Security and Performance Implications of BGP Rerouting-Resistant Guard Selection Algorithms for Tor

Mitseva, Asya; Aleksandrova, Marharyta; Engel, Thomas; Panchenko, Andriy

doi:10.1007/978-3-030-58201-2_15

Cited by 3 publications

(7 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security is another important consideration-incremental deployment inherently creates differences between Tor clients or relays that have adopted a modification and those who have not. This has been an issue for client side proposals as anonymity in Tor relies on all clients behaving uniformly [12,14,36,60,61,74,85].…”

Section: Integration With Tormentioning

confidence: 99%

“…There is additionally a large body of work that alters path selection in Tor for purposes of security [13,15,30,40,48,64,73,82,89]. While important, these works are orthogonal to ShorTor and often result in substantially degraded performance [61,74] without clear security advantages over Tor's current protocol [36,85,86].…”

Section: Related Workmentioning

confidence: 99%

“…Unfortunately, preferentially choosing circuits in this way also selects relays that are correlated with the identity of the user or their destination [12,14,60]. Many attacks show how this can be exploited to deanonymize Tor users, allowing a passive observer to identify information about user locations [12,14,36,60,61,74,85,86].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

ShorTor: Improving Tor Network Latency via Multi-hop Overlay Routing

Hogan¹,

Servan-Schreiber²,

Newman³

et al. 2022

Preprint

View full text Add to dashboard Cite

We present ShorTor, a protocol for reducing latency on the Tor network. ShorTor uses multi-hop overlay routing, a technique typically employed by content delivery networks, to influence the route Tor traffic takes across the internet. In this way, ShorTor avoids slow paths and improves the experience for end users by reducing the latency of their connections while imposing minimal bandwidth overhead.ShorTor functions as an overlay on top of onion routing-Tor's existing routing protocol-and is run by Tor relays, making it independent of the path selection performed by Tor clients. As such, ShorTor reduces latency while preserving Tor's existing security properties. Specifically, the routes taken in ShorTor are in no way correlated to either the Tor user or their destination, including the geographic location of either party. We analyze the security of ShorTor using the AnoA framework, showing that ShorTor maintains all of Tor's anonymity guarantees. We augment our theoretical claims with an empirical analysis.To evaluate ShorTor's performance, we collect a real-world dataset of over 400,000 latency measurements between the 1,000 most popular Tor relays, which collectively see the vast majority of Tor traffic. With this data, we identify pairs of relays that could benefit from ShorTor: that is, two relays where introducing an additional intermediate network hop results in lower latency than the direct route between them. We use our measurement dataset to simulate the impact on end users by applying ShorTor to two million Tor circuits chosen according to Tor's specification.ShorTor reduces the latency for the 99 th percentile of relay pairs in Tor by 148 ms. Similarly, ShorTor reduces the latency of Tor circuits by 122 ms at the 99 th percentile. In practice, this translates to ShorTor truncating tail latencies for Tor which has a direct impact on page load times and, consequently, user experience on the Tor browser.

show abstract

Section: Integration With Tormentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

ShorTor: Improving Tor Network Latency via Multi-hop Overlay Routing

Hogan¹,

Servan-Schreiber²,

Newman³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…The Tor experimentation tools and models described above have assisted researchers in exploring how changes to Tor's path selection [5,7,13,24,28,41,46,52,58,60,61,73,75], load balancing [22,27,31,34,40,53], traffic admission control [2,16,21,23,33,35,37,42,47,74], congestion control [4,20], and denial of service mechanisms [12,26,36,39,59] affect Tor performance and security [3]. The standard practice that has emerged from this work is to sample a single scaled-down Tor network model and use it to run experiments with standard Tor and each of a set of chosen configurations of the proposed performance-enhancing mechanism.…”

Section: Tor Performance Studiesmentioning

confidence: 99%

“…Researchers have contributed numerous proposals for improving Tor performance in order to support continued growth in the network, including those that attempt to improve Tor's path selection [5,7,13,24,28,41,46,52,58,60,61,73,75], load balancing [22,27,31,34,40,53], traffic admission control [2,16,21,23,33,35,37,42,47,74], and congestion control mechanisms [4,20]. The standard practice when proposing a new mechanism for Tor is to run a single experiment with each recommended configuration of the mechanism and a single experiment with standard Tor.…”

Section: Introductionmentioning

confidence: 99%

Once is Never Enough: Foundations for Sound Statistical Inference in Tor Network Experimentation

Jansen,

Tracey,

Goldberg

2021

Preprint

View full text Add to dashboard Cite

Tor is a popular low-latency anonymous communication system that focuses on usability and performance: a faster network will attract more users, which in turn will improve the anonymity of everyone using the system. The standard practice for previous research attempting to enhance Tor performance is to draw conclusions from the observed results of a single simulation for standard Tor and for each research variant. But because the simulations are run in sampled Tor networks, it is possible that sampling error alone could cause the observed effects. Therefore, we call into question the practical meaning of any conclusions that are drawn without considering the statistical significance of the reported results.In this paper, we build foundations upon which we improve the Tor experimental method. First, we present a new Tor network modeling methodology that produces more representative Tor networks as well as new and improved experimentation tools that run Tor simulations faster and at a larger scale than was previously possible. We showcase these contributions by running simulations with 6,489 relays and 792k simultaneously active users, the largest known Tor network simulations and the first at a network scale of 100%. Second, we present new statistical methodologies through which we: (i) show that running multiple simulations in independently sampled networks is necessary in order to produce informative results; and (ii) show how to use the results from multiple simulations to conduct sound statistical inference. We present a case study using 420 simulations to demonstrate how to apply our methodologies to a concrete set of Tor experiments and how to analyze the results.

show abstract