Mitigating Censorship with Multi-Circuit Tor and Linear Network Coding
Anna Engelmann, Admela Jukan

TL;DR
This paper proposes enhancing the Tor anonymity network with linear network coding to improve its resistance against censorship attacks, demonstrating increased robustness through analysis.
Contribution
It introduces a novel combination of multi-circuit Tor with linear network coding to mitigate censorship, which was not previously explored.
Findings
LNC improves Tor's censorship resistance
Enhanced multi-circuit Tor with LNC increases robustness
Analysis confirms effectiveness against censorship attacks
Abstract
Anonymity networks are providing practical mechanisms to protect its users against censorship by hiding their identity and information content. The best-known anonymity network, The Onion Routing (Tor) network, is however subject to censorship attacks by blocking the public Tor entry routers and a few secret Tor entry points (bridges), thus preventing users to access the Tor. To further advance the evolution of anonymity networks, while addressing censorship attacks, we propose to enhance the well-known multi-circuit Tor technique with linear network coding (LNC) and analyze the resulting censorship success. The results show that LNC can improve the robustness of Tor against censorship.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Wireless Communication Security Techniques · Full-Duplex Wireless Communications
Mitigating Censorship with Multi-Circuit Tor and Linear Network Coding
Anna Engelmann and Admela Jukan
Technische Universität Carolo-Wilhelmina zu Braunschweig, Germany
Email: {a.engelmann, a.jukan}@tu-bs.de
Abstract
Anonymity networks are providing practical mechanisms to protect its users against censorship by hiding their identity and information content. The best-known anonymity network, The Onion Routing (Tor) network, is however subject to censorship attacks by blocking the public Tor entry routers and a few secret Tor entry points (bridges), thus preventing users to access the Tor. To further advance the evolution of anonymity networks, while addressing censorship attacks, we propose to enhance the well-known multi-circuit Tor technique with linear network coding (LNC) and analyze the resulting censorship success. The results show that LNC can improve the robustness of Tor against censorship.
I Introduction
The Onion Routing (Tor) provides practical mechanisms to provide user anonymity and thus mitigate censorship. In Tor, traffic tunneling is provided over a chain of selected onion routers (OR), which in combination with layered encryption prevent linking tof communicating parts or decrypting the information exchanged [1]. Thus, Tor is designed to alleviate censorship by hiding user’s identity and the content communicated. On the other hand, censorship in Tor is de-facto possible to implement, the most known example of which is "Great Firewall of China," where a few major points in the network are deployed to filter and block the incoming and outgoing Internet traffic, thus preventing users to connect to Tor.
To mitigate censorship, Tor has introduced bridges, in form of non-public onion routers that are known to censored users only and can still allow them an entry into the Tor network [2]. Nevertheless, a censoring entity can collect the said bridges and block them as well. To decrease the chances of blocking, while improving Tor performance and randomizing the tunnel (circuit) distribution, multipathing in Tor has been proposed [3, 4, 5, 6]. Even with multipathing, however, there is no mechanism as of today to recovering if any of the blocked circuits or lost traffic in case of censorship.
In this paper, we hope to further contribute to Tor evolution by improving the defying censorship with multipath routing, with an addition of Linear Network Coding (LNC). In our approach, LNC is used in combination with multi-circuit Tor to recover the traffic blocked by censorship. To evaluate the benefits of this idea, we define and compare three Tor implementations: 1) one Tor (oTor), i.e., the traditional Tor implementation with one communication circuit; 2) multi-circuit Tor (mTor), where traffic transmission is implemented over multiple Tor circuits and diverse ORs; 3) coded Tor (cTor), where mTor traffic is encoded with LNC before transmission. The results show that LNC in cTor can more effectively mitigate censorship as compared to Tor and mTor.
II Multiple-Circuit Tor with LNC (cTor)
Fig. 1 illustrates our proposal to implementing LNC in mTor network (cTor). Just like in oTor, – the basic Tor architecture, also mTor and cTor include Onion Proxies (OP) and Onion Routers (OR). Let us assume that OP includes a client (Alice), who initiates the anonymous communication and uses information about existing ORs to setup circuits to server (Bob) over three randomly selected ORs (entry or bridge, middle and exit ORs). The traffic is split into fixed-sized (512-byte) units called cells, which are encrypted in layers with keys of entry, middle and exit ORs so that each OR can remove only one encryption layer applying the same key as Alice. In contrast to Tor, where all packets are sent over the same circuit, a client in mTor and cTor splits incoming traffic into cells, builds traffic sub-flows and sends them through circuits toward one exit node. Alice randomly selects ORs and setups disjoint circuits, which only share a common exit router. The third circuit contains bridge known to the censor and will be blocked resulting in cell loss.
The lower part of Fig. 1 shows how Linear Network Coding (LNC) can be used in the system as erasure code and can be utilized to protect traffic against losses. Generally, any (, ) erasure code encodes units of original data into units of coded data and tolerate lost of up to data units. Thus, Alice splits incoming traffic into cells and parallelizes them to build cell sub-flows, e.g., . The encoder takes one cell from each sub-flow and encodes cells to generate redundant cells, i.e., sub-flow . We refer to any cells of original data encoded together as generation. After encoding, coded cells leave the encoder building parallel sub-flows. Each coded sub-flow is finally encrypted in layers to be sent over certain circuit toward exit OR. Due to censorship, the third circuit is interrupted resulting in loss of . Circuit failures and cell losses, however, do not have any impact on the throughput of cTor as long as at least circuits are able to deliver coded cells to exit node. During decoding process any , e.g., , out of cells from the same generation can recover the original cells. Finally, the recovered cells can be serialized into original and sent to Bob. In contrast, the circuit blocking in Tor and mTor will result in communication interruption, since the exit node will be unable to recover original due to missing cells and has to request retransmission.
III Analysis of censorship success and evaluations
We assume that there are unknown bridges and bridges known to a censor. The censored user randomly selects entry nodes out of bridges resulting in possible bridge combinations. The censorship is successful, if the anonymous communication was successfully disrupted by bridge blocking, i.e., the receiver is not able to recover the sent information. Blocking of entry ORs, i.e., bridges, results in blocking of the circuit and loss of whole cell flow sent over this circuit. In case of the anonymous communication over Tor and mTor, the communication between client and server is disturbed, if at least one bridge utilized as entry OR is known to a censor and blocked. The client randomly selects , where , out of available bridges, whereby the probability to select known to the censor and blocked bridge, i.e., the probability for a censorship success, can be calculated as . Thus, client selects honest and censored bridges out of and , respectively. When LNC is applied (cTor), the censorship is only successful if more than out of utilized bridges are known to the censor and blocked. Thus, the destination receives less than cells from each generation and can not recover the original information by decoding, i.e., the probability for successful censorship is , .
We now analyze a generic network topology, whereby any client can select between bridges.
Fig. 2 shows the probability for successful communication interruption due to blocking of entry bridges, whereby we assumed that bridges are unknown to the censor. The probability of circuit blocking increases with increasing number of known bridges and utilized circuits related to Tor and mTor. The mTor communication over circuits will be blocked with probability 100% when the censor knows more than 15 bridges. In contrast, cTor shows much better performance, which depends of the amount of utilized coding redundancy , e.g., cTor always outperforms mTor and Tor if . The communication over and circuits with and redundancy shows the lowest probability of communication interruption by censorship as long as and , respectively.
IV Conclusion
We investigated multi-circuit Tor in combination with LNC to increase robustness against censorship. The results showed that cTor with random selection of ORs and circuits carries potential to significantly improving the robustness of anonymous communication against censorship as compared to Tor and mTor.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] E. Erdin, C. Zachor, and M. H. Gunes, “How to find hidden users: A survey of attacks on anonymity networks,” IEEE Communications Surveys Tutorials , vol. 17, no. 4, pp. 2296–2316, 2015.
- 2[2] M. Al Sabah, K. Bauer, T. Elahi, and I. Goldberg, “The path less travelled: Overcoming tor’s bottlenecks with traffic splitting,” in Privacy Enhancing Technologies . Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 143–163.
- 3[3] H. T. Karaoglu, M. B. Akgun, M. H. Gunes, and M. Yuksel, “Multi path considerations for anonymized routing: Challenges and opportunities,” in 2012 NTMS , May 2012, pp. 1–5.
- 4[4] F. Rochet, “Moving tor circuits towards multiple-path : Anonymity and performance considerations,” 2015.
- 5[5] L. Yang and F. Li, “Enhancing traffic analysis resistance for tor hidden services with multipath routing,” in IEEE CNS , Sep. 2015, pp. 745–746.
- 6[6] L. Yang and F. Li, “mtor: A multipath tor routing beyond bandwidth throttling,” in IEEE CNS , Sep. 2015, pp. 479–487.
