Optimization and Analysis of Tor's Anonymous Communication: Shared Links, a Side-Channel and a Path Toward OnionVPN

A right to anonymity is becoming increasingly important in our digital world, where users are under constant surveillance. Users can exercise this right by using anonymous networks. One popular low-latency anonymity network is Tor, which provides sender and receiver anonymity. Tor builds a path through the network over three hops. Only the first hop knows the sender, and only the last hop knows the receiver. However, users will only use those networks if they have decent performance. One main performance problem in Tor is cross-circuit interference (CCI), where multiple circuits are multiplexed over one Transport Layer Security (TLS) connection. These circuits share the same connection window and have unfair bandwidth sharing. There is no detailed understanding of how many active shared links exist in the network and if CCI might have side-channel leakage.

To investigate this problem in more detail, we develop a shared links simulator called SALSA. We investigate the impact of active shared links on the Tor network and show that 3.7 % of all active links are shared, which affects 15 % of all active circuits. If Tor reached its current bandwidth capacity, the number of active shared links could increase to 16 %. With shared links simulator (SALSA), we can show that internal circuits, the number of users, and relays contributed the most to the problem. We show in a 25 % Shadow network simulation with an older Tor version, which has an application-level mitigation for CCI, that this network is still slower with shared links. Tor implemented in recent versions, Tor-Vegas and Conflux, are not directly meant as mitigation. However, we can show with a 30 % Shadow network simulation with a newer Tor version that CCI is only a problem for transfers smaller than 5 MiB. CCI makes a round-trip time (RTT)-based side-channel attack possible.

We analyze a side-channel attack against CCI, where an attacker does not need to be in a machine-in-the-middle (MitM) position, and we can show that it leaks traffic patterns by executing a website fingerprinting (WF) attack. For the WF attack, we use 50 of the top 100 websites. We compare the attack in different scenarios and can report an average F1 score of 30 %, which is better than random guessing.

On the other hand, there are virtual private network (VPN) providers that use a one-hop solution to hide the sender. They have better performance than Tor but no guarantee of anonymity. Users need to trust these providers not to record user activity, but data breaches in the media show that this trust may be misplaced. We develop OnionVPN, which has better bulk traffic performance than Tor, and implement a path selection algorithm to defend against autonomous system (AS) level attackers, three-hop circuits, and we introduce receiver anonymity through onion services. Additionally, we analyze 118 VPN providers to see if they meet the requirements for OnionVPN. OnionVPN could relieve the Tor network from bulk traffic where users do not need strong anonymity guarantees and, in turn, improve performance.