Privacy-Preserving Measurement of the Tor Network Study Summary

privacy preserving measurement of the tor network n.w
1 / 39
Embed
Share

This study conducted by Aaron Johnson on May 30th, 2017 at the Center for Disclosure Avoidance Research delves into the intricacies of the Tor network. It focuses on the anonymous and censorship-resistant communication system, exploring the number of users, connections, and traffic volume. The use of secure multiparty computation is highlighted in understanding the inner workings of Tor, including onion routing, users, relays, destinations, circuits, and streams. The study sheds light on how clients initiate circuits with guards, relays set exit policies, and stream multiplexing over circuits.

  • Privacy
  • Tor network
  • Security
  • Onion routing
  • Secure computation
rayaanacharya
maan844 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Privacy-Preserving Measurement of the Tor Network Aaron Johnson May 30th, 2017 Center for Disclosure Avoidance Research, U.S. Census

  2. Problem Tor is a popular system for anonymous, censorship-resistant communication (includes client, server, and Web browser). 2

  3. Problem Tor is a popular system for anonymous, censorship-resistant communication (includes client, server, and Web browser). What is going on inside Tor? How many users? How many connections? How much traffic? Secure multiparty computation 3

  4. Background: Onion Routing Users Relays Destinations Circuit Stream 4

  5. Background: Onion Routing Users Relays Destinations Circuit Stream 5

  6. Background: Onion Routing Users Relays Destinations Circuit Stream 6

  7. Background: Onion Routing Users Relays Destinations Circuit Stream 7

  8. Background: Onion Routing Users Relays Destinations Circuit Stream 8

  9. Background: Using Circuits 9

  10. Background: Using Circuits 1. Clients begin all circuits with a selected guard. 10

  11. Background: Using Circuits 1. Clients begin all circuits with a selected guard. 2. Relays define individual exit policies. 11

  12. Background: Using Circuits 1. Clients begin all circuits with a selected guard. 2. Relays define individual exit policies. 3. Clients multiplex streams over a circuit. 12

  13. Background: Using Circuits 1. Clients begin all circuits with a selected guard. 2. Relays define individual exit policies. 3. Clients multiplex streams over a circuit. 4. New circuits replace existing ones periodically. 13

  14. Background: Using Circuits 1. Clients begin all circuits with a selected guard. 2. Relays define individual exit policies. 3. Clients multiplex streams over a circuit. 4. New circuits replace existing ones periodically. 5. Clients randomly choose proportional to bandwidth. 14

  15. Background: Onion Services Onion Service 15

  16. Background: Onion Services Onion Service I 1. Onion services maintain circuits to Introduction Points (IPs). P 16

  17. Background: Onion Services R P Onion Service I 1. Onion services maintain circuits to Introduction Points (IPs). 2. User creates circuit to Rendezvous Point (RP) and IP and requests connection to RP. P 17

  18. Background: Onion Services R P Onion Service I 1. Onion services maintain circuits to Introduction Points (IPs). 2. User creates circuit to Rendezvous Point (RP) and IP and requests connection to RP. 3. Onion service connects to RP. P 18

  19. Background: Directory Authorities Directory Authorities Hourly network consensus by majority vote - Relays (IPs, public keys, bandwidths, etc.) - Parameters (performance thresholds, etc.) 19

  20. Tor Measurement Why measure Tor? Guide network improvements (e.g. improving congestion) Calibrate network operations (e.g. bandwidth weighting) Inform policy discussions (e.g. popularity in various countries) U.S. Naval Research Laboratory 20

  21. Tor Measurement What to measure on Tor? Users Total # unique Churn rate Traffic distribution Destinations # onion services Popular destinations Popular applications Relays Bandwidth Congestion Failures Denial-of-service U.S. Naval Research Laboratory 21

  22. Tor Measurement Example privacy risks of measuring Tor Deanonymizing individual connections Storing sensitive data at relays risks leaks from compromise Revealing interesting users (e.g. from censored locations) Revealing private onion services U.S. Naval Research Laboratory 22

  23. Tor Measurement https://metrics.torproject.org Some current Tor measurements Data How measured Relay bandwidth capacity Self, BW Authorities Relay used bandwidth Per relay Total daily users Per relay Privacy techniques Test measurements Report every 4 hrs Inferred from consensus downloads Report every 24 hrs, round, opt-in Differential privacy, round Report every 24 hrs, opt-in Users per country Per relay # onion services Exit traffic per port Per relay Per relay U.S. Naval Research Laboratory 23

  24. Tor Measurement https://metrics.torproject.org Some current Tor measurements Data How measured Relay bandwidth capacity Self, BW Authorities Relay used bandwidth Per relay Total daily users Per relay Privacy techniques Test measurements Report every 4 hrs Inferred from consensus downloads Report every 24 hrs, round, opt-in Differential privacy, round Report every 24 hrs, opt-in Users per country Per relay # onion services Exit traffic per port Per relay Per relay Inaccurate U.S. Naval Research Laboratory 24

  25. Tor Measurement https://metrics.torproject.org Some current Tor measurements Data How measured Relay bandwidth capacity Self, BW Authorities Relay used bandwidth Per relay Total daily users Per relay Privacy techniques Test measurements Report every 4 hrs Inferred from consensus downloads Report every 24 hrs, round, opt-in Differential privacy, round Report every 24 hrs, opt-in Users per country Per relay # onion services Exit traffic per port Per relay Per relay Unsafe U.S. Naval Research Laboratory 25

  26. Tor Measurement https://metrics.torproject.org Some current Tor measurements Data How measured Relay bandwidth capacity Self, BW Authorities Relay used bandwidth Per relay Total daily users Per relay Privacy techniques Test measurements Report every 4 hrs Inferred from consensus downloads Report every 24 hrs, round, opt-in Differential privacy, round Report every 24 hrs, opt-in Users per country Per relay # onion services Exit traffic per port Per relay Per relay Incomplete U.S. Naval Research Laboratory 26

  27. Tool: Differential Privacy Differential Privacy Mechanism M is ( , )-differentially private if, for all databases D and D that differ only in the data of one individual, Pr[M(D)=r] Pr[M(D )=r] e + U.S. Naval Research Laboratory 27

  28. Onion service statistics Tor publishes differentially-private onion- service statistics. Hidden-service statistics reported by relays By David Goulet, Aaron Johnson, George Kadianakis, and Karsten Loesing Tor Technical Report 2015-04-001, April 2015. U.S. Naval Research Laboratory 28

  29. Tool: Differential Privacy Secure Multiparty Computation (MPC) Party Pihas input xi. An MPC protocol computes f(x1, , xn) and only reveals it (doesn t reveal the xi). U.S. Naval Research Laboratory 29

  30. Tor + Secure Multiparty Computation Safe Outputs can t be attributed to a single relay Outputs can be differentially private Data can be secret-shared instead of stored locally Accurate Noise can be added globally, not per-relay Data from all relays can be used Robust statistics can limit effect of malicious inputs (e.g. median) U.S. Naval Research Laboratory 30

  31. Tor + Secure Multiparty Computation Deployment #1 Deployment #2 Secret sharing Statistics Authorities Statistics Authorities get shares and compute outputs Efficiency from fewer computation parties StatAuths can be chosen for reliability Random subset of relays get shares and compute outputs Achieve security similar to overall network No extra parties to run and maintain U.S. Naval Research Laboratory 31

  32. Tor + Secure Multiparty Computation Tor measurement MPC setting General computation important as data/network change Multiparty Many entities must be required to compromise Tor Tor has multiple, non-colluding entities available Malicious security Relays, clients, onion services can be run by anyone Tor has active adversaries (e.g. governments,hackers) Compromise threshold? Dishonest majority requires fewer reliable, non- colluding entities Honest majority already assumed by DirAuths Fault tolerance critical in Tor, as a large, distributed, volunteer-run system U.S. Naval Research Laboratory 32

  33. PrivCount Designed and used system for secure aggregation Sums only Extremely efficient Low bandwidth No slow cryptographic operations during aggregation Output is differentially private Enables data exploration Researcher can interactively schedule measurements base Privacy still holds researcher isn t trusted Safely Measuring Tor By Rob Jansen and Aaron Johnson 23rd ACM Conference on Computer and Communications Security (CCS 2016). U.S. Naval Research Laboratory 33

  34. PrivCount PrivCount: Simple system for data aggregation in Tor DCs update counts and histograms TS runs measurement rounds to allow data exploration (untrusted) SKs maintain additive shares (need one honest) Data Collectors (DCs) / Relays Tally Server (TS) Share Keepers (SKs) Data Collection 1. DC creates and increments counter. 2. DC shares random values with SKs for blinding , adds to counter. 3. DC samples Gaussian noise share for ( , )-differential privacy, adds to counter. Aggregation 1. DCs send counters to TS. 2. SKs add shares, send to TS. 3. TS subtracts SK shares from DC counters, outputs result. U.S. Naval Research Laboratory 34

  35. PrivCount: Our Deployment Data Collectors 4 exits, 3 guards 1.285% exit BW, 0.2% guard BW 3 machines 2 operators Share Keepers 6 machines 6 operators 4 countries Collected 13 statistics in 1-day rounds and 27 in 7-day rounds (May 2016) Guard statistics # unique clients in 10-minute slices # active/inactive circuits per client Exit statistics # Circuits and streams per port class (Web, interactive, and other) # bytes read or written per port class Histograms: circuit lifetimes, bytes in & out per circuit U.S. Naval Research Laboratory 35

  36. PrivCount: Some Results # unique users in 10 min Active, 5.50E+05 6.00E+05 5.00E+05 4.00E+05 3.00E+05 Inactive, 1.60E+05 2.00E+05 1.00E+05 0.00E+00 PrivCount: users / 10 min Tor Metrics: users / day U.S. Naval Research Laboratory 36

  37. PrivCount: Some Results PrivCount, 2016 Chaabane et al.*, 2010 Other, 11 Other, 27.88 Interacti ve, 0 Streams Web, 70.4 Web, 88 Interacti ve, 1.72 Other, 21 Web, 48.81 Interacti ve, 0 Data Other, 57.92 Web, 79 Interacti ve, 0.26 U.S. Naval Research Laboratory Presentation Title | 37 *Chaabane, A., Manils, P., AND Kaafar, M. Digging into anonymous traffic: A deep analysis of the tor anonymizing network. IEEE Network and System Security (2010).

  38. Tor + Secure Multiparty Computation Improving on PrivCount results with SMC Count unique users over longer periods using secret- sharing to safely store IPs Percentiles instead of histograms Robust statistics to limit effect of malicious inputs (e.g. median) for operational outputs Add minimum noise necessary Detect ongoing behaviors Denial of service attacks Botnets over onion services U.S. Naval Research Laboratory Presentation Title | 38

  39. Tor + Secure Multiparty Computation Future problems Accountability needed for some applications (e.g. measurements to set operational parameters) Efficient updates during data collection without storing sensitive data locally (e.g. IP addresses) Find privacy-preserving functions that are robust to malicious inputs and efficient for SMC Large numbers of parties (e.g. hundreds) may be necessary for honest-majority sampled relay subsets U.S. Naval Research Laboratory Presentation Title | 39

Related


Insights from the 2022 Population and Housing Census in Tanzania

Insights from the 2022 Population and Housing Census in Tanzania

olivier
Impact of COVID-19 Pandemic on Botswana's 2022 Population and Housing Census: Addressing Data Quality Concerns

Impact of COVID-19 Pandemic on Botswana's 2022 Population and Housing Census: Addressing Data Quality Concerns

locke
Overview of 2020 Census Post-Census Group Quarters Review

Overview of 2020 Census Post-Census Group Quarters Review

ally
Effective Census Planning for Successful Population and Housing Censuses

Effective Census Planning for Successful Population and Housing Censuses

damien
Overview of Egypt's 2017 Population, Housing & Establishments E-Census

Overview of Egypt's 2017 Population, Housing & Establishments E-Census

kylee
Myanmar Population and Housing Census Quality Assurance

Myanmar Population and Housing Census Quality Assurance

nell
Importance of Census Evaluation in Ensuring Data Quality

Importance of Census Evaluation in Ensuring Data Quality

corben
Evaluating Website Fingerprinting Attacks on Tor

Evaluating Website Fingerprinting Attacks on Tor

absalom
Egypt 2017 Census: Strategic Objectives and Goals

Egypt 2017 Census: Strategic Objectives and Goals

gaudreau_b
Regional Roundtable on World Programme for the Census of Agriculture 2020

Regional Roundtable on World Programme for the Census of Agriculture 2020

kellei
TORKARI: High Strength Reinforcing Steel Innovation by Torsteel Group

TORKARI: High Strength Reinforcing Steel Innovation by Torsteel Group

arowl
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval

nknob
The Tor Network: An In-Depth Overview

The Tor Network: An In-Depth Overview

aleeci
Census Activities and Methodologies in India

Census Activities and Methodologies in India

nrich
Modernizing Census Operations with Electronic Data Collection Technologies

Modernizing Census Operations with Electronic Data Collection Technologies

pere_788
Efforts to Optimize the 2020 Census Operations

Efforts to Optimize the 2020 Census Operations

lian_eif
Population and Housing Census Process in The Gambia

Population and Housing Census Process in The Gambia

annam
The Sniper Attack on Tor Network

The Sniper Attack on Tor Network

ala_u
Traffic Analysis for Measuring Tor from Within

Traffic Analysis for Measuring Tor from Within

kod_mcc
Overview of Census Planning and Management in Sri Lanka

Overview of Census Planning and Management in Sri Lanka

petrosyan_s
Transitioning to Modern Data Collection Techniques in the 2020 Population and Housing Census

Transitioning to Modern Data Collection Techniques in the 2020 Population and Housing Census

corp_vel
Importance of Quality Assurance Programmes in Population Censuses

Importance of Quality Assurance Programmes in Population Censuses

kavi_7

More Related Content