Abstract
Tor’s growing popularity and user diversity has resulted in network performance problems that are not well understood, though performance is understood to be a significant factor in Tor’s security. A large body of work has attempted to solve performance problems without a complete understanding of where congestion occurs in Tor. In this article, we first study congestion in Tor at individual relays as well as along the entire end-to-end Tor path and find that congestion occurs almost exclusively in egress kernel socket buffers. We then analyze Tor’s socket interactions and discover two major contributors to Tor’s congestion: Tor writes sockets sequentially, and Tor writes as much as possible to each socket. To improve Tor’s performance, we design, implement, and test KIST: a new socket management algorithm that uses real-time kernel information to dynamically compute the amount to write to each socket while considering all circuits of all writable sockets when scheduling cells. We find that, in the medians, KIST reduces circuit congestion by more than 30%, reduces network latency by 18%, and increases network throughput by nearly 10%. We also find that client and relay performance with KIST improves as more relays deploy it and as network load and packet loss rates increase. We analyze the security of KIST and find an acceptable performance and security tradeoff, as it does not significantly affect the outcome of well-known latency, throughput, and traffic correlation attacks. KIST has been merged and configured as the default socket scheduling algorithm in Tor version 0.3.2.1-alpha (released September 18, 2017) and became stable in Tor version 0.3.2.9 (released January 9, 2018). While our focus is Tor, our techniques and observations should help analyze and improve overlay and application performance, both for security applications and in general.
- Alessandro Acquisti, Roger Dingledine, and Paul Syverson. 2003. On the economics of anonymity. In Financial Cryptography and Data Security (FC).Google Scholar
- Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha. 2012. LASTor: A low-latency AS-aware Tor client. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland). Google Scholar
Digital Library
- M. Allman, V. Paxson, and E. Blanton. 2009. TCP Congestion Control. RFC 5681 (Draft Standard). (Sept. 2009). http://www.ietf.org/rfc/rfc5681.txt. Google Scholar
Digital Library
- Mashael Alsabah, Kevin Bauer, Tariq Elahi, and Ian Goldberg. 2013. The path less travelled: Overcoming Tor’s bottlenecks with traffic splitting. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS).Google Scholar
Cross Ref
- Mashael AlSabah, Kevin Bauer, and Ian Goldberg. 2012. Enhancing Tor’s performance using real-time traffic classification. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Mashael AlSabah, Kevin Bauer, Ian Goldberg, Dirk Grunwald, Damon McCoy, Stefan Savage, and Geoffrey Voelker. 2011. DefenestraTor: Throwing out Windows in Tor. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS). Google Scholar
Digital Library
- Mashael AlSabah and Ian Goldberg. 2013. PCTCP: Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Simurgh Aryan, Homa Aryan, and J. Alex Halderman. 2013. Internet censorship in Iran: A first look. In Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI).Google Scholar
- Adam Back, Ulf Möller, and Anton Stiglic. 2001. Traffic analysis attacks and trade-offs in anonymity providing systems. In Proceedings of the Workshop on Information Hiding (IH). Google Scholar
Digital Library
- Maurizio Casoni, Carlo Augusto Grazia, Martin Klapez, and Natale Patriciello. 2015. Implementation and validation of TCP options and congestion control algorithms for Ns-3. In Proceedings of the Workshop on Ns-3 (WNS3). Google Scholar
Digital Library
- A. Chaabane, P. Manils, and M. A. Kaafar. 2010. Digging into anonymous traffic: A deep analysis of the tor anonymizing network. In Proceedings of the IEEE Conference on Network and System Security (NSS). Google Scholar
Digital Library
- Eric Chan-Tin, Jiyoung Shin, and Jiangmin Yu. 2013. Revisiting circuit clogging attacks on Tor. In Proceedings of the IEEE Conference on Availability, Reliability and Security (ARES). Google Scholar
Digital Library
- Roger Dingledine and Nick Mathewson. 2006. Anonymity loves company: Usability and the network effect. In Proceedings of the Workshop on the Economics of Information Security (WEIS).Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. In Proceedings of the USENIX Security Symposium (USENIX). Google Scholar
Digital Library
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2007. Deploying low-latency anonymity: Design challenges and social factors. IEEE Security 8 Privacy 5, 5 (Sept./Oct. 2007). Google Scholar
Digital Library
- Roger Dingledine and Steven J. Murdoch. 2009. Performance Improvements on Tor or, Why Tor is Slow and What We’re Going to Do About It. Technical Report 2009-11-001. The Tor Project.Google Scholar
- Nathan S. Evans, Roger Dingledine, and Christian Grothoff. 2009. A practical congestion attack on Tor using long paths. In Proceedings of the USENIX Security Symposium (USENIX). Google Scholar
Digital Library
- Paul Francis, Sugih Jamin, Cheng Jin, Yixin Jin, Danny Raz, Yuval Shavitt, and Lixia Zhang. 2001. IDMaps: A global internet host distance estimation service. IEEE/ACM Transactions on Networking 9, 5 (2001), 525--540. Google Scholar
Digital Library
- Lixin Gao. 2001. On inferring autonomous system relationships in the internet. IEEE/ACM Transactions on Networking (ToN) 9, 6 (2001), 733--745. Google Scholar
Digital Library
- John Geddes, Rob Jansen, and Nicholas Hopper. 2013. How low can you go: Balancing performance with anonymity in Tor. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS).Google Scholar
Cross Ref
- John Geddes, Rob Jansen, and Nicholas Hopper. 2014. IMUX: Managing tor connections from two to infinity, and beyond. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES). Google Scholar
Digital Library
- Mainak Ghosh, Miles Richardson, Bryan Ford, and Rob Jansen. 2014. A TorPath to TorCoin: Proof-of-bandwidth altcoins for compensating relays. In Proceedings of theWorkshop on Hot Topics in Privacy Enhancing Technologies (HotPETs).Google Scholar
- Deepika Gopal and Nadia Heninger. 2012. Torchestra: Reducing interactive traffic delays over Tor. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES). Google Scholar
Digital Library
- Sangtae Ha, Injong Rhee, and Lisong Xu. 2008. CUBIC: A new TCP-friendly high-speed TCP variant. ACM SIGOPS Operating Systems Review 42, 5 (2008), 64--74. Google Scholar
Digital Library
- Sebastian Hahn and Karsten Loesing. 2010. Privacy-preserving Ways to Estimate the Number of Tor Users. Technical Report 2010-11-001. Tor Project.Google Scholar
- Nicholas Hopper. 2013. Protecting Tor from Botnet Abuse in the Long Term. Technical Report 2013-11-001. The Tor Project.Google Scholar
- Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. 2007. How much anonymity does network latency leak? In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Expanded and revised version in {28}. Google Scholar
Digital Library
- Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. 2010. How much anonymity does network latency leak? ACM Transactions on Information and System Security (TISSEC) 13, 2 (Feb. 2010), 13--28. Google Scholar
Digital Library
- Mohsen Imani, Armon Barton, and Matthew Wright. 2017. Forming guard sets using AS relationships. Proceedings on Privacy Enhancing Technologies (PoPETs) 2017, 3 (2017).Google Scholar
- Raj Jain and Shawn Routhier. 1986. Packet trains--measurements and a new model for computer network traffic. IEEE Selected Areas in Communications 4, 6 (1986), 986--995. Google Scholar
Digital Library
- Rob Jansen, Kevin Bauer, Nicholas Hopper, and Roger Dingledine. 2012. Methodically modeling the Tor network. In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET). Google Scholar
Digital Library
- Rob Jansen and Nicholas Hopper. 2012. Shadow: Running Tor in a box for accurate and efficient experimentation. In Proceedings of the USENIX Security Symposium (USENIX).Google Scholar
- Rob Jansen, Nicholas Hopper, and Yongdae Kim. 2010. Recruiting new Tor relays with BRAIDS. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Rob Jansen and Aaron Johnson. 2016. Safely measuring Tor. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Rob Jansen, Aaron Johnson, and Paul Syverson. 2013. LIRA: Lightweight incentivized routing for anonymity. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
- Rob Jansen, Marc Juarez, Rafael Galvez, Tariq Elahi, and Claudia Diaz. 2018. Inside job: Applying traffic analysis to measure Tor from within. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
Cross Ref
- Rob Jansen, Andrew Miller, Paul Syverson, and Bryan Ford. 2014. From onions to shallots: Rewarding Tor relays with TEARS. In Proceedings of the Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs).Google Scholar
- Rob Jansen, Paul Syverson, and Nicholas Hopper. 2012. Throttling Tor bandwidth parasites. In Proceedings of the USENIX Security Symposium (USENIX). Google Scholar
Digital Library
- Aaron Johnson, Rob Jansen, Nicholas Hopper, Aaron Segal, and Paul Syverson. 2017. PeerFlow: Secure load balancing in Tor. Proceedings on Privacy Enhancing Technologies (PoPETs) 2017, 2 (2017).Google Scholar
Cross Ref
- Aaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum, and Paul Syverson. 2017. Avoiding the man on the wire: Improving Tor’s security with trust-aware path selection. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
Cross Ref
- Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. 2013. Users get routed: Traffic correlation on Tor by realistic adversaries. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Zhen Ling, Junzhou Luo, Wei Yu, Xinwen Fu, Dong Xuan, and Weijia Jia. 2009. A new cell counter based attack against Tor. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). 578--589. Google Scholar
Digital Library
- Zhuotao Liu, Yushan Liu, Philipp Winter, Prateek Mittal, and Yih-Chun Hu. 2017. TorPolice: Towards enforcing service-defined access policies for anonymous communication in the Tor network. In Proceedings of the International Conference on Network Protocols (ICNP).Google Scholar
Cross Ref
- Karsten Loesing, Steven J. Murdoch, and Roger Dingledine. 2010. A case study on measuring statistical data in the Tor anonymity network. In Proceedings of the Workshop on Ethics in Computer Security Research (WECSR). For Tor metrics statistics and data-sets, see https://metrics.torproject.org. Google Scholar
Digital Library
- Nick Mathewson. 2004. Evaluating SCTP for Tor. http://archives.seul.org/or/dev/Sep-2004/msg00002.html. (September 2004). Listserv posting.Google Scholar
- Matthew Mathis and Jamshid Mahdavi. 1996. Forward acknowledgement: Refining TCP congestion control. ACM SIGCOMM Computer Communication Review 26, 4 (1996), 281--291. Google Scholar
Digital Library
- M. Mathis, J. Mahdavi, S. Floyd, and A. Romanow. 1996. TCP Selective Acknowledgment Options. RFC 2018 (Proposed Standard). (Oct. 1996). http://www.ietf.org/rfc/rfc2018.txt. Google Scholar
Digital Library
- Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. 2008. Shining light in dark places: Understanding the Tor network. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS). Google Scholar
Digital Library
- Dharmendra Kumar Mishra, Pranav Vankar, and Mohit P. Tahiliani. 2016. TCP evaluation suite for Ns-3. In Proceedings of the Workshop on Ns-3 (WNS3). Google Scholar
Digital Library
- Prateek Mittal, Ahmed Khurshid, Joshua Juen, Matthew Caesar, and Nikita Borisov. 2011. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- W. Brad Moore, Chris Wacek, and Micah Sherr. 2011. Exploring the potential benefits of expanded rate limiting in Tor: Slow and steady wins the race with Tortoise. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Google Scholar
Digital Library
- Steven J. Murdoch. 2006. Hot or not: Revealing hidden services by their clock skew. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Steven J. Murdoch. 2011. Comparison of Tor Datagram Designs. Technical Report 2011-11-001. The Tor Project.Google Scholar
- Steven J. Murdoch and George Danezis. 2005. Low-cost traffic analysis of Tor. In Proceedings of the IEEE Symposium on Security and Privacy (S8P). Google Scholar
Digital Library
- Michael F. Nowlan, Nabin Tiwari, Janardhan Iyengar, Syed Obaid Amin, and Bryan Ford. 2012. Fitting square pegs through round pipes. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI). Google Scholar
Digital Library
- Michael F. Nowlan, David Wolinsky, and Bryan Ford. 2013. Reducing latency in Tor circuits with unordered delivery. In Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI).Google Scholar
- V. Paxson, M. Allman, J. Chu, and M. Sargent. 2011. Computing TCP’s Retransmission Timer. RFC 6298 (Proposed Standard). (June 2011). http://www.ietf.org/rfc/rfc6298.txt. Google Scholar
Digital Library
- Larry Peterson, Steve Muir, Timothy Roscoe, and Aaron Klingaman. 2006. PlanetLab Architecture: An Overview. Technical Report. PlanetLab Consortium.Google Scholar
- Joel Reardon and Ian Goldberg. 2009. Improving Tor using a TCP-over-DTLS tunnel. In Proceedings of the USENIX Security Symposium (USENIX). Google Scholar
Digital Library
- Florentin Rochet and Olivier Pereira. 2017. Waterfilling: Balancing the Tor network with maximum diversity. Proceedings on Privacy Enhancing Technologies (PoPETs) 2017, 2 (2017).Google Scholar
Cross Ref
- Micah Sherr, Andrew Mao, William R. Marczak, Wenchao Zhou, Boon Thau Loo, and Matt Blaze. 2010. A3: An extensible platform for application-aware anonymity. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
- Fatemeh Shirazi, Matthias Goehring, and Claudia Diaz. 2015. Tor experimentation tools. In Proceedings of the International Workshop on Privacy Engineering (IWPE). Google Scholar
Digital Library
- Robin Snader and Nikita Borisov. 2008. A tune-up for Tor: Improving security and performance in the Tor network. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
- Henry Tan, Micah Sherr, and Wenchao Zhou. 2016. Data-plane Defenses against routing attacks on Tor. Proceedings on Privacy Enhancing Technologies (PoPETs) 2016, 4 (2016).Google Scholar
Cross Ref
- Can Tang and Ian Goldberg. 2010. An improved algorithm for Tor circuit scheduling. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Google Scholar
Digital Library
- Florian Tschorsch and Björn Scheuermann. 2016. Mind the gap: Towards a backpressure-based transport protocol for the Tor network. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI). Google Scholar
Digital Library
- Chris Wacek, Henry Tan, Kevin Bauer, and Micah Sherr. 2013. An empirical evaluation of relay selection in Tor. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
- Ryan Wails, Yixin Sun, Aaron Johnson, Mung Chiang, and Prateek Mittal. 2018. Tempest: Temporal dynamics in anonymity systems. Proceedings on Privacy Enhancing Technologies (PoPETs) 2018, 3 (2018).Google Scholar
Cross Ref
- Tao Wang, Kevin Bauer, Clara Forero, and Ian Goldberg. 2012. Congestion-aware path selection for Tor. In Proceedings of the Financial Cryptography and Data Security (FC).Google Scholar
Cross Ref
- Eric Weigle and Wu-chun Feng. 2002. A comparison of TCP automatic tuning techniques for distributed computing. In Proceedings of the IEEE Symposium on High Performance Distributed Computing (HPDC). Google Scholar
Digital Library
Index Terms
KIST: Kernel-Informed Socket Transport for Tor
Recommendations
Never been KIST: Tor's congestion management blossoms with Kernel-informed socket transport
SEC'14: Proceedings of the 23rd USENIX conference on Security SymposiumTor's growing popularity and user diversity has resulted in network performance problems that are not well understood. A large body of work has attempted to solve these problems without a complete understanding of where congestion occurs in Tor. In this ...
EPAMP: An Anonymous Multicast Protocol in Mobile Ad Hoc Networks
Proceedings of the ICA3PP International Workshops and Symposiums on Algorithms and Architectures for Parallel Processing - Volume 9532We propose a new anonymous multicast protocol named Encryption and Pseudo-based Anonymous Multicast Protocol EPAMP. EPAMP is an anonymous routing protocol based on MAODV in mobile ad hoc networks. It adopts the pseudonym mechanism to hide the senders ...
Xor-trees for efficient anonymous multicast and reception
We examine the problem of efficient anonymous multicast and reception in general communication networks. We present algorithms that achieve anonymous communication, are protected against traffic analysis, and require O(1) amortized communication ...






Comments