Presentation is loading. Please wait.

Presentation is loading. Please wait.

Measuring and Monitoring the Tor Network Aaron Johnson

Published byMerry Holmes Modified over 6 years ago

Similar presentations

Presentation on theme: "Measuring and Monitoring the Tor Network Aaron Johnson"— Presentation transcript:

1 Measuring and Monitoring the Tor Network Aaron Johnson
August 19th, 2018 Encryption and Surveillance Workshop

2 References and Acknowledgements
Understanding Tor Usage with Privacy-Preserving Measurement Akshaya Mani (Georgetown University), T Wilson-Brown (UNSW Canberra Cyber, University of New South Wales), Rob Jansen (U.S. Naval Research Laboratory) Aaron Johnson (U.S. Naval Research Laboratory) Micah Sherr (Georgetown University), To appear in the 2018 Internet Measurement Conference. Tunable Transparency: Secure Computation in the Tor Network Ryan Wails (U.S. Naval Research Laboratory) Aaron Johnson (U.S. Naval Research Laboratory) Daniel Starin (George Mason University, Vencore Labs) Arkady Yerukhimovich (MIT Lincoln Laboratory) S. Dov Gordon (George Mason University) In preparation (draft available).

3 Background: Tor

4 Destinations Users Tor Background
Tor is a popular system for anonymous, censorship-resistant Internet communication.

5 Tor Background: Onion Routing
Users Relays Destinations Circuit Stream

6 Tor Background: Onion Routing
Users Relays Onion Services (e.g. nytimes3xbfgragh.onion) Circuit Stream

7 Tor Background: Who Uses Tor
Over 2,000,000 daily users Over 6000 relays in over 75 countries 100Gbps aggregate traffic

8 Tor Measurement and Monitoring
Do network privacy and transparency conflict?

9 Problem: Privacy & Transparency

10 Tor Measurement and Monitoring
Privacy risks of measuring Tor Deanonymizing individual connections Storing sensitive data at relays risks leaks from compromise Revealing “interesting” users (e.g. from censored locations) Revealing private onion services

11 Tor Measurement and Monitoring
Problems without some transparency Level of anonymity unknown Network subject to silent attack and abuse Network can be covertly used for attack and abuse Network management and improvement difficult

12 Some current Tor measurements
Some current Tor measurements Data How measured Privacy techniques Relay bandwidth capacity Self, BW Authorities Test measurements Relay used bandwidth Per relay Report every 4 hrs Total daily users Inferred from consensus downloads Users per country Report every 24 hrs, round, opt-in # onion services Differential privacy, round Exit traffic per port Report every 24 hrs, opt-in

13 Some current Tor measurements
Some current Tor measurements Data How measured Privacy techniques Relay bandwidth capacity Self, BW Authorities Test measurements Relay used bandwidth Per relay Report every 4 hrs Total daily users Inferred from consensus downloads Users per country Report every 24 hrs, round, opt-in # onion services Differential privacy, round Exit traffic per port Report every 24 hrs, opt-in Inaccurate

14 Some current Tor measurements
Some current Tor measurements Data How measured Privacy techniques Relay bandwidth capacity Self, BW Authorities Test measurements Relay used bandwidth Per relay Report every 4 hrs Total daily users Inferred from consensus downloads Users per country Report every 24 hrs, round, opt-in # onion services Differential privacy, round Exit traffic per port Report every 24 hrs, opt-in Unsafe

15 Some current Tor measurements
Some current Tor measurements Data How measured Privacy techniques Relay bandwidth capacity Self, BW Authorities Test measurements Relay used bandwidth Per relay Report every 4 hrs Total daily users Inferred from consensus downloads Users per country Report every 24 hrs, round, opt-in # onion services Differential privacy, round Exit traffic per port Report every 24 hrs, opt-in Incomplete

16 Secure Aggregation

17 Secure Aggregation Data Collection: Developed two systems:
Data Collectors (DCs) / Relays x1 x2 x3 Output is noisy aggregate, hiding the inputs xi. Data Aggregators (DAs) m Data Collection: DCs store data obliviously during measurement period. DCs secret-share inputs to DAs at end of measurement period. DAs run protocol to aggregate and add differentially-private noise. Developed two systems: PrivCount: Computes sums PSC: Computes private set-union cardinality Tolerate m-1 malicious DAs Transitioning PrivCount into Tor: Proposal 288

18 Tor Measurement Study Performed Tor measurements
Exit, entries, and onion-service statistics 24-hour measurements January – May 2018 Ran 16 Tor relays 1.5% total exit, 1.2% guard, 2.8% onion lookup Canada, France, US Used PrivCount and PSC 3 Data Aggregators (DAs) 3 DA operators Located in US and Australia

19 Tor Measurement Study: Exit Statistics
Tor Web connections to popular domains (Alexa top 1M)

20 Tor Measurement Study: Entry and Onion Services
Daily client activity (95% CI inferred network-wide) Unique client IPs: 6.61 – 11.2 million “Promiscuous” clients: 14,400 – 21,500 Daily onion-service activity (95% CI inferred network-wide) 1,350 – 1,740 lookups/second 1,192 – 1,620 failed lookups/s ~93% failure rate

21 Secure Multiparty Computation

22 Secure Multiparty Computation
Flexible transparency with MPC Robust statistics to limit effect of malicious Improved client-size estimation Measure abuse of and with Tor Botnets on onion services Denial-of-service attacks Hacking attempts (e.g. vulnerability scanning) Site scraping

23 Secure Multiparty Computation
Data Collectors (DCs) / Relays x1 x2 x3 Output is some function f(x1,x2,x3), hiding the inputs xi. Computation Parties (CPs) m Data Collection: DCs store data obliviously during measurement period. DCs secret-share inputs to CPs at end of measurement period. CPs run protocol to compute some function f on the inputs. Tor MPC design TinyOT (Burra et al. 2015) for offline/online Boolean-circuit evaluation. Secure against malicious, dishonest majority.

24 Secure Multiparty Computation
TinyOT performance estimates 7,000 Data Collectors 5 Computation Parties 40-bit statistical security Median Count Distinct Offline communication 12.7 GB 31.43 GB Offline time (1Gbps BW) 1.69 minutes 4.19 minutes Offline throughput 852/day 344/day Online time (200ms RTT) 5 minutes 2 seconds off - in: sb - tri: 9*4(m-1)sL on - in: b - tri: 2L s = 40 n = 7000 m = 5 c = 1 (bandwidth in Gbps) t = 0.1 (one-way latency in seconds) Med: - in: 224,000 - AND: 17,600,000 - AND depth: 3,003 - Total offline comm: (40*(224_000) + 9*4*4*40*(17_600_000)) = Gb = GB - Total offline time: seconds = 1.69 minutes - Throughput: / day - Total online time: 3_003 * 0.1 = seconds = 5.01 minutes M = 5 Error: 5.8% Log: - in: 6,160,000,000 - AND: 870,000 - AND depth: 20 - Total offline comm: (40 * 6_160_000_ *4*4*40*870_000) = Gb = GB - Total online time: seconds = 4.19 minutes - Throughput: / day - Total online time: 20 * 0.1 = 2.0 seconds 32-bit median values, count-distinct error 5.8% (LogLog)

25 Conclusions Tor is developing privacy-focused mechanisms for measurement and monitoring. Flexible transparency mechanisms raise new issues If Tor can reveal information, will it become obligated to do so? Where should the line between transparency and privacy be drawn? What governance mechanisms can handle making these decisions? Other systems may face similar measurement questions Privacy-enhanced cryptocurrencies (Zcash, Monero) Privacy-enhanced cloud services

Download ppt "Measuring and Monitoring the Tor Network Aaron Johnson"

Similar presentations

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.

LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.

ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.

Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.
Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University.

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.

DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
A Usability Evaluation of the Tor Anonymity Network By Gregory Norcie.

A Usability Evaluation of the Tor Anonymity Network By Gregory Norcie.
Privacy-Preserving Cross-Domain Network Reachability Quantification

Privacy-Preserving Cross-Domain Network Reachability Quantification
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Similar presentations

Ads by Google