The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2011 vol.8)
pp: 728-741
Robin Snader , University of Illinois at Urbana-Champaign, Urbana
Nikita Borisov , University of Illinois at Urbana-Chamapign, Urbana
ABSTRACT
The Tor anonymous communication network uses self-reported bandwidth values to select routers for building tunnels. Since tunnels are allocated in proportion to this bandwidth, this allows a malicious router operator to attract tunnels for compromise. Although Tor limits the self-reported bandwidth, it uses a high maximum value, effectively choosing performance over high anonymity for all users. We propose a router selection algorithm that allows users to control the trade-off between performance and anonymity. We also propose an opportunistic bandwidth measurement algorithm to replace self-reported values that is more sensitive to load and more responsive to changing network conditions. Our mechanism effectively blends the traffic from users of different preferences, making partitioning attacks difficult. We implemented the opportunistic measurement and tunable performance extensions and examined their performance both through simulation and in the real Tor network. Our results show that users can get dramatic increases in either performance or anonymity with little to no sacrifice in the other metric, or a more modest improvement in both. Our mechanisms are also invulnerable to the previously published low-resource attacks on Tor.
INDEX TERMS
Anonymous communication, bandwidth estimation, path selection.
CITATION
Robin Snader, Nikita Borisov, "Improving Security and Performance in the Tor Network through Tunable Path Selection", IEEE Transactions on Dependable and Secure Computing, vol.8, no. 5, pp. 728-741, September/October 2011, doi:10.1109/TDSC.2010.40
REFERENCES
[1] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr, "Towards an Analysis of Onion Routing Security," Designing Privacy Enhancing Technologies: Proc. Int'l Workshop Design Issues in Anonymity and Unobservability, H. Federrath, ed., pp. 96-114, Jul. 2000.
[2] A. Back, I. Goldberg, and A. Shostack, "Freedom Systems 2.1 Security Issues and Analysis," Zero Knowledge Systems, Inc., White Paper, May. 2001.
[3] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proc. 13th USENIX Security Symp. (USENIX Security '04), Aug. 2004.
[4] "TorStatus - Tor Network Status," http:/torstatus.kgprog.com/, 2009.
[5] K. Loesing, "Measuring the Tor Network," https://git.torproject. org/checkout/metrics/ master/report/dirreqdirectory-requests-2009-06-25.pdf . 2009.
[6] D. Goodin, "Tor at Heart of Embassy Passwords Leak," The Register, Sept. 2007.
[7] G. Goodell, S. Bradner, and M. Roussopoulos, "Building a Coreless Internet Without Ripping Out the Core," Proc. Fourth Workshop Hot Topics in Networks, Nov. 2005.
[8] K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker, "Low-Resource Routing Attacks Against Anonymous Systems," Proc. ACM Workshop Privacy in the Electronic Soc. (WPES), Oct. 2007.
[9] R. Dingledine and N. Mathewson, "Anonymity Loves Company: Usability and the Network Effect," Security and Usability: Designing Secure Systems That People Can Use, O'Reilly Media, 2005.
[10] M. Wright, M. Adler, B.N. Levine, and C. Shields, "An Analysis of the Degradation of Anonymous Protocols," Proc. Network and Distributed System Security Symp., Feb. 2002.
[11] M. Wright, M. Adler, B.N. Levine, and C. Shields, "Defending Anonymous Communication Against Passive Logging Attacks," Proc. IEEE Symp. Security and Privacy, May 2003.
[12] D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker, "Shining Light in Dark Places: Understanding the Tor Network," Proc. Eighth Int'l Symp. Privacy Enhancing Technologies (PETS '08), Aug. 2009.
[13] R. Dingledine, "Exit Balancing Patch," http://archives.seul.org/or/dev/Jul-2007 msg00022.html, mailing list post to or-dev, 2007.
[14] A. Akella, S. Seshan, and A. Shaikh, "An Empirical Evaluation of Wide-Area Internet Bottlenecks," Proc. ACM SIGCOMM, 2003.
[15] K. Lakshminarayanan and V.N. Padmanabhan, "Some Findings on the Network Performance of Broadband Hosts," Proc. ACM SIGCOMM, 2003.
[16] J. Reardon and I. Goldberg, "Improving Tor Using a TCP-over-DTLS Tunnel," Proc. 18th USENIX Security Symp., Aug. 2009.
[17] P. Palfrader, "Echolot," http://www.palfrader.orgecholot/, Aug. 2009.
[18] R. Gao, C. Dovrolis, and E.W. Zegura, "Avoiding Oscillations Due to Intelligent Route Control Systems," Proc. IEEE INFOCOM, Apr. 2006.
[19] G. Danezis, R. Dingledine, and N. Mathewson, "Mixminion: Design of a Type III Anonymous Remailer Protocol," Proc. IEEE Symp. Security and Privacy, pp. 2-15, 2003.
[20] R. Dingledine Personal Corresponence, Nov. 2007.
[21] R. Snader and N. Borisov, "A Tune-Up for Tor: Improving Security, Performance and Anonymity in the Tor Network," Proc. 15th Ann. Network and Distributed System Security Symp. (NDSS '08), Feb. 2008.
[22] R. Snader and N. Borisov, "EigenSpeed: Secure Peer-to-Peer Bandwidth Evaluation," Proc. Eighth Int'l Workshop Peer-To-Peer Systems (IPTPS '09), Apr. 2009.
[23] M. Sherr, M. Blaze, and B.T. Loo, "Scalable Link-Based Relay Selection for Anonymous Routing," Proc. Ninth Int'l Symp. Privacy Enhancing Technologies (PETS '09), Aug. 2009.
[24] S.J. Murdoch and G. Danezis, "Low-Cost Traffic Analysis of Tor," Proc. IEEE Symp. Security and Privacy, May 2005.
[25] C. Gini, "Measurement of Inequality of Incomes," The Economic J., vol. 31, no. 121, pp. 124-126, 1921.
[26] M. Sherr, B.T. Loo, and M. Blaze, "Towards Application-Aware Anonymous Routing," Proc. Second USENIX Workshop Hot Topics in Security, Aug. 2007.
[27] J. Renner, "Implementation and Evaluation of Path Selection Algorithms for Performance-Improved Onion Routing," http://code.google.com/soc/2007/effappinfo.html?csaid= 6AFA998995C47478 , 2007.
[28] R. Wendolsky, D. Herrmann, and H. Federrath, "Performance Comparison of Low-Latency Anonymisation Services from a User Perspective," Proc. Seventh Int'l Symp. Privacy Enhancing Technologies, N. Borisov and P. Golle, eds., June 2007.
[29] A. Singh, T.-W. Ngan, P. Druschel, and D.S. Wallach, "Eclipse Attacks on Overlay Networks: Threats and Defenses," Proc. IEEE INFOCOM, Apr. 2006.
[30] S. Squires and M. Perry, "Torbutton-Quickly Toggle Firefox's Use of the Tor Network," https:/torbutton.torproject.org/, 2006.
[31] S. Romanosky, "FoxTor: Anonymous Web Browsing," http://cups.cs.cmu.edufoxtor/, 2006.
[32] L. Øverlier and P. Syverson, "Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services," Proc. Seventh Int'l Symp. Privacy Enhancing Technologies, N. Borisov and P. Golle, eds., June 2007.
[33] A. Kate, G. Zaverucha, and I. Goldberg, "Pairing-Based Onion Routing," Proc. Seventh Int'l Symp. Privacy Enhancing Technologies, N. Borisov and P. Golle, eds., June 2007.
[34] M. Rennhard and B. Plattner, "Introducing MorphMix: Peer-to-Peer Based Anonymous Internet Usage with Collusion Detection," Proc. ACM Workshop Privacy in the Electronic Soc. (WPES 2002), Nov. 2002.
[35] M.J. Freedman and R. Morris, "Tarzan: A Peer-to-Peer Anonymizing Network Layer," Proc. Nineth ACM Conf. Computer and Comm. Security, Nov. 2002.
[36] A. Nambiar and M. Wright, "Salsa: A Structured Approach to Large-scale Anonymity," Proc. 13th ACM Conf. Computer and Comm. Security, pp. 17-26, 2006.
[37] J. Douceur, "The Sybil Attack," Proc. First Int'l Workshop Peer-To-Peer Systems, Mar. 2002.
[38] P. Tabriz and N. Borisov, "Breaking the Collusion Detection Mechanism of MorphMix," Proc. Sixth Int'l Workshop Privacy Enhancing Technologies, June 2006.
[39] N. Borisov, G. Danezis, P. Mittal, and P. Tabriz, "Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity," Proc. 14th ACM Conf. Computer and Comm. Security, Oct. 2007.
[40] P. Mittal and N. Borisov, "ShadowWalker: Peer-to-peer Anonymous Communication using Redundant Structured Topologies," Proc. 16th ACM Conf. Computer and Comm. Security (CCS '09), Nov. 2009.
[41] S.J. Murdoch and R.N. Watson, "Metrics for Security and Performance in Low-Latency Anonymity Systems," Proc. Eighth Privacy Enhancing Technologies Symp. (PETS 2008), July 2008.
[42] Proc. Seventh Int'l Symp. Privacy Enhancing Technologies, N. Borisov and P. Golle, eds., June 2007.
21 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool