Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

TL;DR

This paper evaluates the accuracy of network path prediction techniques in identifying threats from autonomous systems and Internet exchanges to improve Tor's security against traffic analysis attacks.

Contribution

It provides a comprehensive measurement study assessing the effectiveness of path inference methods in detecting network adversaries and explores their use in enhancing Tor's defenses.

Findings

Path prediction techniques have limitations in accurately identifying adversaries.

Overestimating threats can help in avoiding attacks but may impact performance.

Using predictions for active defense poses significant design challenges.

Abstract

The Tor anonymity network has been shown vulnerable to traffic analysis attacks by autonomous systems and Internet exchanges, which can observe different overlay hops belonging to the same circuit. We aim to determine whether network path prediction techniques provide an accurate picture of the threat from such adversaries, and whether they can be used to avoid this threat. We perform a measurement study by running traceroutes from Tor relays to destinations around the Internet. We use the data to evaluate the accuracy of the autonomous systems and Internet exchanges that are predicted to appear on the path using state-of-the-art path inference techniques; we also consider the impact that prediction errors have on Tor security, and whether it is possible to produce a useful overestimate that does not miss important threats. Finally, we evaluate the possibility of using these predictions to actively avoid AS and IX adversaries and the challenges this creates for the design of Tor.