research-article

Open access

CLAPS: Client-Location-Aware Path Selection in Tor

Authors:

Florentin Rochet,

Prateek Mittal,

Olivier PereiraAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Pages 17 - 34

https://doi.org/10.1145/3372297.3417279

Published: 02 November 2020 Publication History

Abstract

Much research has investigated improving the security and performance of Tor by having Tor clients choose paths through the network in a way that depends on the client's location. However, this approach has been demonstrated to lead to serious deanonymization attacks. Moreover, we show how in some scenarios it can lead to significant performance degradation. For example, we demonstrate that using the recently-proposed Counter-RAPTOR system when guard bandwidth isn't abundant could increase median download times by 28.7%. We propose the CLAPS system for performing client-location-aware path selection, which fixes the known security and performance issues of existing designs. We experimentally compare the security and performance of CLAPS to Counter-RAPTOR and DeNASA. CLAPS puts a strict bound on the leakage of information about the client's location, where the other systems could completely reveal it after just a few connections. It also guarantees a limit on the advantage that an adversary can obtain by strategic relay placement, which we demonstrate to be overwhelming against the other systems. Finally, due to a powerful formalization of path selection as an optimization problem, CLAPS is approaching or even exceeding the original goals of algorithms to which it is applied, while solving their known deficiencies.

Supplementary Material

MOV File (Copy of CCS2020_fpx314_Florentin Rochet - Andrew Diehl.mov)

Presentation video

Download
257.49 MB

References

[1]

Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha. 2012. LASTor: A Low-Latency AS-Aware Tor Client. In IEEE Symposium on Security and Privacy, SP 2012, 21--23 May 2012, San Francisco, California, USA. 476--490.

Digital Library

[2]

Mashael AlSabah, Kevin S. Bauer, Tariq Elahi, and Ian Goldberg. 2013. The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting. In Privacy Enhancing Technologies - 13th International Symposium, PETS.

[3]

Robert Annessi and Martin Schmiedecker. 2016. Navigator: Finding faster paths to anonymity. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 214--226.

[4]

Michael Backes, Aniket Kate, Sebastian Meiser, and Esfandiar Mohammadi. 2014. (Nothing else) MATor(s): Monitoring the Anonymity of Tor's Path Selection. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security .

Digital Library

[5]

Armon Barton and Matthew Wright. 2016. DeNASA: Destination-Naive AS-Awareness in Anonymous Communications. In Proceedings on Privacy Enhancing Technologies .

[6]

Armon Barton, Matthew Wright, Jiang Ming, and Mohsen Imani. 2018. Towards Predicting Efficient and Anonymous Tor Circuits. In 27th USENIX Security Symposium, USENIX Security .

[7]

Thien-Nam Dinh, Florentin Rochet, Olivier Pereira, and Dan S Wallach. 2020. Scaling Up Anonymous Communication with Efficient Nanopayment Channels. Proceedings on Privacy Enhancing Technologies, Vol. 3 (2020), 175--203.

[8]

Matthew Edman and Paul Syverson. 2009. AS-awareness in Tor Path Selection. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09). 380--389.

Digital Library

[9]

John Geddes, Rob Jansen, and Nicholas Hopper. 2013. How low can you go: Balancing performance with anonymity in Tor. In International Symposium on Privacy Enhancing Technologies Symposium. Springer, 164--184.

[10]

John Geddes, Mike Schliep, and Nicholas Hopper. 2016. ABRA CADABRA: Magically Increasing Network Utilization in Tor by Avoiding Bottlenecks. In Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society (WPES) .

Digital Library

[11]

Hans Hanley, Yixin Sun, Sameer Wagh, Mung Chiang, and Prateek Mittal. 2019. DPSelect: A Differential Privacy Based Guard Selection Algorithm for Tor . Proceedings on Privacy Enhancing Technologies, Vol. 2019, 2 (2019).

[12]

Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In 25th USENIX Security Symposium (USENIX Security 16) .

Digital Library

[13]

Rob Jansen, Kevin S. Bauer, Nicholas Hopper, and Roger Dingledine. 2012. Methodically Modeling the Tor Network. In 5th Workshop on Cyber Security Experimentation and Test, CSET '12 .

[14]

Rob Jansen and Nicholas Hopper. 2012. Shadow: Running Tor in a Box for Accurate and Efficient Experimentation. In Proceedings of the Network and Distributed System Security Symposium - NDSS'12 . Internet Society.

[15]

Rob Jansen, Matthew Traudt, and Nicholas Hopper. 2018. Privacy-Preserving Dynamic Learning of Tor Network Traffic. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . 1944--1961.

Digital Library

[16]

Aaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum, and Paul Syverson. 2017. Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection. In 24th Annual Network and Distributed System Security Symposium, NDSS.

[17]

Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. 2013. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries (CCS '13). 337--348.

[18]

Katharina Kohls, Kai Jansen, David Rupprecht, Thorsten Holz, and Christina Pöpper. [n.d.]. On the Challenges of Geographical Avoidance for Tor. In Proceedings of 26th Annual Network and Distributed System Security Symposium (NDSS 2019) .

[19]

Zhihao Li, Stephen Herwig, and Dave Levin. 2017. DeTor: Provably Avoiding Geographic Regions in Tor. In 26th USENIX Security Symposium (USENIX Security 17) .

[20]

Dong Lin, Micah Sherr, and Boon Thau Loo. 2016. Scalable and Anonymous Group Communication with MTor. In Proceedings on Privacy Enhancing Technologies .

[21]

Akshaya Mani, T Wilson-Brown, Rob Jansen, Aaron Johnson, and Micah Sherr. 2018. Understanding Tor Usage with Privacy-Preserving Measurement. In Proceedings of the Internet Measurement Conference 2018 (IMC '18). ACM.

Digital Library

[22]

Zhuoqing Morley Mao, Lili Qiu, Jia Wang, and Yin Zhang. 2005. On AS-Level Path Inference. In Proceedings of the International Conference on Measurements and Modeling of Computer Systems, SIGMETRICS. ACM .

Digital Library

[23]

Steven J. Murdoch and George Danezis. 2005. Low-Cost Traffic Analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy (SP '05). 183--195.

[24]

Steven J. Murdoch and Piotr Zielinski. 2007. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries. In Privacy Enhancing Technologies, 7th International Symposium, PET.

[25]

Rishab Nithyanand, Oleksii Starov, Adva Zair, Phillipa Gill, and Michael Schapira. 2016. Measuring and mitigating AS-level adversaries against Tor .

[26]

Andriy Panchenko, Fabian Lanze, and Thomas Engel. 2012. Improving Performance and Anonymity in the Tor Network. In 31st IEEE International Performance Computing and Communications Conference (IPCCC) .

[27]

Jian Qiu and Lixin Gao. 2005. AS path inference by exploiting known AS paths . In Proceedings of IEEE GLOBECOM .

[28]

Florentin Rochet, Aaron Johnson, Ryan Wails, Prateek Mittal, and Olivier Pereira. [n.d.]. Bandaid on entry guard selection. https://github.com/frochet/prop271_towards_loadbalancing/blob/master/xxx-bandaid-on-guard-selection.txt .

[29]

Florentin Rochet and Olivier Pereira. 2017. Waterfilling: Balancing the Tor network with maximum diversity . Proceedings on Privacy Enhancing Technologies .

[30]

Florentin Rochet and Olivier Pereira. 2018. Dropping on the edge: Flexibility and traffic confirmation in onion routing protocols. Proceedings on Privacy Enhancing Technologies, Vol. 2018, 2 (2018), 27--46.

[31]

Andrei Serjantov and George Danezis. 2002. Towards an Information Theoretic Metric for Anonymity. In Privacy Enhancing Technologies, Second International Workshop, PET 2002 (Lecture Notes in Computer Science), Vol. 2482.

[32]

Micah Sherr, Matt Blaze, and Boon Thau Loo. 2009. Scalable Link-Based Relay Selection for Anonymous Routing. In Proceedings of the 9th International Symposium on Privacy Enhancing Technologies .

Digital Library

[33]

Payap Sirinam, Mohsen Imani, Marc Juarez, and Matthew Wright. 2018. Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security .

Digital Library

[34]

Robin Snader and Nikita Borisov. 2008. A Tune-up for Tor: Improving Security and Performance in the Tor Network. In Proceedings of 16th Annual Network and Distributed System Security Symposium .

[35]

Yixin Sun, Anne Edmundson, Nick Feamster, Mung Chiang, and Prateek Mittal. 2017. Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks. In IEEE Symposium on Security and Privacy. 977--992.

[36]

Chris Wacek, Henry Tan, Kevin S. Bauer, and Micah Sherr. 2013. An Empirical Evaluation of Relay Selection in Tor. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013 .

[37]

Ryan Wails, Yixin Sun, Aaron Johnson, Mung Chiang, and Prateek Mittal. 2018. Tempest: Temporal Dynamics in Anonymity Systems. Proceedings on Privacy Enhancing Technologies, Vol. 2018, 3 (2018), 22--42.

[38]

Gerry Wan, Aaron Johnson, Ryan Wails, Sameer Wagh, and Prateek Mittal. 2019. Guard Placement Attacks on Path Selection Algorithms for Tor. Proceedings on Privacy Enhancing Technologies, Vol. 2019, 4 (2019).

[39]

Tao Wang, Kevin S. Bauer, Clara Forero, and Ian Goldberg. 2012. Congestion-Aware Path Selection for Tor. In Financial Cryptography and Data Security - 16th International Conference, FC.

[40]

Tao Wang and Ian Goldberg. 2016. On Realistically Attacking Tor with Website Fingerprinting . Proceedings on Privacy Enhancing Technologies, Vol. 2016 (2016).

Cited By

Rahimi MPérez-González FComesaña-Alfaro PKrätzer CVicky Zhao H(2024)CLAM: Client-Aware Routing in Mix NetworksProceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security10.1145/3658664.3659631(199-209)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3658664.3659631
Zhang KChang S(2024)Performance or Anonymity? Source-Driven Tor Relay Selection for Performance Enhancement2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637610(1-9)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637610
Chao DXu DGao FZhang CZhang WZhu L(2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: Nov-2025
https://doi.org/10.1109/COMST.2024.3350006
Show More Cited By

Index Terms

CLAPS: Client-Location-Aware Path Selection in Tor
1. Security and privacy
  1. Network security
    1. Security protocols

Recommendations

Tor forensics: Proposed workflow for client memory artefacts
Abstract
The Internet is now part of everyday life, and plays a significant role in communication, online shopping, online banking, etc. However, one of the current issues with using the Internet is lack of security since it is still possible ...
On Evaluating Anonymity of Onion Routing
Selected Areas in Cryptography
Abstract
Anonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, ...
Safely Measuring Tor
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Tor is a popular network for anonymous communication. The usage and operation of Tor is not well-understood, however, because its privacy goals make common measurement approaches ineffective or risky. We present PrivCount, a system for measuring the Tor ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
1,424
Total Downloads

Downloads (Last 12 months)276
Downloads (Last 6 weeks)30

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rahimi MPérez-González FComesaña-Alfaro PKrätzer CVicky Zhao H(2024)CLAM: Client-Aware Routing in Mix NetworksProceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security10.1145/3658664.3659631(199-209)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3658664.3659631
Zhang KChang S(2024)Performance or Anonymity? Source-Driven Tor Relay Selection for Performance Enhancement2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637610(1-9)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637610
Chao DXu DGao FZhang CZhang WZhu L(2024)A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and FormalizationIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335000626:3(1775-1829)Online publication date: Nov-2025
https://doi.org/10.1109/COMST.2024.3350006
Rahimi M(2024)LARMix$$\mathbf {++}$$: Latency-Aware Routing in Mix Networks with Free Routes TopologyCryptology and Network Security10.1007/978-981-97-8013-6_9(187-211)Online publication date: 2-Oct-2024
https://doi.org/10.1007/978-981-97-8013-6_9
Nunes VBrás JCarvalho ABarradas DGallagher KSantos N(2023)Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-FunnelsProceedings of the ACM on Networking10.1145/36291401:CoNEXT3(1-26)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3629140
Gegenhuber GMaier MHolzbauer FMayer WMerzdovnik GWeippl EUllrich J(2023)An extended view on measuring tor AS-level adversariesComputers and Security10.1016/j.cose.2023.103302132:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103302
Cheng XHu NZhao YWu KZou JChen Y(2022)A Covert-Aware Anonymous Communication Network for Social CommunicationSecurity and Communication Networks10.1155/2022/22550472022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2255047
Ma XRochet FElahi T(2022)Stopping Silent Sneaks: Defending against Malicious Mixes with Topological EngineeringProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567996(132-145)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567996
Hogan KServan-Schreiber SNewman ZWeintraub BNita-Rotaru CDevadas S(2022)ShorTor: Improving Tor Network Latency via Multi-hop Overlay Routing2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833619(1933-1952)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833619
Jiang WLiu BWang CYang X(2021)Security-Oriented Network ArchitectureSecurity and Communication Networks10.1155/2021/66946502021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/6694650

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents