Improving Tor using a TCP-over-DTLS Tunnel Joel Reardon Ian - - PowerPoint PPT Presentation

Improving Tor using a TCP-over-DTLS Tunnel Joel Reardon Ian Goldberg

Google Zurich University of Waterloo 18th USENIX Security Symposium August 12th, 2009

Tor: Internet anonymity tool

2

Problem

3

Tor Network

4

Tor: circuit construction

5

Tor: circuit construction

6

Tor: circuit construction

7

Tor: circuit construction

8

Tor

Privacy for usable, low-latency communication. However it can be slow, and that discourages casual usage.

9

Where is the observed latency?

10

Tor’s Datapath

• Input

Buffer Output Buffer Socket Socket Input Buffer Router Output Buffer Output Buffer Input Buffer Onion Router Input Buffer Router Output Buffer Output Buffer Input Buffer Onion Router Server Socket

Onion Proxy

Proxy

Datapath

11

Output buffers do introduce some latency

2 4 6 8 10

Time (min)

2 4 6 8 10 12 14 16 Datalength (KB)

(c) Buffer Length over Time

2 4 6 8 10

Time (min)

50 100 150 200 250 300 Waiting Time (milliseconds)

(a) Waiting Times over Time

0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0

Waiting Time (milliseconds)

20 40 60 80 100 Percentile

(b) Waiting Times CDF

2 4 6 8 10 12 14 16

Buffer Length (KB)

20 40 60 80 100 Percentile

(d) Buffer Length CDF

Output Buffer Size and Latency 12

This occurs when the socket is unwritable

13

A brief outline of TCP

TCP is designed to reliably send streams of data using packets Congestion controls throttles sending to maximize throughput while avoiding packet drops.

14

Of what are TCP output buffers composed?

100 200 300 400 500 600 Time (seconds) 5 10 15 20 25 30 35 40 Socket Output Buffer Size (KB)

Socket Output Buffer Size and Unacknowledged Packets Socket Output Buffer Size Unacknowledged Packets Unwritable Socket 15

TCP Congestion Control (C/C) is to blame.

16

Tor’s multiplexing of circuits over TCP

b b a a a, b OR OR OR OR OR OR

If C/C is applied to a, then it is also applied to b This is suboptimal; TCP is designed to throttle individual connections based on whether they witness a packet drop—proportional to their traffic.

17

An example of cross-circuit interference

100 200 300 400 500 600 700 Time (seconds) 0.0 0.2 0.4 0.6 0.8 1.0 1.2 Data (MB)

Buffer Sizes across Circuits

18

Experiment to observe interference by bulk senders

Circuit Delay Circuit delay while peer under load 200 400 600 800 1000 1200 1400 1600

Delay (ms)

19

Packet Dropping / Reordering

OR OR TCP Stream (over network) Readable

Kernel TCP

Buffered / Waiting

20

We want to use a separate TCP connection for each circuit

21

Concerns for separate TCP connections

Individual TCP streams leak precise information about the size and rate of data to an adversary Tor already faces some scalability concerns regarding its clique topology Some versions of Windows suffer when opening many TCP sockets already Any modification must be backwards compatible with the existing Tor network

22

Our novel proposal: a TCP-over-DTLS tunnel

DTLS - a secure (cf. TLS) protocol for transporting datagrams (UDP sockets) TCP implementation in user-space is used to generate TCP/IP packets, which are sent over DTLS The other end injects the received packet into their user-level TCP stack, and reads from user-level sockets

23

How TCP-over-DTLS addresses our issues

Application Payload TCP IP IP DTLS Application Payload TLS UDP TORTP (b) TCP−over−DTLS Tor (a) TCP Tor

24

How TCP-over-DTLS addresses our issues

UDP operates in an unconnected mode, so it accepts packets from any destination Each node advertises a UDP socket that multiplexes data for all connections The sender is used to demultiplex the proper connection that is used to decrypt the DTLS payload Nodes that do not offer a UDP socket will use the existing transport, assuring backwards compatibility

25

Packet / Streams translation

cell_unpack Sockets TCP TCP Buffers cell_pack

Tor Interface

Processing Tor UDP Socket tx() rx() recv() send() Packets Streams DTLS decrypt DTLS encrypt TCP Re/Transmit Thread

User−level TCP

26

How TCP-over-DTLS addresses our issues

OR OR UDP Stream (over network)

Kernel UDP

RXed Packets

User TCP

Buffered/Waiting Readable m Readable

27

Experimental results from our implementation

28

Circuit latency comparison

Base Delay Delay under Load 200 400 600 800 1000 1200 1400 1600

Delay (ms) TCP-over-DTLS Tor TCP Tor

29

Future Work

30

Improved Memory Management socket 1’s output buffer: 1, 3, 11, 8 empty list: 2, 5, 9, 4 socket 1’s input buffer: 0, 6, 7 cell_t data: 10 Cell Pool 1 2 3 4 5 6 7 8 9 10 11

31

Back-propagation of Congestion Window

TCP cwnd=15 actual cwnd=10 data ack, cwnd=10 TCP cwnd=20 actual cwnd=10 data ack, cwnd=10 actual cwnd=10 TCP cwnd=10

32

Summary

We determined that TCP congestion control introduces latency into Tor’s datapath We determined that multiplexing circuits over TCP results in the unfair application of congestion control We proposed TCP-over-DTLS: a solution to address this issue that also addresses scalability issues and is backwards compatible with the existing Tor network We implemented our proposal and showed it successfully addressed cross-circuit interference.

33