Waterfiling: Balancing the Tor network with maximum diversity

TL;DR

Waterfilling is a novel circuit selection method for the Tor network that enhances security by balancing load and increasing the difficulty for adversaries to perform traffic correlation attacks without significantly impacting network performance.

Contribution

The paper introduces Waterfilling, a new load balancing approach for Tor that improves security against traffic correlation attacks while maintaining network performance.

Findings

Increases the number of nodes an attacker must control for successful attacks.

Reduces the advantage gained from hacking high-bandwidth relays.

Does not significantly impact network performance.

Abstract

We present the Waterfilling circuit selection method, which we designed in order to mitigate the risks of a successful end-to-end traffic correlation attack. Waterfilling proceeds by balancing the Tor network load as evenly as possible on endpoints of user paths. We simulate the use of Waterfilling thanks to the TorPS and Shadow tools. Applying several security metrics, we show that the adoption of Waterfilling considerably increases the number of nodes that an adversary needs to control in order to be able to mount a successful attack, while somewhat decreasing the minimum amount of bandwidth required to do so. Moreover, we evaluate Waterfilling into Shadow and show that it does not impact significantly the performance of the network. Furthermore, Waterfilling reduces the benefits that an attacker could obtain by hacking into a top bandwidth Tor relay, hence limiting the risks raised by such relays.