Safely Measuring Tor Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems 23 rd Conference on Computer and Communication.

Slides:



Advertisements
Similar presentations
A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
Advertisements

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
Traffic Engineering With Traditional IP Routing Protocols
Maintaining and Updating Windows Server 2008
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
1 Enabling Secure Internet Access with ISA Server.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
Shadow: Simple HPC for Systems Security Research Invited Talk Kansas State University September 25 th, 2013 Rob Jansen U.S. Naval Research Laboratory
Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.
1 實驗九:建置網路安全閘道器 教師: 助教:. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.
Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.
CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
How Low Can You Go: Balancing Performance with Anonymity in Tor’ DC-Area Anonymity,Privacy, and Security Seminar May 10 th, 2013 Rob Jansen U.S. Naval.
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
Maintaining and Updating Windows Server 2008 Lesson 8.
Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum
Monitoring Windows Server 2012
Confluent vs. Splittable Flows
PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale.
On-line Detection of Real Time Multimedia Traffic
Module Overview Installing and Configuring a Network Policy Server
Andrew Lewman
Tor Internals and Hidden Services
Shadow: Real Applications, Simulated Networks
Data Streaming in Computer Networking
Mohammad Malli Chadi Barakat, Walid Dabbous Alcatel meeting
Chapter 6 Delivery & Forwarding of IP Packets
Karen Reilly Andrew Lewman
CHAPTER 3 Architectures for Distributed Systems
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Performance Enhancements for Tor
TCP-LP: A Distributed Algorithm for Low Priority Data Transfer
2018 Real Cisco Dumps IT-Dumps
Inside Job: Applying Traffic Analysis to Measure Tor from Within
Privacy Through Anonymous Connection and Browsing
CSCI {4,6}900: Ubiquitous Computing
Measuring and Monitoring the Tor Network Aaron Johnson
OneSwarm: Privacy Preserving P2P
Differential Privacy in Practice
0x1A Great Papers in Computer Security
Anupam Das , Nikita Borisov
Shadow: Scalable and Deterministic Network Experimentation
Section 14.1 Section 14.2 Identify the technical needs of a Web server
Authors: Ing-Ray Chen; Yating Wang Present by: Kaiqun Fu
ONE® Mail Training Presentation
Anupam Das , Nikita Borisov
Privacy-Preserving Dynamic Learning of Tor Network Traffic
CS590B/690B Detecting network interference (Spring 2018)
Introduction to Network Security
Chapter-5 Traffic Engineering.
EE 122: Lecture 22 (Overlay Networks)
Outline Overview of IP History of the Internet - 3-May-19
Anonymous Communication
Internet Research Group at Clemson University
Rob Jansen, U.S. Naval Research Laboratory
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Safely Measuring Tor Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems 23 rd Conference on Computer and Communication Security Hofburg Imperial Palace, Vienna, Austria October 27 th, 2016 “Safely Measuring Tor”, Rob Jansen and Aaron Johnson, In the Proceedings of the 23rd ACM Conference on Computer and Communication Security (CCS 2016).

PrivCount: A Distributed System for Safely Measuring Tor | 2 U.S. Naval Research Laboratory Talk Overview Tor: an anonymous communication, censorship resistant, privacy-enhancing communication system How is Tor being used? being misused? performing? Estimated ~1.75 M. Users/Day (metrics.torproject.org)

PrivCount: A Distributed System for Safely Measuring Tor | 3 U.S. Naval Research Laboratory Talk Overview Tor: an anonymous communication, censorship resistant, privacy-enhancing communication system How is Tor being used? being misused? performing? Objective: To safely gather Tor network usage statistics Approach: Use distributed measurement, secure multiparty computation, and differential privacy Estimated ~1.75 M. Users/Day (metrics.torproject.org)

Background and Motivation How Tor works Why measurements are needed and what to measure Measurement challenges

PrivCount: A Distributed System for Safely Measuring Tor | 5 U.S. Naval Research Laboratory Background: Onion Routing UsersDestinationsRelays Circuit

PrivCount: A Distributed System for Safely Measuring Tor | 6 U.S. Naval Research Laboratory Background: Onion Routing UsersDestinationsRelays Circuit Stream

PrivCount: A Distributed System for Safely Measuring Tor | 7 U.S. Naval Research Laboratory Background: Using Circuits

PrivCount: A Distributed System for Safely Measuring Tor | 8 U.S. Naval Research Laboratory Background: Using Circuits 1.Clients begin all circuits with a selected guard

PrivCount: A Distributed System for Safely Measuring Tor | 9 U.S. Naval Research Laboratory Background: Using Circuits 1.Clients begin all circuits with a selected guard 2.Relays define individual exit policies

PrivCount: A Distributed System for Safely Measuring Tor | 10 U.S. Naval Research Laboratory Background: Using Circuits 1.Clients begin all circuits with a selected guard 2.Relays define individual exit policies 3.Clients multiplex streams over a circuit

PrivCount: A Distributed System for Safely Measuring Tor | 11 U.S. Naval Research Laboratory Background: Using Circuits 1.Clients begin all circuits with a selected guard 2.Relays define individual exit policies 3.Clients multiplex streams over a circuit 4.New circuits replace existing ones periodically

PrivCount: A Distributed System for Safely Measuring Tor | 12 U.S. Naval Research Laboratory Background: Using Circuits 1.Clients begin all circuits with a selected guard 2.Relays define individual exit policies 3.Clients multiplex streams over a circuit 4.New circuits replace existing ones periodically 5.Clients randomly choose relays, weighted by bandwidth

PrivCount: A Distributed System for Safely Measuring Tor | 13 U.S. Naval Research Laboratory Background: Directory Authorities Directory Authorities Hourly network consensus by majority vote Relay info (IPs, pub keys, bandwidths, etc.) Parameters (performance thresholds, etc.)

PrivCount: A Distributed System for Safely Measuring Tor | 14 U.S. Naval Research Laboratory Motivation: Why Measure Tor? Why are Tor network measurements needed? To understand usage behaviors to focus effort and resources To understand network protocols and calibrate parameters To inform policy discussion

PrivCount: A Distributed System for Safely Measuring Tor | 15 U.S. Naval Research Laboratory Motivation: Why Measure Tor? Why are Tor network measurements needed? To understand usage behaviors to focus effort and resources To understand network protocols and calibrate parameters To inform policy discussion “Tor metrics are the ammunition that lets Tor and other security advocates argue for a more private and secure Internet from a position of data, rather than just dogma or perspective.” – Bruce Schneier (June 1, 2016) (metrics.torproject.org)

PrivCount: A Distributed System for Safely Measuring Tor | 16 U.S. Naval Research Laboratory Motivation: Previous Measurement Studies Previous work collected, stored, and manually analyzed sensitive data McCoy et. al. (PETS 2008): tcpdump of first 150 bytes of packet (including 96 payload) Chaabane et. al. (NSS 2010): customized DPI software

PrivCount: A Distributed System for Safely Measuring Tor | 17 U.S. Naval Research Laboratory Motivation: Measurement Challenges Data PublishedPrivacy TechniquesUnsafeInaccurate Relay BW availableTest measurements ✖ Relay BW usedAggregated ~ 4 hours ✖ Total # daily usersInferred (consensus fetches) ✖ # users per countryAggregated ~ 24 hours, rounded, opt-in ✖ Exit traffic per portAggregated ~ 24 hours, opt-in ✖ Some Existing Measurements

PrivCount: A Distributed System for Safely Measuring Tor | 18 U.S. Naval Research Laboratory Motivation: Measurement Challenges Data PublishedPrivacy TechniquesUnsafeInaccurate Relay BW availableTest measurements ✖ Relay BW usedAggregated ~ 4 hours ✖ Total # daily usersInferred (consensus fetches) ✖ # users per countryAggregated ~ 24 hours, rounded, opt-in ✖ Exit traffic per portAggregated ~ 24 hours, opt-in ✖ Safety concerns: Per-relay outputs Data stored locally No privacy proofs Some Existing Measurements

PrivCount: A Distributed System for Safely Measuring Tor | 19 U.S. Naval Research Laboratory Motivation: Measurement Challenges Data PublishedPrivacy TechniquesUnsafeInaccurate Relay BW availableTest measurements ✖ Relay BW usedAggregated ~ 4 hours ✖ Total # daily usersInferred (consensus fetches) ✖ # users per countryAggregated ~ 24 hours, rounded, opt-in ✖ Exit traffic per portAggregated ~ 24 hours, opt-in ✖ Accuracy concerns: Per-relay noise Opt-in, limited vantage points Some Existing Measurements

PrivCount: A Distributed System for Safely Measuring Tor | 20 U.S. Naval Research Laboratory Motivation: Missing Measurements Many useful statistics are not collected for safety Users Total number of unique users at any time, how long they stay online, how often they join and leave, usage behavior Relays Total bandwidth capacity, congestion and queuing delays, circuit and other failures, denial of service and other attacks Destinations Popular destinations, popular applications, effects of DNS, properties of traffic (bytes and connections per page, etc.)

The PrivCount Measurement System PrivCount system architecture Distributed measurement and aggregation protocol Secure computation and private output

PrivCount: A Distributed System for Safely Measuring Tor | 22 U.S. Naval Research Laboratory PrivCount: Overview Privacy-preserving counting system Consumes various new event types from Tor Circuit end events Stream end events Connection end events Counts various statistics from event information, e.g.: Total number of circuits, streams, connections Data volume per circuit, stream Number of unique users … Based on PrivEx-S2 protocol of Elahi et. al. (CCS 2014)

PrivCount: A Distributed System for Safely Measuring Tor | 23 U.S. Naval Research Laboratory PrivCount: Overview Security goals for safer Tor measurements Forward privacy The adversary cannot learn the state of the measurement before time of compromise Differential privacy Prevents confirmation of the actions of a specific user given the output Secure aggregation Securely aggregates safe statistics across all measurement nodes Only the safe, aggregated measurement results are released

PrivCount: A Distributed System for Safely Measuring Tor | 24 U.S. Naval Research Laboratory PrivCount: Architecture Data Collectors (DCs) Collect events Increment counters DC1DC2

PrivCount: A Distributed System for Safely Measuring Tor | 25 U.S. Naval Research Laboratory PrivCount: Architecture Data Collectors (DCs) Collect events Increment counters Tally Server (TS) Central, untrusted proxy Collection facilitator DC1 TS DC2

PrivCount: A Distributed System for Safely Measuring Tor | 26 U.S. Naval Research Laboratory PrivCount: Architecture Data Collectors (DCs) Collect events Increment counters Tally Server (TS) Central, untrusted proxy Collection facilitator Share Keepers (SKs) Stores DC secrets, sum for aggregation DC1 TS SK1 SK2 DC2

PrivCount: A Distributed System for Safely Measuring Tor | 27 U.S. Naval Research Laboratory PrivCount: Initialization DC1DC2 Deploy Create deployment document Privacy parameters ε and δ Sensitivity for each statistic (max change due to single client) Noise weight ω (relative noise added by each DC) TS SK1 SK2

PrivCount: A Distributed System for Safely Measuring Tor | 28 U.S. Naval Research Laboratory PrivCount: Initialization Send to all DCs and SKs DCs and SKs accept only on unanimous consensus Deploy DC1 TS DC2 SK1 SK2

PrivCount: A Distributed System for Safely Measuring Tor | 29 U.S. Naval Research Laboratory PrivCount: Configuration Config Create configuration document Collection start and end times Statistics to collect Estimated value for each statistic (maximize relative per-statistic accuracy while providing (ε, δ)- differential privacy) DC1 TS DC2 SK1 SK2

Config PrivCount: A Distributed System for Safely Measuring Tor | 30 U.S. Naval Research Laboratory PrivCount: Configuration Send to all DCs and SKs DCs and SKs check for consistency DC1 TS DC2 SK1 SK2

PrivCount: A Distributed System for Safely Measuring Tor | 31 U.S. Naval Research Laboratory PrivCount: Execution - Setup TS SK1 SK2 Generate noise for each counter N ~ Normal(0,ωσ) mod q Contributes to differential privacy of the outputs N_DC1 DC1DC2 N_DC2

PrivCount: A Distributed System for Safely Measuring Tor | 32 U.S. Naval Research Laboratory PrivCount: Execution - Setup TS SK1 SK2 Generate random share for each SK S ~ Uniform({0, …, q-1}) “Blinds” the actual counts for forward privacy at the DCs N_DC1 DC1DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 N_DC2

PrivCount: A Distributed System for Safely Measuring Tor | 33 U.S. Naval Research Laboratory PrivCount: Execution - Setup TS SK1 SK2 DCs send shares to SKs N_DC1 DC1DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 N_DC2

PrivCount: A Distributed System for Safely Measuring Tor | 34 U.S. Naval Research Laboratory PrivCount: Collection TS SK1 SK2 DCs collect events and increment counters N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2

PrivCount: A Distributed System for Safely Measuring Tor | 35 U.S. Naval Research Laboratory PrivCount: Collection TS SK1 SK2 Send Counters to TS N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2

PrivCount: A Distributed System for Safely Measuring Tor | 36 U.S. Naval Research Laboratory PrivCount: Aggregation TS SK1 SK2 TS combines all counter values from DCs and SKs Subtracts SK-held values from DC-held values N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC

PrivCount: A Distributed System for Safely Measuring Tor | 37 U.S. Naval Research Laboratory PrivCount: Aggregation TS SK1 SK2 N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2 + TS combines all counter values from DCs and SKs Subtracts SK-held values from DC-held values - -

PrivCount: A Distributed System for Safely Measuring Tor | 38 U.S. Naval Research Laboratory PrivCount: Aggregation TS SK1 SK2 Results are differentially private and safe to publish N_DC1 DC1DC2 N_DC2 C_DC1 C_DC2

PrivCount: A Distributed System for Safely Measuring Tor | 39 U.S. Naval Research Laboratory PrivCount: Security Recall: Security Properties Forward privacy The adversary cannot learn the state of the measurement before time of compromise Differential privacy Prevents confirmation of the actions of a specific user given the output Secure aggregation Securely aggregates safe statistics across all measurement nodes Only the safe, aggregated measurement results are released

PrivCount: A Distributed System for Safely Measuring Tor | 40 U.S. Naval Research Laboratory PrivCount: Security TS SK1 SK2 N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2 N_DC1 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC

PrivCount: A Distributed System for Safely Measuring Tor | 41 U.S. Naval Research Laboratory PrivCount: Security TS SK1 SK2 N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2 Forward Privacy Nothing learned from counter before time of compromise as long as 1 SK is honest N_DC1 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC

PrivCount: A Distributed System for Safely Measuring Tor | 42 U.S. Naval Research Laboratory PrivCount: Security TS SK1 SK2 N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2 Differential Privacy Enough noise is added as long as a tunable subset of DCs are honest N_DC1 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC

PrivCount: A Distributed System for Safely Measuring Tor | 43 U.S. Naval Research Laboratory PrivCount: Security TS SK1 SK2 N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2 Secure Aggregation Count+noise is added securely – the TS only learns the aggregated sum N_DC1 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC

PrivCount: A Distributed System for Safely Measuring Tor | 44 U.S. Naval Research Laboratory PrivCount: Security TS SK1 SK2 N_DC1 DC1DC2 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC2 See paper for more details and for security and privacy proofs N_DC1 N_DC2 S2_DC1 S1_DC1 S2_DC2 S1_DC2 S1_DC1 S1_DC2 S2_DC1 S2_DC2 C_DC1 C_DC

Deployment and Measurement Results Configuring and running Tor relays “Exploratory” measurements using various exit policies “In-depth” measurements of most popular usage Network-wide measurement inference

PrivCount: A Distributed System for Safely Measuring Tor | 46 U.S. Naval Research Laboratory Deploying PrivCount 3 entry relay data collectors 0.16% entry bandwidth 4 exit relay data collectors 1.10% exit bandwidth 1 TS and 6 SKs from 6 operators and 4 countries DCs TS SKs

PrivCount: A Distributed System for Safely Measuring Tor | 47 U.S. Naval Research Laboratory Collection Phases Exploratory phases Explore various exit policies (strict, default, open) Explore various applications (web, interactive, other) Gather only totals (circuits, streams, bytes) Use Tor metrics to estimate input parameters Run for 1 day, iterate In-depth phases Focus on most popular exit policy and applications Gather totals and histograms Use exploratory results to estimate input parameters Run for 4 days for client stats, 21 days for exit stats

PrivCount: A Distributed System for Safely Measuring Tor | 48 U.S. Naval Research Laboratory Results: Exit Policies Open file sharing ports reduce web data transferred

PrivCount: A Distributed System for Safely Measuring Tor | 49 U.S. Naval Research Laboratory Results: Amount and Types of Traffic Increase in web traffic – 42% in 2010 to 91% in 2016

PrivCount: A Distributed System for Safely Measuring Tor | 50 U.S. Naval Research Laboratory Results: Number of Unique Users 710k total users 550k (77%) active users In an average 10 mins.

PrivCount: A Distributed System for Safely Measuring Tor | 51 U.S. Naval Research Laboratory Results: Number of Unique Users ~800k – ~1.6m average concurrent users (Tor Browser update pings – metrics.shinyapps.io/webstats2/) 710k total users 550k (77%) active users In an average 10 mins.

PrivCount: A Distributed System for Safely Measuring Tor | 52 U.S. Naval Research Laboratory Results: Number of Unique Users ~800k – ~1.6m average concurrent users (Tor Browser update pings – metrics.shinyapps.io/webstats2/) ~1.75m daily users (Consensus downloads – 710k total users 550k (77%) active users In an average 10 mins.

PrivCount: A Distributed System for Safely Measuring Tor | 53 U.S. Naval Research Laboratory Results: Traffic Modeling Statistics More results in the paper!

PrivCount: A Distributed System for Safely Measuring Tor | 54 U.S. Naval Research Laboratory Conclusion PrivCount Distributed measurement system using secret sharing Safer Tor measurement study Open source: Future measurement plans Network traffic to create realistic traffic models Onion services to improve reliability and scalability Better techniques for cardinality (e.g., # unique users) Detecting denial of service attacks and other misbehavior Contact robgjansen.com,

Questions

PrivCount: A Distributed System for Safely Measuring Tor | 56 U.S. Naval Research Laboratory PrivCount vs PrivEx How does PrivCount enhance PrivEx Multi-phase iterative measurement Expanded privacy notion that simultaneously handles multiple types of measurements Optimal allocation of the ε privacy budget across multiple statistics Composable security definition and proof More capable and reliable tool Supports over 30 different types of Tor statistics Resilience to node failures and reboots Simpler configuration and setup

PrivCount: A Distributed System for Safely Measuring Tor | 57 U.S. Naval Research Laboratory Privacy Parameters for (ε, δ)-differential privacy ε = 0.3 : same as used by Tor onion service stats δ = : upper bound on prob. of choosing noise value that violates ε-differential privacy DCs on 3 machines, add 3x noise User action bounds ActionBound Simultaneous open entry connections1 Entry connection open time24 hours New entry connections12 New circuits146 New streams30,000 Data sent or received10 MiB

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.