Doctoral thesis (Dissertations and theses)
Multipath Routing on Anonymous Communication Systems: Enhancing Privacy and Performance
de La Cadena Ramos, Augusto Wladimir
2021
 

Files


Full Text
dis_plan_last.pdf
Author postprint (4.07 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
tor; anonymity; privacy; multipath
Abstract :
[en] We live in an era where mass surveillance and online tracking against civilians and organizations have reached alarming levels. This has resulted in more and more users relying on anonymous communications tools for their daily online activities. Nowadays, Tor is the most popular and widely deployed anonymization network, serving millions of daily users in the entire world. Tor promises to hide the identity of users (i.e., IP addresses) and prevents that external agents disclose relationships between the communicating parties. However, the benefit of privacy protection comes at the cost of severe performance loss. This performance loss degrades the user experience to such an extent that many users do not use anonymization networks and forgo the privacy protection offered. On the other hand, the popularity of Tor has captured the attention of attackers wishing to deanonymize their users. As a response, this dissertation presents a set of multipath routing techniques, both at transport and circuit level, to improve the privacy and performance offered to Tor users. To this end, we first present a comprehensive taxonomy to identify the implications of integrating multipath on each design aspect of Tor. Then, we present a novel transport design to address the existing performance unfairness of the Tor traffic.In Tor, traffic from multiple users is multiplexed in a single TCP connection between two relays. While this has positive effects on privacy, it negatively influences performance and is characterized by unfairness as TCP congestion control gives all the multiplexed Tor traffic as little of the available bandwidth as it gives to every single TCP connection that competes for the same resource. To counter this, we propose to use multipath TCP (MPTCP) to allow for better resource utilization, which, in turn, increases throughput of the Tor traffic to a fairer extend. Our evaluation in real-world settings shows that using out-of-the-box MPTCP leads to 15% performance gain. We analyze the privacy implications of MPTCP in Tor settings and discuss potential threats and mitigation strategies. Regarding privacy, in Tor, a malicious entry node can mount website fingerprinting (WFP) attacks to disclose the identities of Tor users by only observing patterns of data flows.In response to this, we propose splitting traffic over multiple entry nodes to limit the observable patterns that an adversary has access to. We demonstrate that our sophisticated splitting strategy reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. Additionally, we show that this defense, initially designed against WFP, can also be used to mitigate end-to-end correlation attacks. The contributions presented in this thesis are orthogonal to each other and their synergy comprises a boosted system in terms of both privacy and performance. This results in a more attractive anonymization network for new and existing users, which, in turn, increases the security of all users as a result of enlarging the anonymity set.
Disciplines :
Computer science
Author, co-author :
de La Cadena Ramos, Augusto Wladimir ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Engel
Language :
English
Title :
Multipath Routing on Anonymous Communication Systems: Enhancing Privacy and Performance
Defense date :
11 January 2021
Institution :
Unilu - University of Luxembourg, Luxembourg
Degree :
Docteur en Informatique
Promotor :
Engel, Thomas 
Panchenko, Andriy
President :
Jury member :
Danezis, George
Ries, Thorsten
FnR Project :
FNR10486741 - Privacy Enhancing Techniques For Future Internet, 2015 (01/09/2016-31/08/2019) - Thomas Engel
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 12 January 2021

Statistics


Number of views
400 (12 by Unilu)
Number of downloads
707 (4 by Unilu)

Bibliography


Similar publications



Contact ORBilu