research-article

PCTCP: per-circuit TCP-over-IPsec transport for anonymous communication overlay networks

Authors:

Mashael AlSabah,

Ian GoldbergAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 349 - 360

https://doi.org/10.1145/2508859.2516715

Published: 04 November 2013 Publication History

Abstract

Recently, there have been several research efforts to design a transport layer that meets the security requirements of anonymous communications while maximizing the network performance experienced by users. In this work, we argue that existing proposals suffer from several performance and deployment issues and we introduce PCTCP, a novel anonymous communication transport design for overlay networks that addresses the shortcomings of the previous proposals. In PCTCP, every overlay path, or circuit, is assigned a separate kernel-level TCP connection that is protected by IPsec, the standard security layer for IP.

To evaluate our work, we focus on the Tor network, the most popular low-latency anonymity network, which is notorious for its performance problems that can potentially deter its wider adoption and thereby impact its anonymity. Previous research showed that the current transport layer design of Tor, in which several circuits are multiplexed in a single TCP connection between any pair of routers, is a key contributor to Tor's performance issues.

We implemented, experimentally evaluated, and confirmed the potential gains provided by PCTCP in an isolated testbed and on the live Tor network. We ascertained that significant performance benefits can be obtained using our approach for web clients, while maintaining the same level of anonymity provided by the network today. Our realistic large-scale experimental evaluation of PCTCP shows improvements of more than 60% for response times and approximately 30% for download times compared to Tor. Finally, PCTCP only requires minimal changes to Tor and is easily deployable, as it does not require all routers on a circuit to upgrade.

References

[1]

iPlane: Data. http://iplane.cs.washington.edu/data/data.html. Accessed Feb. 2013.

[2]

Net Index Dataset. http://www.netindex.com/source-data/. Accessed Feb. 2013.

[3]

OpenSwan. https://www.openswan.org/projects/openswan/. Accessed Feb.\ 2013.

[4]

M. Akhoondi, C. Yu, and H. V. Madhyastha. LASTor: A Low-Latency AS-Aware Tor Client. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP'12, pages 476--490, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

[5]

M. AlSabah, K. Bauer, and I. Goldberg. Enhancing Tor's performance using real-time traffic classification. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pages 73--84. ACM, 2012.

Digital Library

[6]

M. AlSabah, K. Bauer, I. Goldberg, D. Grunwald, D. McCoy, S. Savage, and G. M. Voelker. DefenestraTor: Throwing out Windows in Tor. In 11th Privacy Enhancing Technologies Symposium, pages 134--154, July 2011.

Digital Library

[7]

J. Appelbaum. Tor and NAT devices increasing bridge & relay reachability or enabling the use of NAT-PMP and UPnP by defaults. https://trac.torproject.org/projects/tor/attachment/ticket/4960/tor-nat%-plan.pdf, August 2012. Accessed Feb. 2013.

[8]

K. Bauer, M. Sherr, D. McCoy, and D. Grunwald. ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation. In Proceedings of the 4th USENIX Workshop on Cyber Security Experimentation and Test (CSET), pages 51--59, August 2011.

Digital Library

[9]

P. Boucher, A. Shostack, and I. Goldberg. Freedom Systems 2.0 Architecture. White paper, Zero Knowledge Systems, Inc., December 2000.

[10]

T. Braun, C. Diot, A. Hoglander, and V. Roca. An Experimental User Level Implementation of TCP. Technical Report RR-2650, INRIA, Sept. 1995.

[11]

Z. Brown. Pragmatic IP Anonymity. http://www.cypherspace.org/cebolla/cebolla.pdf, June 2002. Accessed Feb. 2013.

[12]

T. Dierks and E. Rescorla. RFC 5246--The Transport Layer Security (TLS) Protocol Version 1.2. http://www.ietf.org/rfc/rfc5246.txt, August 2008.

[13]

R. Dingledine. Tor and Circumvention: Lessons Learned. In Proceedings of the 31st Annual Conference on Advances in Cryptology (CRYPTO), pages 485--486, August 2011.

Digital Library

[14]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium, pages 303--320, August 2004.

Digital Library

[15]

R. Dingledine and S. Murdoch. Performance Improvements on Tor or, Why Tor is Slow and What We're Going to Do about It. http://www.torproject.org/press/presskit/2009-03--11-performance.pdf, March 2009.

[16]

A. Edwards and S. Muir. Experiences implementing a high performance TCP in user-space. In Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication, SIGCOMM'95, pages 196--205. ACM, 1995.

Digital Library

[17]

D. Gopal and N. Heninger. Torchestra: Reducing Interactive Traffic Delays over Tor. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES 2012), pages 31--42. ACM, 2012.

Digital Library

[18]

R. Jansen, K. Bauer, N. Hopper, and R. Dingledine. Methodically Modeling the Tor Network. In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET 2012), August 2012.

Digital Library

[19]

R. Jansen and N. Hopper. Shadow: Running Tor in a Box for Accurate and Efficient Experimentation. In Proceedings of the 19th Network and Distributed Security Symposium, February 2012.

[20]

R. Jansen, N. Hopper, and Y. Kim. Recruiting New Tor Relays with BRAIDS. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS'10, pages 319--328. ACM, 2010.

Digital Library

[21]

R. Jansen, P. Syverson, and N. Hopper. Throttling Tor Bandwidth Parasites. In 21st USENIX Security Symposium, August 2012.

Digital Library

[22]

S. Kent and R. Atkinson. RFC 2401--Security Architecture for the Internet Protocol. http://www.ietf.org/rfcs/rfc2401.txt, November 1998.

Digital Library

[23]

T. Kohno, A. Broido, and K. C. Claffy. Remote Physical Device Fingerprinting. IEEE Trans. Dependable Secur. Comput., 2(2):93--108, Apr. 2005.

Digital Library

[24]

D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker. Shining Light in Dark Places: Understanding the Tor Network. In Proceedings of the 8th Privacy Enhancing Technologies Symposium, pages 63--76, July 2008.

Digital Library

[25]

J. McLachlan, A. Tran, N. Hopper, and Y. Kim. Scalable Onion Routing with Torsk. In Proceedings of the 16th ACM conference on Computer and Communications Security, CCS'09, pages 590--599. ACM, 2009.

Digital Library

[26]

P. Mittal, F. Olumofin, C. Troncoso, N. Borisov, and I. Goldberg. PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval. In Proceedings of the 20th USENIX Security Symposium, August 2011.

Digital Library

[27]

W. B. Moore, C. Wacek, and M. Sherr. Exploring the Potential Benefits of Expanded Rate Limiting in Tor: Slow and Steady Wins the Race with Tortoise. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), pages 207--216, December 2011.

Digital Library

[28]

S. J. Murdoch. Comparison of Tor Datagram Designs. Tor Project Technical Report, November 2011.

[29]

T.-W. J. Ngan, R. Dingledine, and D. S. Wallach. Building Incentives into Tor. In Proceedings of Financial Cryptography, pages 238--256, January 2010.

Digital Library

[30]

J. Padhye, V. Firoiu, D. Towsley, and J. Kurose. Modeling TCP throughput: a simple model and its empirical validation. In Proceedings of the ACM SIGCOMM'98 conference on Applications, technologies, architectures, and protocols for computer communication, SIGCOMM'98, pages 303--314. ACM, 1998.

Digital Library

[31]

J. Reardon and I. Goldberg. Improving Tor Using a TCP-over-DTLS Tunnel. In Proceedings of the 18th USENIX Security Symposium, August 2009.

Digital Library

[32]

A. Shepard. Build abstraction layer around TLS. https://trac.torproject.org/projects/tor/ticket/6465. Accessed Feb. 2013.

[33]

M. Sherr, M. Blaze, and B. T. Loo. Scalable Link-Based Relay Selection for Anonymous Routing. In PETS'09: Proceedings of the 9th International Symposium on Privacy Enhancing Technologies, pages 73--93, Berlin, Heidelberg, 2009. Springer-Verlag.

Digital Library

[34]

C. Shue, Y. Shin, M. Gupta, and J. Y. Choi. Analysis of IPSec overheads for VPN servers. In Proceedings of the First international conference on Secure network protocols, NPSEC'05, pages 25--30, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

[35]

R. Snader and N. Borisov. A Tune-up for Tor: Improving Security and Performance in the Tor Network. In Proceedings of the Network and Distributed Security Symposium (NDSS), February 2008.

[36]

A. H. T. Kivinen, B. Swander and V. Volpe. RFC 3947--Negotiation of NAT-Traversal in the IKE. http://www.ietf.org/rfc/rfc3947.txt, January 2005.

[37]

C. Tang and I. Goldberg. An Improved Algorithm for Tor Circuit Scheduling. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pages 329--339, October 2010.

Digital Library

[38]

The Tor Project. Tor Metrics Portal: Data. https://metrics.torproject.org/data.html#performance. Accessed Feb. 2013.

[39]

The Tor Project. Tor Metrics Portal: Network. http://metrics.torproject.org/network.html. Accessed Feb. 2013.

[40]

F. Tschorsch and B. Scheurmann. How (not) to Build a Transport Layer for Anonymity Overlays. In Proceedings of the ACM Sigmetrics/Performance Workshop on Privacy and Anonymity for the Digital Economy, June 2012.

Digital Library

[41]

A. Vahdat, K. Yocum, K. Walsh, P. Mahadevan, D. Kostić, J. Chase, and D. Becker. Scalability and Accuracy in a Large-scale Network Emulator. SIGOPS Oper. Syst. Rev., 36(SI):271--284, Dec. 2002.

Digital Library

[42]

C. Viecco. UDP-OR: A Fair Onion Transport Design. http://www.petsymposium.org/2008/hotpets/udp-tor.pdf, 2008. Accessed Feb. 2013.

[43]

T. Wang, K. Bauer, C. Forero, and I. Goldberg. Congestion-aware Path Selection for Tor. In Proceedings of Financial Cryptography and Data Security (FC'12), February 2012.

Cited By

Zou JWang SZhang HLi G(2024)A Simulation Design of Cascade Generation Method for Anonymous NetworkNetwork Simulation and Evaluation10.1007/978-981-97-4519-7_13(182-197)Online publication date: 2-Aug-2024
https://doi.org/10.1007/978-981-97-4519-7_13
Xu DGao JZhu LGao FHan YZhao J(2023)B-Tor: Anonymous communication system based on consortium blockchainPeer-to-Peer Networking and Applications10.1007/s12083-023-01514-916:5(2218-2241)Online publication date: 12-Jul-2023
https://doi.org/10.1007/s12083-023-01514-9
Döpmann CFiedler FLucia STschorsch F(2022)Optimization-Based Predictive Congestion Control for the Tor Network: Opportunities and ChallengesACM Transactions on Internet Technology10.1145/352044022:4(1-30)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3520440
Show More Cited By

Index Terms

PCTCP: per-circuit TCP-over-IPsec transport for anonymous communication overlay networks

Recommendations

RFC 9065: Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols
An Improved Tor Circuit-Building Protocol
JCAI '09: Proceedings of the 2009 International Joint Conference on Artificial Intelligence

Tor is the second generation Onion Router, supporting the anonymous transport of TCP streams over the Internet. Its low latency makes it very suitable for common Internet communication applications. So Tor has become the most successful public anonymity ...
Optimization of tag reading performance in generation-2 RFID protocol

Radio frequency identification (RFID) provides a non-line-of-sight (NLOS) and contactless approach for object identification. But if there are multiple tags in the range of an RFID reader, tag collision can take place due to radio signal interference ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

34
Total Citations
View Citations
424
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zou JWang SZhang HLi G(2024)A Simulation Design of Cascade Generation Method for Anonymous NetworkNetwork Simulation and Evaluation10.1007/978-981-97-4519-7_13(182-197)Online publication date: 2-Aug-2024
https://doi.org/10.1007/978-981-97-4519-7_13
Xu DGao JZhu LGao FHan YZhao J(2023)B-Tor: Anonymous communication system based on consortium blockchainPeer-to-Peer Networking and Applications10.1007/s12083-023-01514-916:5(2218-2241)Online publication date: 12-Jul-2023
https://doi.org/10.1007/s12083-023-01514-9
Döpmann CFiedler FLucia STschorsch F(2022)Optimization-Based Predictive Congestion Control for the Tor Network: Opportunities and ChallengesACM Transactions on Internet Technology10.1145/352044022:4(1-30)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3520440
Basyoni LErbad AMohamed AGuizani M(2022)QDRL: QoS-Aware Deep Reinforcement Learning Approach for Tor's Circuit SchedulingIEEE Transactions on Network Science and Engineering10.1109/TNSE.2022.31795699:5(3396-3410)Online publication date: 1-Sep-2022
https://doi.org/10.1109/TNSE.2022.3179569
Basyoni LErbad AAlsabah MFetais NMohamed AGuizani M(2021)QuicTor: Enhancing Tor for Real-Time Communication Using QUIC Transport ProtocolIEEE Access10.1109/ACCESS.2021.30596729(28769-28784)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3059672
De la Cadena WKaiser DPanchenko AEngel T(2020)Out-of-the-box Multipath TCP as a Tor Transport Protocol: Performance and Privacy Implications2020 IEEE 19th International Symposium on Network Computing and Applications (NCA)10.1109/NCA51143.2020.9306702(1-6)Online publication date: 24-Nov-2020
https://doi.org/10.1109/NCA51143.2020.9306702
Basyoni LErbad AMohamed ARefaey AGuizani M(2020)Proportionally Fair approach for Tor’s Circuits Scheduling2020 International Symposium on Networks, Computers and Communications (ISNCC)10.1109/ISNCC49221.2020.9297310(1-6)Online publication date: 20-Oct-2020
https://doi.org/10.1109/ISNCC49221.2020.9297310
Fiedler FDopmann CTschorsch FLucia S(2020)PredicTor: Predictive Congestion Control for the Tor Network2020 IEEE Conference on Control Technology and Applications (CCTA)10.1109/CCTA41146.2020.9206384(863-870)Online publication date: Aug-2020
https://doi.org/10.1109/CCTA41146.2020.9206384
Jansen RVaidya TSherr MHeninger NTraynor P(2019)Point breakProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361465(1823-1840)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361465
Ugarte-Pedrero XGraziano MBalzarotti D(2019)A Close Look at a Daily Dataset of Malware SamplesACM Transactions on Privacy and Security10.1145/329106122:1(1-30)Online publication date: 22-Jan-2019
https://dl.acm.org/doi/10.1145/3291061
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents