ebook img

Privacy Preserving Performance Enhancements for Anonymous Communication Networks PDF

213 Pages·2012·5.2 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Privacy Preserving Performance Enhancements for Anonymous Communication Networks

Privacy Preserving Performance Enhancements for Anonymous Communication Networks A DISSERTATION SUBMITTED TO THE FACULTY OF THE GRADUATE SCHOOL OF THE UNIVERSITY OF MINNESOTA BY Robert G. Jansen IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF Doctor of Philosophy Nicholas J. Hopper October, 2012 (cid:13)c Robert G. Jansen 2012 ALL RIGHTS RESERVED Acknowledgements I would like to extend much gratitude to my advisor, Nick Hopper, not only for his sup- port of and contribution to the ideas within this dissertation, but also for his unending patience and exuberance during my development as a researcher. His qualities as an advisor are unparalleled. Ithankmyothercommitteemembers–YongdaeKim, AndrewOdlyzko, PaulSyverson, and Jon Weissman – for their comments and support of this dissertation. I thank my collaborators – Kevin Bauer, Roger Dingledine, Nick Hopper, Aaron John- son, Yongdae Kim, and Paul Syverson – all of whom helped shape and enhance this work. I additionally thank everyone with which I had fruitful discussions related to this work during my time in graduate school, especially: Eric Chan-Tin; Ian Goldberg; John Geddes; Denis Foo Kune; Zi Lin; Harsha Madhyastha; Prateek Mittal; Abedelaziz Mohaisen; Max Schuchard; Micah Sherr; Chris Wacek; and Eugene Vasserman. I most extensively thank Leiah, my best friend and partner, for her patience and emo- tional support throughout graduate school. Her consistently positive attitude continu- ously bolstered my perserverence against the numerous challenges along the way. Finally, I thank my family for their understanding and support of my pursuits. i Dedication for Leiah ii Abstract An anonymous communication system hides the fact that two parties are communi- cating, and as a result, drastically improves the online privacy of those using it. Tor is the most popular anonymous communication system deployed, but its popularity has illuminated problems with its design that have made it unbearably slow for many users who would otherwise benefit from its protections. These performance problems have been recognized, but there has been little work on designing and properly evaluating practical solutions that improve performance while also preserving privacy. We initiate an exploration into Tor’s system design and the quality of the communi- cation it provides. First, we design and develop a simulation tool, called Shadow, that allows us to experiment with the Tor software in a safe but realistic and controllable manner. We then give a precise model of the Tor network, the backbone networks upon which it operates, and the user agents operating within it. We show that by combin- ing our model with Shadow, our experimentation environment is capable of producing network interactions and performance qualities indicative of real systems. We then investigate performance enhancements in three major areas of Tor’s de- sign. We explore Tor’s utilization of resources by evaluating both existing and new circuit scheduling techniques, and show the extent to which scheduling can be used to prioritize traffic in order to improve desirable quality metrics. We then design and eval- uate algorithms focused on reducing network load by throttling agents that consume an unfair share of network resources. Finally, in an effort to supplement Tor’s volun- teered resources, we design and analyze two schemes that increase network capacity by providing incentives to those contributing resources to the system. iii Contents Acknowledgements i Dedication ii Abstract iii List of Tables x List of Figures xi 1 Introduction 1 1.1 Performance Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1.1 Demand for Bandwidth . . . . . . . . . . . . . . . . . . . . . . . 5 1.1.2 Network Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2 Enhancing Performance While Preserving Privacy . . . . . . . . . . . . 6 1.3 Contributions and Outline . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2 Background 10 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2 Multiplexed Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3 Connection Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.4 Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.5 Cell Processing and Queuing . . . . . . . . . . . . . . . . . . . . . . . . 13 2.6 Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.7 Connection Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 iv 3 Shadow: Running Tor in a Box for Accurate and Efficient Experimen- tation 15 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.1.1 Tor Experimentation . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.1.2 Tor in a Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.1.3 Accurate Simulation . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.2 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2.1 Accuracy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2.2 Usability and Accessibility . . . . . . . . . . . . . . . . . . . . . . 19 3.3 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.1 Core Simulation Engine . . . . . . . . . . . . . . . . . . . . . . . 21 3.3.2 Simulation Script . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.3.3 Shadow Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.3.4 Virtual Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.4 The Scallion Plug-in: Running Tor in Shadow . . . . . . . . . . . . . . . 29 3.4.1 State Registration . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.4.2 Bandwidth Measurements . . . . . . . . . . . . . . . . . . . . . . 30 3.4.3 Tor Preloaded Functions . . . . . . . . . . . . . . . . . . . . . . . 30 3.4.4 Configuration and Usability . . . . . . . . . . . . . . . . . . . . . 31 3.5 Verifying Simulation Accuracy . . . . . . . . . . . . . . . . . . . . . . . 32 3.5.1 File Client and Server Plug-ins . . . . . . . . . . . . . . . . . . . 32 3.5.2 PlanetLab Private Tor Network . . . . . . . . . . . . . . . . . . . 32 3.5.3 Live Public Tor Network . . . . . . . . . . . . . . . . . . . . . . . 37 3.6 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4 Methodically Modeling the Tor Network 42 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 4.2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.2.1 Shadow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 4.2.2 ExperimenTor . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 4.3 Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 v 4.3.1 Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 4.3.2 Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.4 Methodology and Experiments . . . . . . . . . . . . . . . . . . . . . . . 56 4.4.1 Network Performance . . . . . . . . . . . . . . . . . . . . . . . . 59 4.4.2 Network Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 4.5 Lessons Learned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 4.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 5 Prioritized Tor Circuit Scheduling 64 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 5.2 EWMA Circuit Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . 66 5.2.1 EWMA Scheduling Model . . . . . . . . . . . . . . . . . . . . . . 67 5.2.2 EWMA in Single-Circuit Topology . . . . . . . . . . . . . . . . . 67 5.2.3 EWMA in Full-Network Deployment . . . . . . . . . . . . . . . . 70 5.3 Circuit Scheduling with Proportional Differentiation . . . . . . . . . . . 73 5.3.1 Proportional Differentiation Model . . . . . . . . . . . . . . . . . 73 5.3.2 DiffServ in Single-Circuit Topology . . . . . . . . . . . . . . . . . 76 5.3.3 DiffServ in Full-Network Deployment . . . . . . . . . . . . . . . . 79 5.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 6 Throttling Tor Bandwidth Parasites 83 6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 6.1.1 Increasing Capacity . . . . . . . . . . . . . . . . . . . . . . . . . 84 6.1.2 Optimizing Resource Utilization . . . . . . . . . . . . . . . . . . 85 6.1.3 Reducing Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 6.1.4 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 6.2 Throttling Client Connections . . . . . . . . . . . . . . . . . . . . . . . . 87 6.2.1 Static Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 6.2.2 Adaptive Throttling . . . . . . . . . . . . . . . . . . . . . . . . . 89 6.3 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 6.3.1 Experimental Setup . . . . . . . . . . . . . . . . . . . . . . . . . 95 6.3.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 6.3.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 vi 6.4 Analysis and Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 6.4.1 Gathering Information . . . . . . . . . . . . . . . . . . . . . . . . 102 6.4.2 Adversarial Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 103 6.4.3 Eluding Throttles . . . . . . . . . . . . . . . . . . . . . . . . . . 107 6.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 7 Recruiting New Tor Relays with BRAIDS 109 7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 7.1.1 Recruiting New Relays . . . . . . . . . . . . . . . . . . . . . . . . 110 7.1.2 Introducing BRAIDS . . . . . . . . . . . . . . . . . . . . . . . . . 111 7.1.3 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 7.2 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 7.3 System Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 7.3.1 Relay-specific Tickets . . . . . . . . . . . . . . . . . . . . . . . . 113 7.3.2 Ticket Transferability . . . . . . . . . . . . . . . . . . . . . . . . 115 7.3.3 Randomized Ticket Distribution . . . . . . . . . . . . . . . . . . 118 7.3.4 Differentiated Service . . . . . . . . . . . . . . . . . . . . . . . . 122 7.4 Analysis and Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 7.4.1 Parameter Selection . . . . . . . . . . . . . . . . . . . . . . . . . 124 7.4.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 7.5 Simulation and Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 7.5.1 Simulator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 7.5.2 Experimental Parameters . . . . . . . . . . . . . . . . . . . . . . 130 7.5.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 7.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 8 LIRA: Lightweight Incentivized Routing for Anonymity 134 8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 8.1.1 Lightweight Incentivized Routing for Anonymity . . . . . . . . . 136 8.1.2 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 8.1.3 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 8.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 8.2.1 Onion-Routing Network . . . . . . . . . . . . . . . . . . . . . . . 138 vii 8.2.2 Adversary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 8.2.3 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 8.3 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 8.3.1 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 8.3.2 Coin Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 8.3.3 Purchasing Guaranteed Winners . . . . . . . . . . . . . . . . . . 142 8.3.4 Circuit Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 8.3.5 Circuit Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . 149 8.4 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 8.4.1 Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 8.4.2 Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 8.4.3 Incentives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 8.5 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 8.5.1 Network Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 8.5.2 Model and Simulation Accuracy . . . . . . . . . . . . . . . . . . 164 8.5.3 LIRA Prototype . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 8.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 9 Related Work 169 9.1 Experimentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 9.1.1 Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 9.1.2 Emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 9.2 Performance Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 9.2.1 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . 172 9.2.2 Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 9.2.3 Congestion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 9.2.4 Relay Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 9.2.5 Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 9.3 Incentives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 9.3.1 Tor Incentives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 9.3.2 Incentives in Other Networks . . . . . . . . . . . . . . . . . . . . 176 viii

Description:
An anonymous communication system hides the fact that two parties are communi- the most popular anonymous communication system deployed, but its
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.