Tor is vulnerable to network congestion and performance problems due to bulk data transfers. A large fraction of the available network capacity is consumed by a small percentage of Tor users, resulting in severe service degradation for the majority. Bulk users continuously drain relays of excess bandwidth, creating new network bottlenecks and exacerbating the effects of existing ones. While this problem may currently be attributed to rational users utilizing the network, it may also be exploited by a relatively low-resource adversary using similar techniques to contribute to a network denial of service (DoS) attack. Degraded service discourages the use of Tor, affecting both Tor’s client diversity and anonymity. Equipped with mechanisms from communication networks, we design and implement three Tor-specific algorithms that throttle bulk transfers to reduce network congestion and increase network responsiveness. Unlike existing techniques, our algorithms adapt to network dynamics using only information local to a relay. We experiment with full-network deployments of our algorithms under a range of light to heavy network loads. We find that throttling results in significant improvements to web client performance while mitigating the negative effects of bulk transfers. We also analyze how throttling affects anonymity and compare the security of our algorithms under adversarial attack. We find that throttling reduces information leakage compared to unthrottled Tor while improving anonymity against realistic adversaries.
|Original language||English (US)|
|Number of pages||15|
|State||Published - 2012|
|Event||21st USENIX Security Symposium - Bellevue, United States|
Duration: Aug 8 2012 → Aug 10 2012
|Conference||21st USENIX Security Symposium|
|Period||8/8/12 → 8/10/12|
Bibliographical noteFunding Information:
This paper analyzes client throttling by guard relays to reduce Tor network bottlenecks and improve responsiveness. We explore static throttling configurations while designing, implementing, and evaluating three new throttling algorithms that adaptively select which connections get throttled and dynamically adjust the throttle rate of each connection. Our adaptive throttling techniques use only local relay information and are considerably more effective than static throttling since they do not require re-evaluation of throttling parameters as network load changes. We find that client throttling is effective at both improving performance for interactive clients and increasing Tor’s network resilience. We also analyzed the effects throttling has on anonymity and discussed the security of our algorithms against realistic adversarial attacks. We find that throttling improves anonymity: a guard’s bandwidth leaks more information about its circuits when throttling is disabled. Future Work. There are many directions for future research. Our current algorithms may be modified to optimize performance by improving classification of bulk traffic, considering alternative strategies for distinguishing web from bulk connections. Additional approaches to rate-tuning are also of interest, e.g. it may be possible to further improve web client performance using proportional fairness to schedule traffic on circuits. Also of interest is an analysis of throttling in the context of congestion and flow control to determine the interrelation and effects the algorithms have on each other. Finally, a deeper understanding of our algorithms and their effects on client performance would be possible through analysis on the live Tor network. Acknowledgements. We thank Roger Dingledine for helpful discussions regarding this work and the anonymous reviewers for their feedback and suggestions. This research was supported by NFS grant CNS-0917154, ONR, and DARPA.