1. bookVolume 2017 (2017): Issue 2 (April 2017)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

PeerFlow: Secure Load Balancing in Tor

Published Online: 04 Apr 2017
Page range: 74 - 94
Received: 31 Aug 2016
Accepted: 01 Dec 2016
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English

We present PeerFlow, a system to securely load balance client traffic in Tor. Security in Tor requires that no adversary handle too much traffic. However, Tor relays are run by volunteers who cannot be trusted to report the relay bandwidths, which Tor clients use for load balancing. We show that existing methods to determine the bandwidths of Tor relays allow an adversary with little bandwidth to attack large amounts of client traffic. These methods include Tor’s current bandwidth-scanning system, TorFlow, and the peer-measurement system EigenSpeed. We present an improved design called PeerFlow that uses a peer-measurement process both to limit an adversary’s ability to increase his measured bandwidth and to improve accuracy. We show our system to be secure, fast, and efficient. We implement PeerFlow in Tor and demonstrate its speed and accuracy in large-scale network simulations.

Keywords

[1] https://metrics.torproject.org/.Search in Google Scholar

[2] Collector. https://collector.torproject.org/.Search in Google Scholar

[3] Shadow simulator. https://shadow.github.io.Search in Google Scholar

[4] Tor directory protocol, version 3. https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=dir-spec.txt.Search in Google Scholar

[5] Bandwidth scanner spec. https://gitweb.torproject.org/torflow.git/blob_plain/HEAD:/NetworkScanners/BwAuthority/README.spec.txt.Search in Google Scholar

[6] Olivier Baudron, Pierre-Alain Fouque, David Pointcheval, Jacques Stern, and Guillaume Poupard. Practical multicandidate election system. In Ajay D. Kshemkalyani and Nir Shavit, editors, Proceedings of the Twentieth Annual ACM Symposium on Principles of Distributed Computing, PODC 2001, Newport, Rhode Island, USA, August 26-29, 2001, pages 274–283. ACM, 2001.Search in Google Scholar

[7] Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. Low-resource routing attacks against Tor. In ACM WPES, 2007.Search in Google Scholar

[8] Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. Trawling for Tor hidden services: Detection, measurement, deanonymization. In IEEE S&P, 2013.Search in Google Scholar

[9] Ronald Cramer, Ivan Damgård, and Berry Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Yvo Desmedt, editor, Advances in Cryptology - CRYPTO ’94, 14th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21-25, 1994, Proceedings, volume 839 of Lecture Notes in Computer Science, pages 174–187. Springer, 1994.Search in Google Scholar

[10] Ivan Damgård and Mads Jurik. A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In Kwangjo Kim, editor, Public Key Cryptography, 4th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2001, Cheju Island, Korea, February 13-15, 2001, Proceedings, volume 1992 of Lecture Notes in Computer Science, pages 119–136. Springer, 2001.Search in Google Scholar

[11] Ivan Damgård and Mads Jurik. A length-flexible threshold cryptosystem with applications. In Reihaneh Safavi-Naini and Jennifer Seberry, editors, Information Security and Privacy, 8th Australasian Conference, ACISP 2003, Wollongong, Australia, July 9-11, 2003, Proceedings, volume 2727 of Lecture Notes in Computer Science, pages 350–364. Springer, 2003.Search in Google Scholar

[12] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In USENIX Security, 2004.Search in Google Scholar

[13] Cynthia Dwork. Differential privacy. In International Colloquium on Automata, Languages and Programming, 2006.Search in Google Scholar

[14] Nathan Evans, Roger Dingledine, and Christian Grothoff. A practical congestion attack on Tor using long paths. In USENIX Security, 2009.Search in Google Scholar

[15] Pierre-Alain Fouque, Guillaume Poupard, and Jacques Stern. Sharing decryption in the context of voting or lotteries. In Yair Frankel, editor, Financial Cryptography, 4th International Conference, FC 2000 Anguilla, British West Indies, February 20-24, 2000, Proceedings, volume 1962 of Lecture Notes in Computer Science, pages 90–104. Springer, 2000.Search in Google Scholar

[16] David Goulet, Aaron Johnson, George Kadianakis, and Karsten Loesing. Hidden-service statistics reported by relays. Technical Report 2015-04-001, The Tor Project, Inc., April 2015.Search in Google Scholar

[17] Andreas Haeberlen, Petr Kouznetsov, and Peter Druschel. Peerreview: Practical accountability for distributed systems. In SOSP, 2007.Search in Google Scholar

[18] Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. How much anonymity does network latency leak? TISSEC, 13(2), February 2010.Search in Google Scholar

[19] Rob Jansen, Kevin Bauer, Nicholas Hopper, and Roger Dingledine. Methodically modeling the Tor network. In CSET, 2012.Search in Google Scholar

[20] Rob Jansen, John Geddes, Chris Wacek, Micah Sherr, and Paul Syverson. Never been KIST: Tor’s congestion management blossoms with kernel-informed socket transport. In USENIX Security, 2014.Search in Google Scholar

[21] Rob Jansen and Nicholas Hopper. Shadow: Running Tor in a box for accurate and efficient experimentation. In NDSS, 2012.Search in Google Scholar

[22] Rob Jansen, Aaron Johnson, and Paul Syverson. LIRA: Lightweight incentivized routing for anonymity. In NDSS, 2013.Search in Google Scholar

[23] Rob Jansen, Andrew Miller, Paul Syverson, and Bryan Ford. From onions to shallots: Rewarding Tor relays with TEARS. In HotPETs, 2014.Search in Google Scholar

[24] Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. Users get routed: Traffic correlation on Tor by realistic adversaries. In ACM CCS, 2013.Search in Google Scholar

[25] Ghassan Karame, David Gubler, and Srdjan Capkun. On the security of bottleneck bandwidth estimation techniques. In SecureComm. 2009.Search in Google Scholar

[26] Mike Perry. TorFlow: Tor network analysis. In HotPETs, 2009.Search in Google Scholar

[27] Robin Snader. Path Selection for Performance- and Security-Improved Onion Routing. PhD thesis, U. of I. at Urbana-Champaign, 2009.Search in Google Scholar

[28] Robin Snader and Nikita Borisov. Eigenspeed: Secure peer-to-peer bandwidth evaluation. In IPTPS, 2009.Search in Google Scholar

[29] Robin Snader and Nikita Borisov. Improving security and performance in the Tor network through tunable path selection. TDSC, 8(5):728–741, September 2011.Search in Google Scholar

[30] R. Suselbeck, G. Schiele, P. Komarnicki, and C. Becker. Efficient bandwidth estimation for peer-to-peer systems. In IEEE P2P, 2011.Search in Google Scholar

[31] Fabrice Thill. Hidden Service Tracking Detection and Bandwidth Cheating in Tor Anonymity Network. PhD thesis, Univ. Luxembourg, 2014.Search in Google Scholar

[32] Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. Effective attacks and provable defenses for website fingerprinting. In USENIX Security, 2014.Search in Google Scholar

[33] Tao Wang and Ian Goldberg. Improved website fingerprinting on Tor. In ACM WPES, 2013.Search in Google Scholar

[34] Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields. The predecessor attack: An analysis of a threat to anonymous communications systems. TISSEC, 4(7):489–522, November 2004.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo