[tor-bugs] #26137 [Core Tor/Tor]: Integrate AS-aware circuit selection

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun May 20 01:58:56 UTC 2018 

#26137: Integrate AS-aware circuit selection
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  (none)
  cypherpunks            |
         Type:           |     Status:  new
  enhancement            |
     Priority:  High     |  Milestone:
    Component:  Core     |    Version:
  Tor/Tor                |   Keywords:  tor-client traffic-analysis path-
     Severity:  Normal   |  selection
Actual Points:           |  Parent ID:
       Points:           |   Reviewer:
      Sponsor:           |
-------------------------+-------------------------------------------------
 The "ASToria" Tor client has been available since 2015, but I haven't seen
 any analysis of it from Tor Project or any plans to integrate any of the
 ideas. The general idea behind ASToria is to improve path selection to
 minimize the risk of AS-level traffic correlation. It is effectively an
 enhanced version of Tor's current naïve path-selection behavior which
 simply involves avoiding circuits with relays that share too small of a
 subnet. This is a similar proposal to #10221, which was created before
 this paper was published.

 Tor should integrate AS-aware circuit selection (whether by including the
 ASToria code or creating a bespoke solution), or at the very least
 integrate AS-aware circuit measurement to make potential transition easier
 in the future. Additionally, this change would require no modifications of
 the Tor protocol and would be completely backwards-compatible with the
 network. From the paper's abstract:

 >We find that up to 40% of all circuits created by Tor are vulnerable to
 attacks by traffic correlation from Autonomous System (AS)-level
 adversaries, 42% from colluding AS-level adversaries, and 85% from state-
 level adversaries. In addition, we find that in some regions (notably,
 China and Iran) there exist many cases where over 95% of all possible
 circuits are vulnerable to correlation attacks, emphasizing the need for
 AS-aware relay-selection.
 >
 >Astoria reduces the number of vulnerable circuits to 2% against AS-level
 adversaries, under 5% against colluding AS-level adversaries, and 25%
 against state-level adversaries. In addition, Astoria load balances across
 the Tor network so as to not overload any set of relays.

 Key points:

 * The code has already been written and just needs a cleanup and some
 review.
 * Load balancing is done to prevent individual relays from being
 overloaded.
 * No changes to the protocol are needed, making this fully backwards-
 compatible.
 * AS-level traffic analysis risk is reduced from 40% to 2% for any given
 circuit.

 https://arxiv.org/abs/1505.05173
 https://github.com/sbunrg/Astoria

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26137>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list