Abstract
In this paper we explore the tradeoffs between security and performance in anonymity networks such as Tor. Using probability of path compromise as a measure of security, we explore the behaviour of various path selection algorithms with a Tor path simulator. We demonstrate that assumptions about the relative expense of IP addresses and cheapness of bandwidth break down if attackers are allowed to purchase access to botnets, giving plentiful IP addresses, but each with relatively poor symmetric bandwidth. We further propose that the expected latency of data sent through a network is a useful performance metric, show how it may be calculated, and demonstrate the counter-intuitive result that Tor’s current path selection scheme, designed for performance, both performs well and is good for anonymity in the presence of a botnet-based adversary.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Dingledine, R., Mathewson, N.: Tor protocol specification. Technical report, The Tor Project (October 2007), https://www.torproject.org/svn/trunk/doc/spec/tor-spec.txt
Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against anonymous systems. Technical Report CU-CS-1025-07, University of Colorado at Boulder (2007)
Øverlier, L., Syverson, P.F.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Oakland, CA, US. IEEE Computer Society Press, Los Alamitos (2006)
Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by Internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776. Springer, Heidelberg (2007)
Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A system for anonymous and unobservable Internet access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)
Snader, R., Borisov, N.: A tune-up for Tor: Improving security and performance in the Tor network. In: Network & Distributed System Security Symposium. Internet Society (February 2008)
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 259–263. Springer, Heidelberg (2003)
Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 184–188. Springer, Heidelberg (2003)
Douceur, J.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429. Springer, Heidelberg (2002)
Dingledine, R., Mathewson, N.: Tor path specification. Technical report, The Tor Project (October 2007), https://www.torproject.org/svn/trunk/doc/spec/path-spec.txt
Fuller, V., Li, T.: Classless inter-domain routing (CIDR): The Internet address assignment and aggregation plan. RFC 4632, IETF (August 2006)
Dagon, D.: Personal communication
Kleinrock, L.: Queueing Systems, vol. 2. John Wiley, Chichester (1976)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Murdoch, S.J., Watson, R.N.M. (2008). Metrics for Security and Performance in Low-Latency Anonymity Systems. In: Borisov, N., Goldberg, I. (eds) Privacy Enhancing Technologies. PETS 2008. Lecture Notes in Computer Science, vol 5134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70630-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-70630-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70629-8
Online ISBN: 978-3-540-70630-4
eBook Packages: Computer ScienceComputer Science (R0)