This Article 
 Bibliographic References 
 Add to: 
TCP Performance in Flow-Based Mix Networks: Modeling and Analysis
May 2009 (vol. 20 no. 5)
pp. 695-709
Xinwen Fu, University of Massachusetts, Lowell
Wei Yu, Texas A&M University, College Station
Shu Jiang, Texas A&M University, College Station
Steve Graham, Dakota State University, Madison
Yong Guan, Iowa State University, Ames
Anonymity technologies such as mix networks have gained increasing attention as a way to provide communication privacy. Mix networks were developed for message-based applications such as e-mail, but researchers have adapted mix techniques to low-latency flow-based applications such as anonymous Web browsing. Although a significant effort has been directed at discovering attacks against anonymity networks and developing countermeasures to those attacks, there is little systematic analysis of the quality of service (QoS) for such security and privacy systems. In this paper, we systematically address TCP performance issues of flow-based mix networks. A mix's batching and reordering schemes can dramatically reduce TCP throughput due to out-of-order packet delivery. We developed a theoretical model to analyze such impact and present formulas for approximate TCP throughput in mix networks. To improve TCP performance, we examined the approach of increasing TCP's duplicate threshold parameter and derived formulas for the performance gains. Our proposed approaches will not degrade the system anonymity degree since they do not change the underlying anonymity mechanism. Our data matched our theoretical analysis well. Our developed theoretical model can guide the deployment of batching and reordering schemes in flow-based mix networks and can also be used to investigate a broad range of reordering schemes.

[1] X. Fu, B. Graham, D. Xuan, R. Bettati, and W. Zhao, “Empirical and Theoretical Evaluation of Active Probing Attacks and Their Countermeasures,” Proc. Sixth Int'l Workshop Information Hiding (IH '04), May 2004.
[2] D.X. Song, D. Wagner, and X. Tian, “Timing Analysis of Keystrokes and Timing Attacks on SSH,” Proc. 10th Usenix Security Symp. (SECURITY '01), Aug. 2001.
[3] Q. Sun, D.R. Simon, Y. Wang, W. Russell, V.N. Padmanabhan, and L. Qiu, “Statistical Identification of Encrypted Web Browsing Traffic,” Proc. IEEE Symp. Security and Privacy (S&P '02), May 2002.
[4] D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” Comm. ACM, vol. 4, no. 2, Feb. 1981.
[5] G. Danezis, R. Dingledine, and N. Mathewson, “Mixminion: Design of a Type III Anonymous Remailer Protocol,” Proc. IEEE Symp. Security and Privacy (S&P '03), May 2003.
[6] A. Serjantov and G. Danezis, “Towards an Information Theoretic Metric for Anonymity,” Proc. Privacy Enhancing Technologies Workshop (PET '02), R. Dingledine and P. Syverson, eds., Apr. 2002.
[7] Y. Guan, X. Fu, R. Bettati, and W. Zhao, “A Quantitative Analysis of Anonymous Communications,” Proc. 22nd Int'l Conf. Distributed Computing Systems (ICDCS '02), July 2002.
[8] A. Serjantov, R. Dingledine, and P. Syverson, “From a Trickle to a Flood: Active Attacks on Several Mix Types,” Proc. Fifth Int'l Workshop Information Hiding (IH '02), Feb. 2002.
[9] X. Wang, S. Chen, and S. Jajodia, “Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet,” Proc. 12th ACM Conf. Computer and Comm. Security (CCS '05), Nov. 2005.
[10] P. Peng, P. Ning, and D.S. Reeves, “On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques,” Proc. IEEE Security and Privacy Symp. (S&P '06), May 2006.
[11] Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao, “On Flow Correlation Attacks and Countermeasures in Mix Networks,” Proc. Workshop Privacy Enhancing Technologies (PET '04), May 2004.
[12] X. Fu, Y. Zhu, B. Graham, R. Bettati, and W. Zhao, “On Flow Marking Attacks in Wireless Anonymous Communication Networks,” Proc. 25th Int'l Conf. Distributed Computing Systems (ICDCS '05), Apr. 2005.
[13] W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, “DSSS-Based Flow Marking Technique for Invisible Traceback,” Proc. IEEE Symp. Security and Privacy (S&P '07), May 2007.
[14] G. Danezis, “The Traffic Analysis of Continuous-Time Mixes,” Proc. Workshop Privacy Enhancing Technologies (PET '04), May 2004.
[15] R. Dingledine, N. Mathewson, and P. Syverson, “TOR: The Second-Generation Onion Router,” Proc. 13th Usenix Security Symp. (SECURITY '04), Aug. 2004.
[16] M. Zhang, B. Karp, S. Floyd, and L. Peterson, “RR-TCP: A Reordering-Robust TCP with DSACK,” Proc. 11th IEEE Int'l Conf. Network Protocols (ICNP '03), Nov. 2003.
[17] N.M. Piratla, A.P. Jayasumana, and A.A. Bare, “Reorder Density (RD): A Formal, Comprehensive Metric for Packet Reordering,” Proc. 30th Local Computer Network Conf. (LCN '05), Nov. 2005.
[18] J. Bellardo and S. Savage, “Measuring Packet Reordering,” Proc. Second ACM SIGCOMM Workshop Internet Measurment (IMW '02), Nov. 2002.
[19] M. Wright, M. Adler, B.N. Levine, and C. Shields, “An Analysis of the Degradation of Anonymous Protocols,” Proc. Network and Distributed Security Symp. (NDSS '02), Feb. 2002.
[20] M. Wright, M. Adler, B.N. Levine, and C. Shields, “Defending Anonymous Communication against Passive Logging Attacks,” Proc. IEEE Symp. Security and Privacy (S&P '03), May 2003.
[21] B.N. Levine, M.K. Reiter, C. Wang, and M. Wright, “Timing Attacks in Low-Latency Mix-Based Systems,” Proc. Eighth Int'l Conf. Financial Cryptography (FC '04), Feb. 2004.
[22] S.J. Murdoch and G. Danezis, “Low-Cost Traffic Analysis of Tor,” Proc. IEEE Symp. Security and Privacy (S&P '05), May 2005.
[23] W.R. Stevens, TCP/IP Illustrated, Volume 1 The Protocols. Addison-Wesley Professional, 1999.
[24] J. Padhye, V. Firoiu, D. Towsley, and J. Krusoe, “Modeling TCP Throughput: A Simple Model and Its Empirical Validation,” Proc. ACM SIGCOMM '98, Sept. 1998.
[25] S. Floyd and K. Fall, “Promoting the Use of End-to-End Congestion Control in the Internet,” IEEE/ACM Trans. Networking, vol. 7, no. 4, pp. 458-472, 1999.
[26] V. Paxson, “End-to-End Internet Packet Dynamics,” IEEE/ACM Trans. Networking, vol. 7, no. 3, pp. 277-292, 1999.
[27] D. Blumenfeld, Operations Research Calculations Handbook. CRC, 2001.
[28] V. Jacobson, “Congestion Avoidance and Control,” Proc. ACM SIGCOMM, 1988.
[29] P. Karn and C. Partridge, “Improving Round-Trip Time Estimates in Reliable Transport Protocols,” Proc. ACM SIGCOMM '87, Sept. 1987.
[30] C. Parsa and J.J. Garcia-Luna-Aceves, “Improving TCP Congestion Control over Internets with Heterogeneous Transmission Media,” Proc. Seventh Ann. Int'l Conf. Network Protocols (ICNP '99), Oct. 1999.
[31] S. Jaiswal, G. Iannaccone, C. Diot, J. Kurose, and D. Towsley, “Inferring TCP Connection Characteristics through Passive Measurements,” Proc. IEEE INFOCOM '94, June 1994.
[32] K. Fall and S. Floyd, “Simulation-Based Comparisons of Tahoe, Reno and SACK TCP,” ACM Computer Comm. Rev., vol. 26, no. 3, pp. 5-21, July 1996.
[33] Y. Xia and D. Tse, “An Analysis on Packet Resequencing for Reliable Network Protocols,” Proc. IEEE INFOCOM '03, Mar./Apr. 2003.
[34] D. McCoy, K. Bauer, D. Grunwald, P. Tabriz, and D. Sicker, “Shining Light in Dark Places: A Study of Anonymous Network Usage,” technical report, Univ. of Colorado, Boulder, Aug. 2007.
[35] VINT Project, The Network Simulator—NS-2,, 2008.
[36] A.M. Zoubir and D.R. Iskander, Bootstrap Toolbox, , 2006.
[37] J. Helsingius, Press Release: Johan Helsingius Closes His Internet Remailer, http://www.penet.fipress-english.html, 1996.
[38] S. Parekh, Prospects for Remailers—Where Is Anonymity Heading on the Internet, /, 1996.
[39] C. Gülcü and G. Tsudik, “Mixing E-mail with Babel,” Proc. Network and Distributed Security Symp. (NDSS '66), Feb. 1996.
[40] U. Möller and L. Cottrell, Mixmaster Protocol—Version 2, draft-moeller-mixmaster2-protocol-00.txt , Jan. 2000.
[41] P.F. Syverson, D.M. Goldschlag, and M.G. Reed, “Anonymous Connections and Onion Routing,” Proc. IEEE Symp. Security and Privacy (S&P '97), May 1997.
[42] P. Boucher, A. Shostack, and I. Goldberg, Freedom Systems 2.0 Architecture. Zero Knowledge Systems, Inc., Dec. 2000.
[43] M. Reiter and A. Rubin, “Crowds: Anonymity for Web Transactions,” ACM Trans. Information and System Security, vol. 1, no. 1, 1998.
[44] M.J. Freedman and R. Morris, “Tarzan: A Peer-to-Peer Anonymizing Network Layer,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), Nov. 2002.
[45] J. Kong and X. Hong, “ANODR: Anonymous on Demand Routing with Untraceable Routes for Mobile Ad-Hoc Networks,” Proc. ACM MobiHoc '03, June 2003.
[46] M. Rennhard, S. Rafaeli, L. Mathy, B. Plattnet, and D. Hutchison, “Analysis of an Anonymity Network for Web Browsing,” Proc. IEEE the 11th Int'l Workshop Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE '02), Sept. 2002.
[47] M. Allman, V. Paxson, and W. Stevens, TCP Congestion Control, RFC 2581, 1999.
[48] R. Ludwig and R. Katz, “The Eifel Algorithm: Making TCP Robust against Spurious Retransmission,” ACM Computer Comm. Rev., vol. 30, no. 1, pp. 30-36, 2000.
[49] S. Bohacek, J.P. Hespanha, J. Lee, C. Lim, and K. Obraczka, “TCP-PR TCP for Persistent Packet Reordering,” Proc. 23rd Int'l Conf. Distributed Computing Systems (ICDCS '03), May 2003.
[50] S. Bhandarkar, A.L.N. Reddy, M. Allan, and E. Blanton, Improving the Robustness of TCP to Non-Congestion Events, RFC 4653, 2006.
[51] F. Wang and Y. Zhang, “Improving TCP Performance over Mobile Ad-Hoc Networks with Out-of-Order Detection and Response,” Proc. ACM MobiHoc '02, June 2002.

Index Terms:
Anonymity, mix networks, TCP, congestion control, modeling and analysis.
Xinwen Fu, Wei Yu, Shu Jiang, Steve Graham, Yong Guan, "TCP Performance in Flow-Based Mix Networks: Modeling and Analysis," IEEE Transactions on Parallel and Distributed Systems, vol. 20, no. 5, pp. 695-709, May 2009, doi:10.1109/TPDS.2008.135
Usage of this product signifies your acceptance of the Terms of Use.