Upload File

toward understanding congestion in tor

46
Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th , 2014 Rob Jansen U.S. Naval Research Laboratory *Joint with John Geddes, Chris Wacek, Micah Sherr, Paul Syverson

Upload: efrat

Post on 23-Feb-2016

37 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

Toward Understanding Congestion in Tor. DC-area Anonymity, Privacy, and Security Seminar January 24 th , 2014. Rob Jansen U.S. Naval Research Laboratory. *Joint with John Geddes, Chris Wacek , Micah Sherr , Paul Syverson. Tor for Awesomeness Anonymity. Tor is Slow!!! Research*. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Toward Understanding Congestion in Tor

Toward Understanding Congestion in Tor

DC-area Anonymity, Privacy, and Security Seminar

January 24th, 2014

Rob JansenU.S. Naval Research Laboratory

*Joint with John Geddes, Chris Wacek, Micah Sherr, Paul Syverson

Page 2: Toward Understanding Congestion in Tor

Tor for Awesomeness Anonymity

Page 3: Toward Understanding Congestion in Tor

Tor is Slow!!! Research*● PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay

Networks (CCS ‘13)● Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13)● How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13)● The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13)● An Empirical Evaluation of Relay Selection in Tor (NDSS ‘13)● LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13)● Improving Performance and Anonymity in the Tor Network (IPCCC ‘12)● Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12)● Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12)● Throttling Tor Bandwidth Parasites (USENIX Sec ‘12)● LASTor: A Low-Latency AS-Aware Tor Client (Oakland ‘12)● Congestion-aware Path Selection for Tor (FC ‘12)

*Not a comprehensive list

Page 4: Toward Understanding Congestion in Tor

Tor is Slow!!! Research*● PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay

Networks (CCS ‘13)● Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13)● How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13)● The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13)● An Empirical Evaluation of Relay Selection in Tor (NDSS ‘13)● LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13)● Improving Performance and Anonymity in the Tor Network (IPCCC ‘12)● Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12)● Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12)● Throttling Tor Bandwidth Parasites (USENIX Sec ‘12)● LASTor: A Low-Latency AS-Aware Tor Client (Oakland ‘12)● Congestion-aware Path Selection for Tor (FC ‘12)

*Not a comprehensive list

Where?

Page 5: Toward Understanding Congestion in Tor

Outline

● Where is Tor slow?

– Understand Tor relay architecture

– Measure and analyze relay congestion in realistic Tor networks

● Design focused solutions

Page 6: Toward Understanding Congestion in Tor

Outline

● Where is Tor slow?

– Understand Tor relay architecture

– Measure and analyze relay congestion in realistic Tor networks

● Design focused solutions

Page 7: Toward Understanding Congestion in Tor

The Tor Network

Page 8: Toward Understanding Congestion in Tor

Relay Overview

Page 9: Toward Understanding Congestion in Tor

Relay Overview

Page 10: Toward Understanding Congestion in Tor

Relay Overview

Onion routing connections

Page 11: Toward Understanding Congestion in Tor

Relay Overview

TCP

TCP

TCP

TCP

TCP

TCP Transport

Page 12: Toward Understanding Congestion in Tor

Relay Overview

TCP

TCP

TCP

TCP

TCP

TCP

TCP

Multiplexed Circuits and Streams

Page 13: Toward Understanding Congestion in Tor

Relay Overview

TCP

TCP

TCP

TCP

TCP

TCPTCP

Page 14: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Network Input

Page 15: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Split data into socket buffers

Page 16: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Read data from sockets into Tor

Page 17: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Process data (encrypt/decrypt)

Page 18: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Split cells into circuit queues

Page 19: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Circuits linked to outgoing connection

Page 20: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Schedule cells

Page 21: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Write data from Tor into sockets

Page 22: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Schedule data for sending

Page 23: Toward Understanding Congestion in Tor

Relay InternalsKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Opportunities for traffic management

Page 24: Toward Understanding Congestion in Tor

Outline

● Where is Tor slow?

– Understand Tor relay architecture

– Measure and analyze relay congestion in realistic Tor networks

● Design focused solutions

Page 25: Toward Understanding Congestion in Tor

Kernel Congestion: libkqtimeKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Page 26: Toward Understanding Congestion in Tor

Kernel Congestion: libkqtimeKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

tag match

Page 27: Toward Understanding Congestion in Tor

Kernel Congestion: libkqtimeKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

tag match tag match

Page 28: Toward Understanding Congestion in Tor

Kernel Congestion: libkqtimeKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

tag match tag matchtrack cells

Page 29: Toward Understanding Congestion in Tor

Congestion Analysis

Page 30: Toward Understanding Congestion in Tor

Congestion Analysis

Page 31: Toward Understanding Congestion in Tor

Analyzing the DesignKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Page 32: Toward Understanding Congestion in Tor

Analyzing the DesignKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Queuing delays in kernel output buffer

Page 33: Toward Understanding Congestion in Tor

Analyzing the DesignKernel Input Kernel OutputTor Input Tor Output

Tor Circuits

Queuing delays in kernel output buffer

Circuit scheduling design flaws

Page 34: Toward Understanding Congestion in Tor

Outline

● Where is Tor slow?

– Understand Tor relay architecture

– Measure and analyze relay congestion in realistic Tor networks

● Design focused solutions

Page 35: Toward Understanding Congestion in Tor

Ineffective PriorityKernel OutputTor Output

Tor Circuits

Circuit schedulers are ineffective at prioritization

Page 36: Toward Understanding Congestion in Tor

Ineffective PriorityKernel OutputTor Output

Tor Circuits

Libevent schedules one connection at a time

Page 37: Toward Understanding Congestion in Tor

Ineffective PriorityKernel OutputTor Output

Tor Circuits

Libevent schedules one connection at a time

Tor only considers a subset of writable

circuits

Page 38: Toward Understanding Congestion in Tor

Ineffective PriorityKernel OutputTor Output

Tor Circuits

Libevent schedules one connection at a time

Tor only considers a subset of writable

circuits

Circuits from different connections are not prioritized correctly

Page 39: Toward Understanding Congestion in Tor

Scheduling Problems

Scenario A Scenario B

No Shared ConnectionShared Connection

Page 40: Toward Understanding Congestion in Tor

Scheduling Problems

Scenario A Scenario B

Page 41: Toward Understanding Congestion in Tor

Global Circuit SchedulingKernel OutputTor Output

Tor Circuits

Choose among ALL writable

circuits

Page 42: Toward Understanding Congestion in Tor

Kernel Buffer BloatKernel OutputTor Output

Tor Circuits

Queuing delays in kernel output buffer

Page 43: Toward Understanding Congestion in Tor

Kernel Buffer BloatKernel OutputTor Output

Tor Circuits

Queuing delays in kernel output buffer

● Too many large kernel queues

● More data in kernel than it can send

● Circuit scheduler timing issues

Page 44: Toward Understanding Congestion in Tor

Tor Output Auto-tuning

● Don’t write what the kernel can’t send

● Smartly write to kernel using– Socket queue lengths and sizes– TCP windows– Node bandwidth capacity

● Check again before kernel starvation

Increase effectiveness of circuit scheduler

Page 45: Toward Understanding Congestion in Tor

Questions?

cs.umn.edu/[email protected]

think like an adversary

Page 46: Toward Understanding Congestion in Tor

libkqtime


CONGESTION CONt4america.org/wp-content/uploads/2020/03/Congestion...8 THE CONGESTION CON We have invested a lot to address congestion In pursuit of congestion relief in American cities

TaLTac in ENAGRID Toward Parallel Text Mining of Big Data ......Toward Parallel Text Mining of Big Data ... rispettivamente in Data Science (Roma, Tor Vergata) e in Big Data (Roma,

Toward V2I Communication Technology-based Solution for … ready.pdf · 2016. 7. 20. · Toward V2I Communication Technology-based Solution for Reducing Road Traffic Congestion in

Congestion Control (cont’d). TCP Congestion Control Review Congestion control consists of 3 tasks Detect congestion Adjust sending rate Determine

Real Time Driver Information for Congestion · PDF fileReal Time Driver Information for Congestion ... Conventional Solution: Build our way out of congestion ... Congestion mitigation

9letras.files.wordpress.com · Web viewtro tor tro for tor tro dro for tro fro fra far tor tro tor tor for tor tro tor fro tro fro for tro tor tro for tor tro tor for frr tra tro

ACN: Congestion Control1 Congestion Control and Resource Allocation

A Practical Congestion Attack on Tor Using Long Paths€¦ · sibility that malicious Tor routers might choose only to facilitate connections with other adversary-controlled re-lays

Chapter 13 1 Toward a Sustainable Transportation System 1. Sustainability: Pros & cons for transportation 2. Definition of sustainability 3. Growing congestion,

Spring 2003CS 4611 Congestion Control Outline Queuing Discipline Reacting to Congestion Avoiding Congestion

Kiichiro Hatoyama. Toward Congestion Free Metropolis

Smart Congestion Reliefvtpi.org/cong_relief.pdfSmart Congestion Relief: Comprehensive Analysis Of Traffic Congestion Costs and Congestion Reduction Strategies Victoria Transport Policy

Spring 2003CS 3321 Congestion Avoidance. Spring 2003CS 3322 Congestion Avoidance TCP congestion control strategy: –Increase load until congestion occurs,

MANAGING URBAN TRAFFIC CONGESTION MANAGING URBAN TRAFFIC CONGESTION

Congestion Control Algorithms General Principles of Congestion Control Congestion Prevention Policies Congestion Control in Virtual-Circuit Subnets

Tor et Tor browser bundle

1 Congestion Control Outline Queuing Discipline Reacting to Congestion Avoiding Congestion

Congestion-aware Path Selection for Tor - Cypherpunks › ~iang › pubs › Congestion_Aware_FC12.pdf · 2 Tor Background Tor is the third-generation onion routing design providing

State Highway Congestion Monitoring Program (HICOMP) · State Highway Congestion Monitoring Program ... District 12 Orange County 2005 Morning Congestion Map 3-44 ... congestion management

Stargarder Tor Stargard Gate Friedländer Tor Friedland Gate Neues Tor New Gate Treptower Tor Treptow Gate

Smart Congestion Relief - vtpi.org · Smart Congestion Relief: Comprehensive Analysis Of Traffic Congestion Costs and Congestion Reduction Strategies Victoria Transport Policy Institute

GLOBAL PLATE MOTION FRAMES: TOWARD A UNIFIED MODELmjelline/453website/eosc... · GLOBAL PLATE MOTION FRAMES: TOWARD A UNIFIED MODEL Tron d H. Tor svik, 1,2,3 R. Die tmar Mu ¬ller,4

Originally published in: Research Collection Permanent ......the most important barriers toward the implementation of a congestion charging system. After the challenges posed by equity

• Congestion • Congestion • Congestion

A Practical Congestion Attack on Tor Using Long Paths

A Practical Congestion Attack on Tor Using Long Pathsexit router of the circuit, which sends the traffic out to the destination on the Internet. Data that passes through the Tor network

A Practical Congestion Attack on Tor Using Long Paths · 2009-06-12 · A Practical Congestion Attack on Tor Using Long Paths Nathan S. Evans ... make it difficult for web servers

2020 -2045 LAREDO METROPOLITAN TRANSPORTATION PLAN …€¦ · 1. Congestion 100 Points a. Current Congestion 50 b. Future Congestion 30 c. Congestion Management Process/Facilities

London Congestion Charging. Central London Congestion Charging Zone

Fall 2006CS 5611 Congestion Control Outline Queuing Discipline Reacting to Congestion Avoiding Congestion Quality of Service

Power Flow Tracing Based Congestion Management … · Power Flow Tracing Based Congestion Management Using Differential ... power flow, congestion ... congestion management using

TCP Congestion Signatures - ICSIsrikanth/docs/congestion-signatures-imc... · TCP Congestion Signatures ... We exploit TCP congestion control dynamics to distinguish these cases for

Tor Node Anonymity Systems Requirements and … Systems Requirements and Architecture Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Network Web server

Texas Transportation Poll Sentiment Analysis · words. The sentiments expressed toward the top three issues (congestion, gas prices, and construction) were all neutral or slightly

Congestion Control - unipi.ita008149/corsi/reti/lucidi/07-Congestion-Control.pdf · TCP congestion control algorithm Congestion Control 4 ... Congestion Control 24 How Congestion