Padding-only defenses add delay in Tor

TL;DR

Padding-only defenses in Tor, intended to be zero-delay, actually introduce delays when deployed network-wide, highlighting the need for comprehensive simulation-based evaluation of such privacy-preserving methods.

Contribution

This paper demonstrates through Shadow simulations that padding-only defenses add delay in real-world deployment, challenging the assumption of zero-delay and emphasizing the importance of network-wide evaluation.

Findings

Padding-only defenses increase delay when deployed network-wide

Simulations reveal delays not apparent in isolated settings

Future defenses should be evaluated with network-wide simulations

Abstract

Website fingerprinting is an attack that uses size and timing characteristics of encrypted downloads to identify targeted websites. Since this can defeat the privacy goals of anonymity networks such as Tor, many algorithms to defend against this attack in Tor have been proposed in the literature. These algorithms typically consist of some combination of the injection of dummy "padding" packets with the delay of actual packets to disrupt timing patterns. For usability reasons, Tor is intended to provide low latency; as such, many authors focus on padding-only defenses in the belief that they are "zero-delay." We demonstrate through Shadow simulations that by increasing queue lengths, padding-only defenses add delay when deployed network-wide, so they should not be considered "zero-delay." We further argue that future defenses should also be evaluated using network-wide deployment simulations