1 / 33

LASTor : A Low-Latency AS-Aware Tor Client

LASTor : A Low-Latency AS-Aware Tor Client . Masoud Akhoondi , Curtis Yu, Harsha V. Madhyastha. Tor (The onion router). D. R3. R2. S. R1. Anonymity - Each hop only knows previous and next hop on a path Low latency communication - 90% of Tor traffic is interactive [Mccoy08].

nola
Télécharger la présentation

LASTor : A Low-Latency AS-Aware Tor Client

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LASTor: A Low-Latency AS-Aware Tor Client MasoudAkhoondi, Curtis Yu, HarshaV. Madhyastha

  2. Tor (The onion router) D R3 R2 S R1 Anonymity - Each hop only knows previous and next hop on a path Low latency communication - 90% of Tor traffic is interactive [Mccoy08] • 400,000 users • 2700 relays

  3. How are latencies on Tor? • Experiment: • Sources: • 50 PlanetLabnodes spread across globe • Destinations: • Top 200 websites 5x inflation in median

  4. Profiling attack on Tor Green AS (Autonomous System) can eavesdrop on both end segments of path[Murdoch07] D Exit segment S Entry segment Relay 2 Entry relay Exit relay

  5. How severe is profiling attack? 65% of relays are in 20% of all ASes Non-uniform distribution of relays across ASes

  6. Potential solution for these problems • Measure latencies and routes from each relay to all end-hosts [Sherr09, Alsabah11, Mittall11] • Requires modification of relays • None of these proposals deployed yet • Non-trivial to implement

  7. LASTor: A low-latency AS-aware Tor client Main insight: Client modifications suffice Mitigate profiling attack Improve poor latency for interactive communications

  8. Main insight: Client modifications suffice Mitigate profiling attack Improve poor latency for interactive communications • Solution: • Modified path selection to reduce latency • Solution: • AS-aware path selection

  9. Goal: Improve latency Sources of latency on Tor • Queuing and processing delay • Congestion in relays [Panchenko09] • Propagation delay • Long paths D S

  10. Goal: Improve latency Shortest path vs. Default Tor • Destinations: • Top 200 websites • Sources: • 50 PlanetLab nodes spread across globe • Map relays to geographical locations 50% improvement in median Shorter paths can greatly reduce latency Path should not be deterministic  Weighted Shortest Path (WSP)

  11. Goal: Improve latency Weighted Shortest Path (WSP) • WSP computes length of all possible paths • Probability of choosing is inversely proportional to its length 3 3 1 1 1 2 4 3

  12. Goal: Improve latency An Attack on WSP Attacker controls a relay 3 3 1 1 1 2 4 3

  13. Goal: Improve latency Solution: Clustering of relays 3 3 1 1 1 2 4 3 • Run WSP using clusters of relays • For chosen cluster-level path, randomly pick arelay in each cluster

  14. Goal: Improve latency Solution: Clustering of relays 3 3 1 1 1 2 4 3

  15. Goal: Improve latency Weighted Shortest Path (WSP) • Preprocessing • Cluster all relays • Path selection • Computes length of possible paths using clusters • Choose a path with a probability inversely proportional to its length • Pick a relay randomly in each chosen cluster • Other issues (see paper) • Handling multi-location destinations • Choosing entry relays

  16. Goal: Improve latency WSP reduces latency 50 PlanetLab nodes to top 200 websites 20% improvement in 80th percentile 25% improvement in median

  17. Goal: Improve latency Tunable path selection in LASTor • Modify WSP to consider user’s preference towards: • Anonymity • Latency • Single parameter α configured by user: • Modified weight w to w(1-α)where 0 ≤α≤ 1 1 0 α Lowest latency Highest anonymity

  18. Goal: Improve latency Tunable path selection in LASTor Lower α, lower latency Higher α, higher anonymity • Gini Coefficient • measure of inequality in a distribution • 0: perfect equality • 1: maximal inequality

  19. Main insight: Client modifications suffice Mitigate profiling attack Improve poor latency for interactive communications • Solution: • Modified path selection to reduce latency • Solution: • AS-aware path selection

  20. Goal: AS-aware Profiling attack on a path Goal: Detect common ASeson entry and exit segments Green AS (Autonomous System) can eavesdrop on both end segments of path[Murdoch07] Exit segment Entry segment D Relay 2 S Entry relay Exit relay

  21. Goal: AS-aware Simple heuristic does not work • Default Tor ensures no two Tor relays in same /16 • False negative: fraction of paths with common AS not detected 57% of common AS instances are missed

  22. Goal: AS-aware Need for predicting AS paths • Approach 1: Measure routes from relays to all end hosts • Need to modify relays • Approach 2: Infer AS-level routes • Several techniques exist [Mao05, Madhyastha06, Madhyastha09, Lee11] • At best 70% accuracy Exit relay D

  23. Goal: AS-aware Our solution: AS set prediction Exit relay D Predict ASes on all paths compliant with routing policies

  24. Goal: AS-aware Our solution: AS set prediction Exit relay D Predict ASes on all paths compliant with routing policies

  25. Goal: AS-aware Our solution: AS set prediction • Input [13MB initially, 1.5MB weekly] • Topology graph at AS-level • Estimate of AS path length • Compact representation routing policies: • Triple of (AS1, AS2, AS3) where AS1AS2AS3 • Algorithm • Modified version of Dijkstra’s algorithm • Output • Set of ASes on policy-compliant routes

  26. Goal: AS-aware AS set based prediction is accurate 11% of common AS instances are missed 57% of common AS instances are missed • False negative: fraction of paths with common AS not detected Any path selection algorithm can use AS set predcitionto avoid profiling attack

  27. LASTor Latency 50 PlanetLab nodes to top 200 websites

  28. Summary • Demonstrated client side changes are sufficient for: • Lower latency • Higher anonymity • Designed and implemented LASTor • Reduces median latency by 25% • Reduces median false negative of common AS from 57% to 11%

  29. Thank you

  30. How does Tor work? (Onion Routing) Entry Relay (guard) Server Exit Relay Client R1 R3 R5 R4 R2 - 300,000 users - 2700 relays Middle Relay

  31. Is distance a good estimation of latency? • Choose two different paths: • WSP(latency) • WSP(distance) • Measure latency on these two paths • 50 planetlab nodes as source and top 200 websites as destination There is no significant difference between these two metrics

  32. Goal: AS-aware Accuracy of AS-set prediction algorithm

  33. Attack on WSP Goal: Improve latency • Clustering of relays reduces: • Probability of the attack • Running time of WSP 50% reduction • Adversary replicates 10% most popular relays 25 times • Compute probability of the chosen path traversing a malicious relay

More Related