing Technologies.

[14]  Dirk Grunwald,et al.  Shining Light in Dark Places: A Study of Anonymous Network Usage ; CU-CS-1032-07 , 2007 .

[15]  G. Danezis,et al.  Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity , 2007 .

[16]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[17]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.

[18]  Robert N. M. Watson,et al.  Metrics for Security and Performance in Low-Latency Anonymity Systems , 2008, Privacy Enhancing Technologies.

[19]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[20]  Nikita Borisov,et al.  EigenSpeed: secure peer-to-peer bandwidth evaluation , 2009, IPTPS.

[21]  Nicholas Hopper,et al.  Hashing it out in public: common failure modes of DHT-based anonymity schemes , 2009, WPES '09.

[22]  Nikita Borisov,et al.  RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows , 2009, NDSS.

[23]  Danny Krizanc,et al.  Detecting Denial of Service Attacks in Tor , 2009, Financial Cryptography.

[24]  Ian Goldberg,et al.  Improving Tor using a TCP-over-DTLS Tunnel , 2009, USENIX Security Symposium.

[25]  Weijia Jia,et al.  A new cell counter based attack against tor , 2009, CCS.

[26]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.

[27]  Micah Sherr,et al.  Scalable Link-Based Relay Selection for Anonymous Routing , 2009, Privacy Enhancing Technologies.

[28]  Roger Dingledine,et al.  A Case Study on Measuring Statistical Data in the Tor Anonymity Network , 2010, Financial Cryptography Workshops.