As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.
The tech report version was just posted on eprint:
https://eprint.iacr.org/2015/235
for your perusing pleasure. ;-)
Thanks,
- Ian
Only glanced through it, but it looks amazingly comprehensive for a 32 page paper (plus references). I haven't read it yet, but a glance suggests it could be a go-to reference to give to people wanting to get up to speed on Tor and its current research questions. Congrats!
aloha, Paul
On Fri, Mar 13, 2015 at 02:01:56PM +0100, Ian Goldberg wrote:
As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.
The tech report version was just posted on eprint:
https://eprint.iacr.org/2015/235
for your perusing pleasure. ;-)
Thanks,
- Ian
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Dear Ian,
Thanks for publishing this! I am now a huge fan of your work... This is excellent!
Cheers,
David
On Fri, Mar 13, 2015 at 4:25 PM, Paul Syverson paul.syverson@nrl.navy.mil wrote:
Only glanced through it, but it looks amazingly comprehensive for a 32 page paper (plus references). I haven't read it yet, but a glance suggests it could be a go-to reference to give to people wanting to get up to speed on Tor and its current research questions. Congrats!
aloha, Paul
On Fri, Mar 13, 2015 at 02:01:56PM +0100, Ian Goldberg wrote:
As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.
The tech report version was just posted on eprint:
https://eprint.iacr.org/2015/235
for your perusing pleasure. ;-)
Thanks,
- Ian
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Thanks to both of you! Mashael deserves the bulk of the kudos, of course. ;-)
- Ian
On Fri, Mar 13, 2015 at 05:54:39PM +0000, David Stainton wrote:
Dear Ian,
Thanks for publishing this! I am now a huge fan of your work... This is excellent!
Cheers,
David
On Fri, Mar 13, 2015 at 4:25 PM, Paul Syverson paul.syverson@nrl.navy.mil wrote:
Only glanced through it, but it looks amazingly comprehensive for a 32 page paper (plus references). I haven't read it yet, but a glance suggests it could be a go-to reference to give to people wanting to get up to speed on Tor and its current research questions. Congrats!
aloha, Paul
On Fri, Mar 13, 2015 at 02:01:56PM +0100, Ian Goldberg wrote:
As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.
The tech report version was just posted on eprint:
https://eprint.iacr.org/2015/235
for your perusing pleasure. ;-)
Thanks,
- Ian
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Mashael, Ian -- this looks awesome, congrats!
A couple of very minor comments come to mind (mainly from looking at Figure 5): a) For AS-level adversaries, the following could be useful inclusions: http://dl.acm.org/citation.cfm?id=1029199 http://moria.freehaven.net/anonbib/cache/murdoch-pet2007.pdf http://www.princeton.edu/~pmittal/publications/bgptor-hotnets14.pdf
b) The figure misses out on depicting a research direction that aims to embed notions of trust in the network (could potentially be combined with path selection): http://www.ohmygodel.com/publications/ortrust-ccs11.pdf http://www.princeton.edu/~pmittal/publications/pisces-ndss13.pdf
(Typo: the ShadowWalker cite in Figure 5 should have the year as 2009)
Thanks, Prateek
On Fri, Mar 13, 2015 at 9:01 AM, Ian Goldberg iang@cs.uwaterloo.ca wrote:
As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.
The tech report version was just posted on eprint:
https://eprint.iacr.org/2015/235
for your perusing pleasure. ;-)
Thanks,
- Ian
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Prateek Mittal:
Mashael, Ian -- this looks awesome, congrats!
A couple of very minor comments come to mind (mainly from looking at Figure 5): a) For AS-level adversaries, the following could be useful inclusions: http://dl.acm.org/citation.cfm?id=1029199 http://moria.freehaven.net/anonbib/cache/murdoch-pet2007.pdf http://www.princeton.edu/~pmittal/publications/bgptor-hotnets14.pdf
Yes, I had the same thought while reading the survey as I, too, felt the first and third paper you listed above were missing (the Murdoch/Zielinski one is included (see section 3.2, last sentence)).
Great work!
Georg
On Fri, Mar 13, 2015 at 9:01 AM, Ian Goldberg iang@cs.uwaterloo.ca wrote:
As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.
The tech report version was just posted on eprint:
https://eprint.iacr.org/2015/235
for your perusing pleasure. ;-)
Thanks,
- Ian
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hey,
Great read. Very information.
Some minor corrections:
p.8 "First, It has been estimated... "; "It" --> "it"
p.14 "... results an unfair allocation..." --> "... results *in* an unfair allocation"
p.15 "... global throttling can only bypassed... " --> "... global throttling can only *be* bypassed... "
p.15 "He observed that throughput was significantly improved with the use of multiple circuits; however, using two circuits performs better than using one circuit or more than two circuits—using more than two circuits increases the chances of choosing a slow router." -> ; "He observed that throughput was significantly improved with the use of multiple circuits; using two circuits perform better than using one circuit, however using more than two circuits increases the chances of choosing a slow router." (just a suggestion to clarify the statement)
p.18 "Jansen and Reardon agree that cells most of their time waiting in the socket output" --> "Jansen and Reardon agree that cells *SPEND* most of their time waiting in the socket output"
p.23 " In their first protocol (which is the basis for all their subsequent protocols), [*?what?*] replaces the RSA encryption, which was used for circuit construction prior to the current ntor protocol (described below), with a DH key agreement in order to reduce the computational cost." --> Perhaps "In order to reduce the computational cost, a DH key agreement replaces the RSA encryption, which was used for circuit construction prior to the current ntor protocol..."
p.27 "... as the Tor network had grown over the years, the above attach of Murdoch and Danezis... " --> "... as the Tor network had grown over the years, the above *attack* of Murdoch and Danezis... "
There also some interesting problems copying and pasting the document, but I believe that is the result of either acrobat or notepad++ removing the hyphens between hyphenated words.
Also, minor differences between "deanonymize" and "de-anonymize" and a few others make people like me notice. They're both correct, but using one form then the other tripped me up.
Good consistent use of American English. I'm not American, so the words didn't match my spelling, but the consistency of using one style, and not flip-flopping was refreshing.
Anywho, I realize it was already published, but wanted to help anyway. It's quite possible I missed some as well. There were other things I would have changed, such as when to present acronyms, but as it's already published there is no point in commenting about them now.
---------------- For the all the devs, if you'd like me to proof-read anything, send it my way and I'll have a go at it. I'm a bit of a stickler when it comes to documentation, and read them for fun so, if you don't send it to me before you publish it, I'll still send you the corrections after they're published. ----------------
Kind regards,
Matt Speak Freely
On Mon, Mar 16, 2015 at 04:00:25PM +0000, Speak Freely wrote:
Hey,
Great read. Very information.
[snip]
Thanks for the edits!
Anywho, I realize it was already published, but wanted to help anyway. It's quite possible I missed some as well. There were other things I would have changed, such as when to present acronyms, but as it's already published there is no point in commenting about them now.
Oh, please *do* comment. We can easily (and definitely plan to) update the ePrint tech report, incorporating the feedback we get from all of you, and giving credit in the acknowledgements. (Do let us know how you'd like to be credited.) Once we're happy with the result, we'll submit a condensed (due to page limits) version to a journal.
- Ian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Ian,
Thanks for the link, and for working on the survey - this was long overdue. I especially enjoy the mind map (Figure 5) which gives a quick view of all of the work over the years. The community has been busy!
On the incentives front, I believe the survey is missing a few papers.
- -"Proof-of-Work as Anonymous Micropayment: Rewarding a Tor Relay" FC 2015 Short Paper, http://fc15.ifca.ai/preproceedings/paper_71.pdf - -"Paying the Guard: an Entry-Guard-based Payment System for Tor" FC 2015 Short Paper, http://fc15.ifca.ai/preproceedings/paper_112.pdf - -"From Onions to Shallots: Rewarding Tor Relays with TEARS" HotPETs 2014, http://www.robgjansen.com/publications/tears-hotpets2014.pdf - -"Payment for Anonymous Routing" PETS 2008, http://cs.gmu.edu/~astavrou/research/Par_PET_2008.pdf
While the TEARS paper only appeared at HotPETs (so far), I feel like it should be included because TorCoin is cited and TEARS is more viable than the TorCoin approach (IMHO) - the reasons for this are explained in the Tor incentives blog post: https://blog.torproject.org/blog/tor-incentives-research-roundup-goldstar-pa...
Also, all of the above, as well as LIRA, are missing from "Incentives" node of the mind map in Figure 5. I realize that this isn't necessarily an incentives survey, but most incentive schemes affect performance and some schemes were included so it may make sense to include them all. Also, it looks like there is some whitespace below the "Throttling" node, so they may fit fairly easily.
Finally, there is no section on Tor simulators/emulators!? I was surprised by this, as that is definitely an area of research that has greatly helped explore performance questions. It would be great to include a section on it so that researchers reading this survey and looking to work on performance know which tools they can use to get started. Shadow, ExperimenTor, SNEAC, and Chutney are the main tools that immediately come to mind that may be useful in exploring performance questions.
Hope this is useful!
All the best, Rob
On Mar 16, 2015, at 12:38 PM, Ian Goldberg iang@cs.uwaterloo.ca wrote:
Oh, please *do* comment. We can easily (and definitely plan to) update the ePrint tech report, incorporating the feedback we get from all of you, and giving credit in the acknowledgements. (Do let us know how you'd like to be credited.) Once we're happy with the result, we'll submit a condensed (due to page limits) version to a journal.
- Ian
I am really looking forward to reading this over the weeked!
Thanks!
On Fri, Mar 13, 2015 at 9:01 AM, Ian Goldberg iang@cs.uwaterloo.ca wrote:
As I mentioned at the dev meeting, Mashael and I were just finishing up a survey paper on Tor performance and security research.
The tech report version was just posted on eprint:
https://eprint.iacr.org/2015/235
for your perusing pleasure. ;-)
Thanks,
- Ian
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-
Abhiram Chintangal -
David Stainton -
Georg Koppen -
Ian Goldberg -
Paul Syverson -
Prateek Mittal -
Rob Jansen -
Speak Freely