DCarea Anonymity Privacy and Security Seminar January 24 th 2014 Rob Jansen US Naval Research Laboratory Joint with John Geddes Chris Wacek Micah Sherr Paul Syverson ID: 361549
Download Presentation The PPT/PDF document "Toward Understanding Congestion in Tor" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Toward Understanding Congestion in Tor
DC-area Anonymity, Privacy, and Security SeminarJanuary 24th, 2014
Rob
JansenU.S. Naval Research Laboratory
*Joint with
John
Geddes, Chris
Wacek
, Micah
Sherr
, Paul
SyversonSlide2
Tor for Awesomeness AnonymitySlide3
Tor is Slow!!! Research*
PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay Networks (CCS ‘13)Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13)How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13)The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13)An Empirical Evaluation of Relay Selection in
Tor (NDSS ‘13)LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13)Improving Performance and Anonymity in the Tor
Network (IPCCC ‘12)Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12)Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12)Throttling Tor Bandwidth Parasites (USENIX Sec ‘12)
LASTor
: A Low-Latency AS-Aware Tor
Client (Oakland ‘12)
Congestion-aware Path Selection for
Tor (FC ‘12)
*Not a comprehensive listSlide4
Tor is Slow!!! Research*
PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay Networks (CCS ‘13)Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13)How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13)The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13)An Empirical Evaluation of Relay Selection in
Tor (NDSS ‘13)LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13)Improving Performance and Anonymity in the Tor
Network (IPCCC ‘12)Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12)Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12)Throttling Tor Bandwidth Parasites (USENIX Sec ‘12)
LASTor
: A Low-Latency AS-Aware Tor
Client (Oakland ‘12)
Congestion-aware Path Selection for
Tor (FC ‘12)
*Not a comprehensive list
Where?Slide5
Outline
Where is Tor slow?Understand Tor relay architectureMeasure and analyze relay congestion in realistic Tor networksDesign focused solutionsSlide6
Outline
Where is Tor slow?Understand Tor relay architectureMeasure and analyze relay congestion in realistic Tor networksDesign focused solutionsSlide7
The Tor NetworkSlide8
Relay OverviewSlide9
Relay OverviewSlide10
Relay Overview
Onion routing
connectionsSlide11
Relay Overview
TCP
TCP
TCP
TCP
TCP
TCP
TransportSlide12
Relay Overview
TCP
TCP
TCP
TCP
TCP
TCP
TCP
Multiplexed
Circuits
and
StreamsSlide13
Relay Overview
TCP
TCP
TCP
TCP
TCP
TCP
TCPSlide14
Relay
Internals
Kernel Input
Kernel OutputTor Input
Tor Output
Tor Circuits
Network InputSlide15
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Split data into socket buffersSlide16
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Read data from sockets into TorSlide17
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Process data (encrypt/decrypt)Slide18
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Split cells
into circuit queuesSlide19
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Circuits linked to outgoing connectionSlide20
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Schedule
cellsSlide21
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Write data
from Tor into socketsSlide22
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Schedule data for sendingSlide23
Relay Internals
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Opportunities for traffic managementSlide24
Outline
Where is Tor slow?Understand Tor relay architectureMeasure and analyze relay congestion in realistic Tor networks
Design focused solutionsSlide25
Kernel Congestion:
libkqtime
Kernel Input
Kernel OutputTor Input
Tor Output
Tor CircuitsSlide26
Kernel Congestion:
libkqtime
Kernel Input
Kernel OutputTor Input
Tor Output
Tor Circuits
tag
matchSlide27
Kernel Congestion:
libkqtime
Kernel Input
Kernel OutputTor Input
Tor Output
Tor Circuits
tag
match
tag
matchSlide28
Kernel Congestion:
libkqtime
Kernel Input
Kernel OutputTor Input
Tor Output
Tor Circuits
tag
match
tag
match
t
rack cellsSlide29
Congestion AnalysisSlide30
Congestion AnalysisSlide31
Analyzing the Design
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor CircuitsSlide32
Analyzing the Design
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Queuing delays in kernel output bufferSlide33
Analyzing the Design
Kernel Input
Kernel Output
Tor Input
Tor Output
Tor Circuits
Queuing delays in kernel output buffer
Circuit scheduling design flawsSlide34
Outline
Where is Tor slow?Understand Tor relay architectureMeasure and analyze relay congestion in realistic Tor networks
Design focused solutionsSlide35
Ineffective Priority
Kernel Output
Tor Output
Tor Circuits
Circuit schedulers are ineffective at prioritizationSlide36
Ineffective Priority
Kernel Output
Tor Output
Tor Circuits
Libevent
schedules one connection at a timeSlide37
Ineffective Priority
Kernel Output
Tor Output
Tor Circuits
Libevent
schedules one connection at a time
Tor only considers a subset of writable circuitsSlide38
Ineffective Priority
Kernel Output
Tor Output
Tor Circuits
Libevent
schedules one connection at a time
Tor only considers a subset of writable circuits
Circuits from
different connections
are not prioritized correctlySlide39
Scheduling Problems
Scenario A
Scenario B
No Shared Connection
Shared ConnectionSlide40
Scheduling Problems
Scenario A
Scenario BSlide41
Global Circuit Scheduling
Kernel Output
Tor Output
Tor Circuits
Choose among ALL writable circuitsSlide42
Kernel Buffer
Bloat
Kernel Output
Tor Output
Tor Circuits
Queuing delays in kernel output bufferSlide43
Kernel Buffer
Bloat
Kernel Output
Tor Output
Tor Circuits
Queuing delays in kernel output buffer
Too many large kernel queues
More data in kernel than it can send
Circuit scheduler timing issuesSlide44
Tor Output Auto-tuning
Don’t write what the kernel can’t sendSmartly write to kernel usingSocket queue lengths and sizesTCP windowsNode bandwidth capacityCheck again before kernel starvation
Increase effectiveness of circuit schedulerSlide45
Questions?
cs.umn.edu/~jansenrob.g.jansen@nrl.navy.mil
think like an adversarySlide46
libkqtime