Abstract: Tor is a popular overlay network providing low-latency anonymous communications on the Internet. Tor provides source and destination anonymity for TCP-based applications by routing the user's traffic through a group of volunteer-operated relays located around the world. In this talk, we present an overview of our research from over the past five years to improve Tor's security and anonymity, understand how Tor is used and misused in practice, and diagnose the sources of Tor's slow performance and develop solutions.
First, we show that Tor is vulnerable to attacks launched by resource-constrained adversaries who inflate their perceived bandwidth capacities to attract traffic. We develop a novel low-cost traffic analysis technique that utilizes only limited information from circuit establishment messages to link senders and receivers, thereby compromising the system's anonymity. We highlight partial solutions to this attack, but argue that Tor still remains vulnerable today.
Next, we present the findings of a measurement study aimed at better understanding how Tor is used (and mis-used) and who uses Tor. We find that interactive web traffic comprises the majority of Tor's traffic by number of TCP connections and aggregate volume, but non-interactive peer-to-peer file sharing traffic consumes a disproportionate and unfair amount of the network's scarce bandwidth. We also present evidence that Tor is used throughout the world, yet volunteer routers are generally hosted in only a few countries.
Lastly, we highlight our efforts to understand the sources of Tor's slow performance. To facilitate largescale experimentation with Tor, we developed a network emulation-based testbed that replicates the salient features of the live Tor network such as Tor's overlay topology and the clients' traffic characteristics in isolation. Using this testbed, we observe that Tor's end-to-end flow control mechanism allows significant congestion, which degrades the network's performance, particularly for delay-sensitive interactive web users. To control this congestion and offer a better quality of service to interactive users, we design and
evaluate improved congestion control and flow control algorithms inspired by techniques from ATM networks.
Biography: Dr. Kevin Bauer is a technical staff member in the Cyber Systems and Technology Group at MIT Lincoln Laboratory. Dr. Bauer joined MIT Lincoln Laboratory in May 2012. His academic research interests include privacy-enhancing technologies, anonymous communications, cyber security experimentation, and network security.
Prior to joining Lincoln Laboratory, Bauer was a Postdoctoral Fellow in the Cryptography, Security, and Privacy Group at the University of Waterloo, a research staff member in the Systems and Networking Group at the University of California, San Diego, and a Visiting Researcher at the International Computer Science Institute’s Center for Internet Research.
Dr. Bauer earned his Ph.D. in Computer Science from the University of Colorado in 2011.
Host: Prof. Craig Wills
Refreshments will be served.