LASTor : A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client

Masoud Akhoondi, Curtis Yu, Harsha V. Madhyastha

Tor (The onion router)

S

D

R1

R2

R3

• 400,000 users• 2700 relays

• Anonymity- Each hop only knows previous and next hop on a path

• Low latency communication- 90% of Tor traffic is interactive [Mccoy08]

3

How are latencies on Tor?

• Experiment:– Sources:

• 50 PlanetLab nodes spread across globe

– Destinations:• Top 200 websites 5x inflation

in median

Exit relay

Relay 2

Entry relay

Profiling attack on Tor

Entrysegment

Exitsegment

Green AS (Autonomous System) can eavesdrop on both end segments of path[Murdoch07]

DS

5

How severe is profiling attack?

65% of relays are in 20% of all ASes

Non-uniform distribution of relays across ASes

Potential solution for these problems

• Measure latencies and routes from each relay to all end-hosts [Sherr09, Alsabah11, Mittall11]– Requires modification of relays

• None of these proposals deployed yet– Non-trivial to implement

Main insight: Client modifications suffice

Improve poor latency for interactive communications

Mitigate profiling attack

LASTor: A low-latency AS-aware Tor client

Main insight: Client modifications suffice

Solution: Modified path

selection to reduce latency

Solution: AS-aware path selection

Improve poor latency for interactive communications

Mitigate profiling attack

Sources of latency on Tor• Queuing and processing delay

– Congestion in relays [Panchenko09]• Propagation delay

– Long paths

Goal: Improve latency

D

S

10

Shortest path vs. Default Tor

• Destinations:– Top 200 websites

• Sources:– 50 PlanetLab nodes

spread across globe• Map relays to

geographical locations

Shorter paths can greatly reduce latency

50% improvement in median

Goal: Improve latency

Path should not be deterministic Weighted Shortest Path (WSP)

11

Weighted Shortest Path (WSP)• WSP computes length of all possible paths• Probability of choosing is inversely proportional

to its length

Goal: Improve latency

1

1 3

2

34

1

3

Path Length Prob.Upper

8 0.56

Lower 10 0.44

Goal: Improve latency

An Attack on WSP

1

13

2

3

4

1

3

Original prob. Prob.Compromised paths 0.56 0.8

Other paths 0.44 0.2

Attacker controls a relay

Goal: Improve latency

Solution: Clustering of relays

1

13

2

3

4

1

3

• Run WSP using clusters of relays• For chosen cluster-level path, randomly pick a relay in each cluster

Goal: Improve latency

Solution: Clustering of relays

1

13

2

3

4

1

3

Prob.Compromised paths 0.56

Other paths 0.44

Weighted Shortest Path (WSP)

• Preprocessing– Cluster all relays

• Path selection– Computes length of possible paths using clusters– Choose a path with a probability inversely proportional to

its length– Pick a relay randomly in each chosen cluster

• Other issues (see paper)– Handling multi-location destinations– Choosing entry relays

Goal: Improve latency

16

WSP reduces latency

50 PlanetLab nodes to top 200 websites

20% improvement in 80th percentile

Goal: Improve latency

25% improvement in median

17

Tunable path selection in LASTor

• Modify WSP to consider user’s preference towards:– Anonymity – Latency

• Single parameter α configured by user:– Modified weight w to w(1-α) where 0 ≤α≤ 1

0 1α

Lowest latency Highest anonymity

Goal: Improve latency

Tunable path selection in LASTor

Gini Coefficient measure of inequality in a distribution 0: perfect equality 1: maximal inequality

18

Lower α, lower latency Higher α, higher anonymity

Goal: Improve latency

Main insight: Client modifications suffice

Solution:Modified path

selection to reduce latency

Solution: AS-aware path selection

Improve poor latency for interactive communications

Mitigate profiling attack

Exit relay

Relay 2

Entry relay

Profiling attack on a path

Entrysegment

Exitsegment

Green AS (Autonomous System) can eavesdrop on both end segments of path[Murdoch07]

Goal: Detect common ASes on entry and exit segments

DS

Goal: AS-aware

Simple heuristic does not work

• Default Tor ensures no two Tor relays in same /16• False negative: fraction of paths with common AS not detected

57% of common AS instances are missed

Goal: AS-aware

Need for predicting AS paths• Approach 1: Measure routes from relays to all end hosts

– Need to modify relays• Approach 2: Infer AS-level routes

– Several techniques exist [Mao05, Madhyastha06, Madhyastha09, Lee11]

– At best 70% accuracy

Goal: AS-aware

Exit relay D

Our solution: AS set predictionGoal: AS-aware

Predict ASes on all paths compliant with routing policies

Exit relay D

Our solution: AS set predictionGoal: AS-aware

Predict ASes on all paths compliant with routing policies

Exit relay D

Our solution: AS set prediction

• Input [13MB initially, 1.5MB weekly]– Topology graph at AS-level– Estimate of AS path length– Compact representation routing policies:• Triple of (AS1, AS2, AS3) where AS1AS2AS3

• Algorithm– Modified version of Dijkstra’s algorithm

• Output– Set of ASes on policy-compliant routes

Goal: AS-aware

26

AS set based prediction is accurate

11% of common AS instances are missed

Goal: AS-aware

57% of common AS instances are missed

• False negative: fraction of paths with common AS not detectedAny path selection algorithm can use AS set predcition to avoid profiling attack

27

LASTor Latency

50 PlanetLab nodes to top 200 websites

28

Summary

• Demonstrated client side changes are sufficient for:– Lower latency– Higher anonymity

• Designed and implemented LASTor– Reduces median latency by 25%– Reduces median false negative of common AS from 57% to 11%

29

Thank you

30

How does Tor work? (Onion Routing)

R4 R5

R3

R2

R1

ServerClient

Entry Relay (guard)

Middle Relay

Exit Relay

- 300,000 users- 2700 relays

Is distance a good estimation of latency?

• Choose two different paths:– WSP(latency)– WSP(distance)

• Measure latency on these two paths

There is no significant difference between these two metrics 31

• 50 planetlab nodes as source and top 200 websites as destination

32

Accuracy of AS-set prediction algorithmGoal: AS-aware

33

Clustering of relays reduces:- Probability of the attack- Running time of WSP

• Adversary replicates 10% most popular relays 25 times• Compute probability of the chosen path traversing a malicious relay

Goal: Improve latencyAttack on WSP

50% reduction