guard sets for onion routing Jamie Hayes - joint work with George - - PowerPoint PPT Presentation

guard sets for onion routing

Jamie Hayes - joint work with George Danezis

University College London j.hayes@cs.ucl.ac.uk

why does tor exist?

∙ Encryption conceals the data - not the metadata. ∙ Tor attempts to hide this metadata by obscuring communication patterns by sending traffic through Tor relays. ∙ Low latency - trade off between usability and security.

Guard Sets for Onion Routing 1/21

what is tor?

∙ Thousands of volunteers relays contributing to the network. ∙ Developed in mid 2000’s - estimated 2,000,000 daily users. ∙ Used for many different reasons - whistle blowers, journalists, activists, military.

Guard Sets for Onion Routing 2/21

how does tor work?

Entry relay Middle relay Exit relay Alice Bob

Guard Sets for Onion Routing 3/21

how does tor work?

Entry relay Middle relay Exit relay Alice Bob

Guard Sets for Onion Routing 3/21

how does tor work?

Entry relay Middle relay Exit relay Alice Bob

Guard Sets for Onion Routing 3/21

how does tor work?

Entry relay Middle relay Exit relay Alice Bob

Guard Sets for Onion Routing 3/21

how does tor work?

Entry relay Middle relay Exit relay Alice Bob

Guard Sets for Onion Routing 3/21

predecessor attack

∙ Connecting to the majority of the network in a short amount of time is

bad.

Example ∙ Adversary controls 50 out of 1000 relays. ∙ Without permanent entry relay –> pick random entry and exit in circuit -

probability of both being adversary controlled is 0.25%. After 100 separate connections probability of profiling is 25%.

∙ Probability that you have been profiled increases with each connection!

Guard Sets for Onion Routing 4/21

what are entry guards?

∙ With permanent entry relay –> pick random entry (assume exit is adversary controlled). Chance of being profiled is 5%. ∙ Three stable relays with the guard flag that on startup Tor chooses for the client. Post 2015 three guards become one. ∙ Guards are used for 2-3 months (9 months for one guard). ∙ If a client has been unlucky and chosen an adversary guard they can ”escape” it - never rotating guards would lead to load imbalancing. ∙ Guard relays have a higher startup cost.

Guard Sets for Onion Routing 5/21

weaknesses

∙ Fingerprinting attack - three guards uniquely identify a

• client. Less so with one guard -

but still a problem. ∙ Statistical disclosure attack - even if the identity of the guards does not in itself uniquely determine the user, a bigger possible set of users is preferable to a smaller set of users. client1 client2 client3

g1 g2 g3 g4 g5 g6 g7 g8 g9

Guard Sets for Onion Routing 6/21

weaknesses

∙ Three guards - new guard relays underused. Bandwidth allocates a large fraction for use as a guard but only a few clients will rotate to it. ∙ Decreasing rotation period leads to more compromise but better spread of load. ∙ One guard better for load balancing - unused bandwidth used for middle and exit relay. ∙ But anonymity sizes of new guards still bad. ∙ Slow rate of rotation to new guards facilitates attacks!

Guard Sets for Onion Routing 7/21

what we want

∙ Instantly populate new guards - optimal spread of load. ∙ No churn. ∙ Remove possibility of unique guard history. ∙ Large sets of clients on guards. ∙ Easy in static environment but Tor is dynamic. A lot of clients and relays leave and join the network - maintaining load balance over time is difficult!

Guard Sets for Onion Routing 8/21

guard sets

∙ Put guards and users in to sets. ∙ Better protection against

fingerprinting and disclosure attacks.

∙ Improved reliability and security

when single guards are temporarily unavailable - less churn.

∙ The provision of more, and more

uniform, bandwidth to each client as compared with the single guard proposal.

g1 g2 g3 g s u s1 u s2 u u u u u u

Guard Sets for Onion Routing 9/21

how are guard sets formed?

∙ Initially list all relays with guard

flags in descending order of bandwidth.

∙ Choose a threshold at which to

create guard sets. We chose 40MB/s, and set a deletion threshold at 20MB/s.

∙ Cycle through list splitting guards

in to guard sets, creating guard sets with equal bandwidth.

guard setk guard setk+1

↑ Higher bandwidth guards . . . gi gi+1 gi+2 gi+3 gi+4 . . . ↓ Lower bandwidth guards

Guard Sets for Onion Routing 10/21

number of guard sets throughout 2013

Rate of churn of total guard set bandwidth mirrors rate of churn of guard sets.

2013-01-01 2013-04-01 2013-06-30 2013-09-28 2013-12-28 0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.8 Bandwidth (KB/s) 1e7

∙ Total guard set bandwidth

2013-01-01 2013-04-01 2013-06-30 2013-09-28 2013-12-28 50 100 150 200 250 300

Number of guard sets

total

∙ Number of guard sets

Guard Sets for Onion Routing 11/21

how are assignments managed?

∙ Use a binary tree for assignments. ∙ Authority assigns guard set positions in the tree and manages guard - guard set assignments. ∙ Guard sets sit on an intermediate layer. ∙ Clients are assigned to a random leaf. ∙ Clients use the guard set associated with this leaf.

Guard Sets for Onion Routing 12/21

how to add a guard set to the tree

Flip fair coin at each branch until we reach a guard set, then push down a layer

• gs5

. . . . . . gs4 . . . . . .

• gs3
• gs2
• gs1
• client
• Guard Sets for Onion Routing

13/21

how to add a guard set to the tree

Flip fair coin at each branch until we reach a guard set, then push down a layer

• gs5

. . . . . . gs4 . . . . . .

• gs3
• gs2
• gs6
• client

gs1

• Guard Sets for Onion Routing

13/21

how to remove a guard set from the tree

Choose the right most guard set (with a common ancestor) for replacement

• gs6

. . . . . . gs5 . . . . . .

• gs4
• gs3
• gs2
• gs1
• client
• Guard Sets for Onion Routing

14/21

how to remove a guard set from the tree

Choose the right most guard set (with a common ancestor) for replacement

• gs6

. . . . . . gs5 . . . . . .

• gs3
• gs2
• gs4
• client
• Guard Sets for Onion Routing

14/21

how to compute guard sets

How to compute and manage guard sets given a consensus document. ∙ retrieve guard set positions in tree. ∙ update needy guard sets. ∙ remove guard sets that are below deletion threshold. ∙ create new guard sets from available bandwidth. ∙ add new guard sets to tree.

Guard Sets for Onion Routing 15/21

how to compute guard sets

How to compute and manage guard sets given a consensus document. ∙ retrieve guard set positions in tree. ∙ update needy guard sets. ∙ remove guard sets that are below deletion threshold. ∙ create new guard sets from available bandwidth. ∙ add new guard sets to tree.

Guard Sets for Onion Routing 15/21

how to compute guard sets

How to compute and manage guard sets given a consensus document. ∙ retrieve guard set positions in tree. ∙ update needy guard sets. ∙ remove guard sets that are below deletion threshold. ∙ create new guard sets from available bandwidth. ∙ add new guard sets to tree.

Guard Sets for Onion Routing 15/21

how to compute guard sets

How to compute and manage guard sets given a consensus document. ∙ retrieve guard set positions in tree. ∙ update needy guard sets. ∙ remove guard sets that are below deletion threshold. ∙ create new guard sets from available bandwidth. ∙ add new guard sets to tree.

Guard Sets for Onion Routing 15/21

how to compute guard sets

How to compute and manage guard sets given a consensus document. ∙ retrieve guard set positions in tree. ∙ update needy guard sets. ∙ remove guard sets that are below deletion threshold. ∙ create new guard sets from available bandwidth. ∙ add new guard sets to tree.

Guard Sets for Onion Routing 15/21

how to compute guard sets

How to compute and manage guard sets given a consensus document. ∙ retrieve guard set positions in tree. ∙ update needy guard sets. ∙ remove guard sets that are below deletion threshold. ∙ create new guard sets from available bandwidth. ∙ add new guard sets to tree.

Guard Sets for Onion Routing 15/21

binary tree remains balanced

∙ Throughout 2013 difference in guard set layers didn’t diverge. ∙ No large difference in number of clients of different guard sets. Anonymity sets are uniform. ∙ Load on guard sets is similar.

Example Initialising on 1 January 2013 produces 108 guard sets, given 2.75 million users this creates 108 user sets of size 25463. By end of 2013 at worst there may exist some user sets of size 795, meaning there will always be at least 795 clients with the same guard history.

Guard Sets for Onion Routing 16/21

guard bandwidth is fully used

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec 5000 10000 15000 20000 25000 30000 35000 40000

Bandwidth (KB/s)

∙ Start of 2013 - 0.46%. ∙ End of 2013 - 0.031%. ∙ Biased towards smaller bandwidth

relays, which do not make a large contribution to total bandwidth on the network.

2013-01-01 2013-04-01 2013-06-30 2013-09-28 2013-12-28 40000 42000 44000 46000 48000 50000 52000

Bandwidth (KB/s) Median guard set bandwidth

∙ Guard set bandwidth remains

steady over time.

Guard Sets for Onion Routing 17/21

adversary - single guard

Fraction of compromised users given an adversary controlling one

• guard. With 1 million users and 100 repeats.

2013-01-01 2013-04-01 2013-06-30 2013-09-28 2013-12-28 0.00 0.01 0.02 0.03 0.04 0.05 0.06

Fraction of compromised users

Average fraction of compromised clients Maximum fraction of compromised clients Minimum fraction of compromised clients

Guard Sets for Onion Routing 18/21

adversary - 1% guard bandwidth

Fraction of compromised users given an adversary controlling 1% of guard bandwidth. With 1 million users and 100 repeats.

2013-01-01 2013-04-01 2013-06-30 2013-09-28 2013-12-28 0.00 0.05 0.10 0.15 0.20 0.25

Fraction of compromised users

Average fraction of compromised clients Maximum fraction of compromised clients Minimum fraction of compromised clients

Guard Sets for Onion Routing 19/21

conclusion

Guard sets provide a scalable solution for Tor. ∙ Stable - Due to relay stability and the way we created guard sets, guard

set deletion is a rare occurrence. Low churn limits the potential for predecessor attack. Shared history, even under failure, eliminates fingerprinting attack.

∙ Fair - Clients can expect the same performance no matter their choice of

guard set.

∙ Large - All guard sets serve roughly equal sized user sets, and a large

number of users at any time. This prevents statistical attacks on the basis

• f discovering a user’s guards.

Guard Sets for Onion Routing 20/21

conclusion

Guard sets provide a scalable solution for Tor. ∙ Stable - Due to relay stability and the way we created guard sets, guard

set deletion is a rare occurrence. Low churn limits the potential for predecessor attack. Shared history, even under failure, eliminates fingerprinting attack.

∙ Fair - Clients can expect the same performance no matter their choice of

guard set.

∙ Large - All guard sets serve roughly equal sized user sets, and a large

number of users at any time. This prevents statistical attacks on the basis

• f discovering a user’s guards.

Guard Sets for Onion Routing 20/21

conclusion

Guard sets provide a scalable solution for Tor. ∙ Stable - Due to relay stability and the way we created guard sets, guard

set deletion is a rare occurrence. Low churn limits the potential for predecessor attack. Shared history, even under failure, eliminates fingerprinting attack.

∙ Fair - Clients can expect the same performance no matter their choice of

guard set.

∙ Large - All guard sets serve roughly equal sized user sets, and a large

number of users at any time. This prevents statistical attacks on the basis

• f discovering a user’s guards.

Guard Sets for Onion Routing 20/21

conclusion

Guard sets provide a scalable solution for Tor. ∙ Stable - Due to relay stability and the way we created guard sets, guard

set deletion is a rare occurrence. Low churn limits the potential for predecessor attack. Shared history, even under failure, eliminates fingerprinting attack.

∙ Fair - Clients can expect the same performance no matter their choice of

guard set.

∙ Large - All guard sets serve roughly equal sized user sets, and a large

number of users at any time. This prevents statistical attacks on the basis

• f discovering a user’s guards.

Guard Sets for Onion Routing 20/21

thanks!

Questions?

j.hayes@cs.ucl.ac.uk @_jamiedh

Guard Sets for Onion Routing 21/21