Toward Understanding Congestion in Tor

DC-area Anonymity, Privacy, and Security Seminar

January 24th, 2014

Rob JansenU.S. Naval Research Laboratory

*Joint with John Geddes, Chris Wacek, Micah Sherr, Paul Syverson

Tor for Awesomeness Anonymity

Tor is Slow!!! Research*● PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay

Networks (CCS ‘13)● Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13)● How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13)● The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13)● An Empirical Evaluation of Relay Selection in Tor (NDSS ‘13)● LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13)● Improving Performance and Anonymity in the Tor Network (IPCCC ‘12)● Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12)● Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12)● Throttling Tor Bandwidth Parasites (USENIX Sec ‘12)● LASTor: A Low-Latency AS-Aware Tor Client (Oakland ‘12)● Congestion-aware Path Selection for Tor (FC ‘12)

*Not a comprehensive list

Tor is Slow!!! Research*● PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay

Networks (CCS ‘13)● Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13)● How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13)● The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13)● An Empirical Evaluation of Relay Selection in Tor (NDSS ‘13)● LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13)● Improving Performance and Anonymity in the Tor Network (IPCCC ‘12)● Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12)● Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12)● Throttling Tor Bandwidth Parasites (USENIX Sec ‘12)● LASTor: A Low-Latency AS-Aware Tor Client (Oakland ‘12)● Congestion-aware Path Selection for Tor (FC ‘12)

*Not a comprehensive list

Where?

Outline

● Where is Tor slow?

– Understand Tor relay architecture

– Measure and analyze relay congestion in realistic Tor networks

● Design focused solutions

Outline

The Tor Network

Relay Overview

Onion routing connections

Relay Overview

TCP Transport

Relay Overview

Multiplexed Circuits and Streams

Relay Overview

TCPTCP

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Network Input

Tor Circuits

Split data into socket buffers

Tor Circuits

Read data from sockets into Tor

Tor Circuits

Process data (encrypt/decrypt)

Tor Circuits

Split cells into circuit queues

Tor Circuits

Circuits linked to outgoing connection

Tor Circuits

Schedule cells

Tor Circuits

Write data from Tor into sockets

Tor Circuits

Schedule data for sending

Tor Circuits

Opportunities for traffic management

Outline

Kernel Congestion: libkqtimeKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

tag match

Tor Circuits

tag match tag match

Tor Circuits

tag match tag matchtrack cells

Congestion Analysis

Analyzing the DesignKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Queuing delays in kernel output buffer

Tor Circuits

Circuit scheduling design flaws

Outline

Ineffective PriorityKernel OutputTor Output

Tor Circuits

Circuit schedulers are ineffective at prioritization

Tor Circuits

Libevent schedules one connection at a time

Tor Circuits

Tor only considers a subset of writable

circuits

Tor Circuits

Tor only considers a subset of writable

circuits

Circuits from different connections are not prioritized correctly

Scheduling Problems

Scenario A Scenario B

No Shared ConnectionShared Connection

Scheduling Problems

Scenario A Scenario B

Global Circuit SchedulingKernel OutputTor Output

Tor Circuits

Choose among ALL writable

circuits

Kernel Buffer BloatKernel OutputTor Output

Tor Circuits

Kernel Buffer BloatKernel OutputTor Output

Tor Circuits

● Too many large kernel queues

● More data in kernel than it can send

● Circuit scheduler timing issues

Tor Output Auto-tuning

● Don’t write what the kernel can’t send

● Smartly write to kernel using– Socket queue lengths and sizes– TCP windows– Node bandwidth capacity

● Check again before kernel starvation

Increase effectiveness of circuit scheduler

Questions?

cs.umn.edu/~jansenrob.g.jansen@nrl.navy.mil

think like an adversary

libkqtime

Toward Understanding Congestion in Tor

Documents

Transcript of Toward Understanding Congestion in Tor

Tor Node Anonymity Systems Requirements and … Systems Requirements and Architecture Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Network Web server

Congestion Control (cont’d). TCP Congestion Control Review Congestion control consists of 3 tasks Detect congestion Adjust sending rate Determine.

London Congestion Charging. Central London Congestion Charging Zone.

Congestion Control Outline Queuing Discipline Reacting to Congestion Avoiding Congestion.

A Practical Congestion Attack on Tor Using Long Paths

MANAGING URBAN TRAFFIC CONGESTION MANAGING URBAN TRAFFIC CONGESTION

Congestion Pricing Overlaid on Edge-to-Edge Congestion Control

A Practical Congestion Attack on Tor Using Long Paths€¦ · sibility that malicious Tor routers might choose only to facilitate connections with other adversary-controlled re-lays

IA IAV ESM WORKSHOP TOWARD MULTI MODEL ......IA-IAV-ESM WORKSHOP TOWARD MULTI-MODEL FRAMEWORKS ADDRESSING MULTI-SE TOR DYNAMIS, RISKS, AND RESILIENY A Workshop of the U.S. Global hange

Kiichiro Hatoyama. Toward Congestion Free Metropolis

Congestion Control Algorithms General Principles of Congestion Control Congestion Prevention Policies Congestion Control in Virtual-Circuit Subnets.

Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.

ACN: Congestion Control1 Congestion Control and Resource Allocation.

9letras.files.wordpress.com · Web viewtro tor tro for tor tro dro for tro fro fra far tor tro tor tor for tor tro tor fro tro fro for tro tor tro for tor tro tor for frr tra tro

Congestion-aware Path Selection for Tor - Cypherpunks › ~iang › pubs › Congestion_Aware_FC12.pdf · 2 Tor Background Tor is the third-generation onion routing design providing

y tør - oeras.no · 514 614 524 624 724 114 124 214 224 424 714 734 JAN tor 2.1 Tor Tor Tor fre 3.1 el. fre tor 9.1 tor 16.1 tor 23.1 tor 30.1 FEB tor 6.2 tor 13.2 tor 20.2 tor 27.2

2020 -2045 LAREDO METROPOLITAN TRANSPORTATION PLAN …€¦ · 1. Congestion 100 Points a. Current Congestion 50 b. Future Congestion 30 c. Congestion Management Process/Facilities

congestion - University of California, Berkeleyinst.eecs.berkeley.edu/~ee122/sp07/congestion.pdfAdapt to congestion 3. Test for sufficient bandwidth 4. Pricing congestion TOC – Congestion

A Practical Congestion Attack on Tor Using Long Pathsexit router of the circuit, which sends the trafﬁc out to the destination on the Internet. Data that passes through the Tor network

Toward V2I Communication Technology-based Solution for … ready.pdf · 2016. 7. 20. · Toward V2I Communication Technology-based Solution for Reducing Road Trafﬁc Congestion in