Presentation is loading. Please wait.

Presentation is loading. Please wait.

Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.

Published byAdela Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint."— Presentation transcript:

1 Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint with John Geddes, Chris Wacek, Micah Sherr, Paul Syverson

2 Tor for Awesomeness Anonymity

3 Tor is Slow!!! Research* ● PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay Networks (CCS ‘13) ● Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13) ● How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13) ● The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13) ● An Empirical Evaluation of Relay Selection in Tor (NDSS ‘13) ● LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13) ● Improving Performance and Anonymity in the Tor Network (IPCCC ‘12) ● Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12) ● Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12) ● Throttling Tor Bandwidth Parasites (USENIX Sec ‘12) ● LASTor: A Low-Latency AS-Aware Tor Client (Oakland ‘12) ● Congestion-aware Path Selection for Tor (FC ‘12) *Not a comprehensive list

4 Tor is Slow!!! Research* ● PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay Networks (CCS ‘13) ● Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13) ● How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13) ● The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13) ● An Empirical Evaluation of Relay Selection in Tor (NDSS ‘13) ● LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13) ● Improving Performance and Anonymity in the Tor Network (IPCCC ‘12) ● Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12) ● Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12) ● Throttling Tor Bandwidth Parasites (USENIX Sec ‘12) ● LASTor: A Low-Latency AS-Aware Tor Client (Oakland ‘12) ● Congestion-aware Path Selection for Tor (FC ‘12) *Not a comprehensive list Where?

5 Outline ● Where is Tor slow? – Understand Tor relay architecture – Measure and analyze relay congestion in realistic Tor networks ● Design focused solutions

6 Outline ● Where is Tor slow? – Understand Tor relay architecture – Measure and analyze relay congestion in realistic Tor networks ● Design focused solutions

7 The Tor Network

8 Relay Overview

9

10 Onion routing connections

11 Relay Overview TCP TCP Transport

12 Relay Overview TCP Multiplexed Circuits and Streams

13 Relay Overview TCP

14 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Network Input

15 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Split data into socket buffers

16 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Read data from sockets into Tor

17 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Process data (encrypt/decrypt)

18 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Split cells into circuit queues

19 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Circuits linked to outgoing connection

20 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Schedule cells

21 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Write data from Tor into sockets

22 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Schedule data for sending

23 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Opportunities for traffic management

24 Outline ● Where is Tor slow? – Understand Tor relay architecture – Measure and analyze relay congestion in realistic Tor networks ● Design focused solutions

25 Kernel Congestion: libkqtime Kernel InputKernel OutputTor InputTor Output Tor Circuits

26 Kernel Congestion: libkqtime Kernel InputKernel OutputTor InputTor Output Tor Circuits tag match

27 Kernel Congestion: libkqtime Kernel InputKernel OutputTor InputTor Output Tor Circuits tag match tag match

28 Kernel Congestion: libkqtime Kernel InputKernel OutputTor InputTor Output Tor Circuits tag match tag match track cells

29 Congestion Analysis

30

31 Analyzing the Design Kernel InputKernel OutputTor InputTor Output Tor Circuits

32 Analyzing the Design Kernel InputKernel OutputTor InputTor Output Tor Circuits Queuing delays in kernel output buffer

33 Analyzing the Design Kernel InputKernel OutputTor InputTor Output Tor Circuits Queuing delays in kernel output buffer Circuit scheduling design flaws

34 Outline ● Where is Tor slow? – Understand Tor relay architecture – Measure and analyze relay congestion in realistic Tor networks ● Design focused solutions

35 Ineffective Priority Kernel OutputTor Output Tor Circuits Circuit schedulers are ineffective at prioritization

36 Ineffective Priority Kernel OutputTor Output Tor Circuits Libevent schedules one connection at a time

37 Ineffective Priority Kernel OutputTor Output Tor Circuits Libevent schedules one connection at a time Tor only considers a subset of writable circuits

38 Ineffective Priority Kernel OutputTor Output Tor Circuits Libevent schedules one connection at a time Tor only considers a subset of writable circuits Circuits from different connections are not prioritized correctly

39 Scheduling Problems Scenario A Scenario B No Shared ConnectionShared Connection

40 Scheduling Problems Scenario A Scenario B

41 Global Circuit Scheduling Kernel OutputTor Output Tor Circuits Choose among ALL writable circuits

42 Kernel Buffer Bloat Kernel OutputTor Output Tor Circuits Queuing delays in kernel output buffer

43 Kernel Buffer Bloat Kernel OutputTor Output Tor Circuits Queuing delays in kernel output buffer ● Too many large kernel queues ● More data in kernel than it can send ● Circuit scheduler timing issues

44 Tor Output Auto-tuning ● Don’t write what the kernel can’t send ● Smartly write to kernel using – Socket queue lengths and sizes – TCP windows – Node bandwidth capacity ● Check again before kernel starvation Increase effectiveness of circuit scheduler

45 Questions? cs.umn.edu/~jansen rob.g.jansen@nrl.navy.mil think like an adversary

46 libkqtime

Download ppt "Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint."

Similar presentations

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.
A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
Reducing Latency in Tor Circuits with Unordered Delivery Michael F. Nowlan, David Wolinsky, and Bryan Ford Yale University Dedis Lab.

Reducing Latency in Tor Circuits with Unordered Delivery Michael F. Nowlan, David Wolinsky, and Bryan Ford Yale University Dedis Lab.
Onions for Sale: Putting Privacy on the Market Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory Presented by: Alessandro Acquisti.

Onions for Sale: Putting Privacy on the Market Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory Presented by: Alessandro Acquisti.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
Computer Networks Performance Metrics Computer Networks Term B10.

Computer Networks Performance Metrics Computer Networks Term B10.
Playback-buffer Equalization for Streaming Media using Stateless Transport Prioritization Dan Tan, HPL, Palo Alto Weidong Cui, UC Berkeley John Apostolopoulos,

Playback-buffer Equalization for Streaming Media using Stateless Transport Prioritization Dan Tan, HPL, Palo Alto Weidong Cui, UC Berkeley John Apostolopoulos,
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.

LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.

ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
Anonymity Analysis of Onion Routing in the Universally Composable Framework Joan Feigenbaum Aaron Johnson Paul Syverson Yale University U.S. Naval Research.

Anonymity Analysis of Onion Routing in the Universally Composable Framework Joan Feigenbaum Aaron Johnson Paul Syverson Yale University U.S. Naval Research.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.

Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.

Similar presentations

Ads by Google