Presentation is loading. Please wait.

Presentation is loading. Please wait.

Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.

Published byMariah McGee Modified over 8 years ago

Similar presentations

Presentation on theme: "Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS."— Presentation transcript:

1 Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS Naval Research Laboratory John GeddesUniversity of Minnesota Chris WacekGeorgetown University Micah SherrGeorgetown University Paul SyversonUS Naval Research Laboratory

2 Anonymous Communication: Tor

3 Tor is Slow!!! Research* ● PCTCP: Per-Circuit TCP-over-IPsec Transport for Anonymous Communication Overlay Networks (CCS ‘13) ● Reducing Latency in Tor Circuits with Unordered Delivery (FOCI ‘13) ● How Low Can You Go: Balancing Performance with Anonymity in Tor (PETS ‘13) ● The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting (PETS ’13) ● An Empirical Evaluation of Relay Selection in Tor (NDSS ‘13) ● LIRA: Lightweight Incentivized Routing for Anonymity (NDSS ‘13) ● Improving Performance and Anonymity in the Tor Network (IPCCC ‘12) ● Enhancing Tor's Performance using Real-time Traffic Classification (CCS ’12) ● Torchestra: Reducing interactive traffic delays over Tor (WPES ‘12) ● Throttling Tor Bandwidth Parasites (USENIX Sec ‘12) ● LASTor: A Low-Latency AS-Aware Tor Client (Oakland ‘12) ● Congestion-aware Path Selection for Tor (FC ‘12) *Not a comprehensive list

4 Tor is Slow!!! Research* *Not a comprehensive list Where?

5 This Talk ● Where is Tor slow? – Measure public Tor and private Shadow-Tor networks – Identify circuit scheduling and socket flushing problems ● Design KIST: Kernel-Informed Socket Transport – Use TCP snd_cwnd to limit socket writes ● Evaluate KIST Performance and Security – Reduces kernel and end-to-end circuit congestion – Throughput attacks unaffected, speeds up latency attacks

6 Outline ● Background ● Instrument Tor, measure congestion ● Analyze causes of congestion ● Design and evaluate KIST – Performance – Security

7 Relay Overview

8 TCP Tor circuits are multiplexed over a TCP transport

9 Relay Overview TCP

10 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Opportunities for traffic management

11 Outline ● Background ● Instrument Tor, measure congestion ● Analyze causes of congestion ● Design and evaluate KIST – Performance – Security

12 Live Tor Congestion - libkqtime Kernel InputKernel OutputTor InputTor Output Tor Circuits

13 Live Tor Congestion - libkqtime Kernel InputKernel OutputTor InputTor Output Tor Circuits tag match tag match

14 Live Tor Congestion - libkqtime Kernel InputKernel OutputTor InputTor Output Tor Circuits tag match tag match track cells

15 Shadow Network Simulation ● Enhanced Shadow with several missing TCP algorithms – CUBIC congestion control – Retransmission timers – Selective acknowledgements (SACK) – Forward acknowledgements (FACK) – Fast retransmit/recovery ● Designed largest known private Tor network – 3600 relays and 12000 simultaneously active clients – Internet topology graph: ~700k nodes and 1.3m links

16 Track the UID Shadow-Tor Congestion – UIDs UID Track the UID

17 Shadow-Tor Congestion – UIDs UID Track the UID Kernel InputKernel Output Tor Input Tor Output Tor Circuits

18 Tor and Shadow-Tor Congestion Congestion occurs almost exclusively in outbound kernel buffers Shadow-TorLive-Tor

19 Outline ● Background ● Instrument Tor, measure congestion ● Analyze causes of congestion ● Design and evaluate KIST – Performance – Security

20 Analyzing Causes of Congestion Kernel OutputTor Output Tor Circuits Queuing delays in kernel output buffer

21 Analyzing Causes of Congestion Kernel OutputTor Output Tor Circuits Queuing delays in kernel output buffer Problem 1: Circuit scheduling Problem 2: Flushing to Sockets

22 Problem 1: Circuit Scheduling Kernel OutputTor Output Tor Circuits Libevent schedules one connection at a time

23 Problem 1: Circuit Scheduling Kernel OutputTor Output Tor Circuits Libevent schedules one connection at a time Tor only considers a subset of writable circuits

24 Problem 1: Circuit Scheduling Kernel OutputTor Output Tor Circuits Libevent schedules one connection at a time Tor only considers a subset of writable circuits Circuits from different connections are not prioritized correctly

25 Problem 1: Circuit Scheduling

26 Correctly differentiatedNo differentiation

27 Problem 1: Circuit Scheduling Correctly differentiated No differentiation 99.775% of any two circuits are unshared

28 Problem 2: Flushing to Sockets Kernel OutputTor Output Tor Circuits Queuing delays in kernel output buffer FIFO

29 Problem 2: Flushing to Sockets Kernel OutputTor Output Tor Circuits Worse priority traffic (high throughput flows) FIFO

30 Problem 2: Flushing to Sockets Kernel OutputTor Output Tor Circuits Better priority traffic (low throughput flows) Worse priority traffic (high throughput flows) FIFO

31 Problem 2: Flushing to Sockets Kernel OutputTor Output Tor Circuits Better priority traffic (low throughput flows) Must wait for kernel to flush socket to network (blocked on TCP cwnd) Worse priority traffic (high throughput flows) FIFO

32 Problem 2: Flushing to Sockets Kernel OutputTor Output Tor Circuits Better priority traffic (low throughput flows) Reduces effectiveness of circuit priority Worse priority traffic (high throughput flows) FIFO

33 Outline ● Background ● Instrument Tor, measure congestion ● Analyze causes of congestion ● Design and evaluate KIST – Performance – Security

34 Ask the kernel, stupid! ● Utilize getsockopt and ioctl syscalls socket_space = sndbufcap – sndbuflen tcp_space = (cwnd – unacked) * mss sndbuflen sndbufcap unacked cwnd

35 Kernel-Informed Socket Transport ● Don’t write it if the kernel can’t send it; bound kernel writes by: – Socket: min(socket_space, tcp_space) – Global: upstream bandwidth capacity Solution to Problem 2

36 Kernel-Informed Socket Transport ● Don’t write it if the kernel can’t send it; bound kernel writes by: – Socket: min(socket_space, tcp_space) – Global: upstream bandwidth capacity ● Choose globally from all writable circuits Solution to Problem 1

37 Kernel-Informed Socket Transport ● Don’t write it if the kernel can’t send it; bound kernel writes by: – Socket: min(socket_space, tcp_space) – Global: upstream bandwidth capacity ● Choose globally from all writable circuits ● Try to write again before kernel starvation

38 KIST Reduces Kernel Congestion

39 KIST Increases Tor Congestion

40 KIST Reduces Circuit Congestion

41 KIST Improves Network Latency

42 Outline ● Background ● Instrument Tor, measure congestion ● Analyze causes of congestion ● Design and evaluate KIST – Performance – Security

43 Traffic Correlation: Latency Hopper et.al. CCS’07 Goal: narrow down potential locations of the client on a target circuit

44 Traffic Correlation: Latency Hopper et.al. CCS’07 -Inject redirect or javascript -Start timer

45 Traffic Correlation: Latency GET Hopper et.al. CCS’07 Request redirected page or embedded object

46 Traffic Correlation: Latency GET Hopper et.al. CCS’07 -Stop timer -Estimate latency

47 Latency Attack | estimate – actual |

48 Latency Attack num pings until best estimate

49 Traffic Correlation: Throughput Mittal et.al. CCS’11 Goal: find guard relay of the client on a target circuit

50 Traffic Correlation: Throughput Mittal et.al. CCS’11 Probe throughput of all guard relays

51 Traffic Correlation: Throughput Mittal et.al. CCS’11 Correlate throughput between exit and probes

52 Throughput Attack Results

53 Conclusion ● Where is Tor slow? ● KIST complements other performance enhancements, e.g. circuit priority ● Next steps – Currently exploring various algorithmic optimizations – Test KIST in the wild and deploy in Tor

54 Questions? rob.g.jansen@nrl.navy.mil robgjansen.com github.com/robgjansen/libkqtime github.com/shadow think like an adversary

55 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Network Input

56 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Split data into socket buffers

57 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Read data from sockets into Tor

58 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Process data (encrypt/decrypt)

59 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Split cells into circuit queues

60 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Circuits linked to outgoing connection

61 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Schedule cells

62 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Write data from Tor into sockets

63 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Schedule data for sending

64 Relay Internals Kernel InputKernel OutputTor InputTor Output Tor Circuits Opportunities for traffic management

65 KIST Improves Network Throughput

Download ppt "Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS."

Similar presentations

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.
Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
Reducing Latency in Tor Circuits with Unordered Delivery Michael F. Nowlan, David Wolinsky, and Bryan Ford Yale University Dedis Lab.

Reducing Latency in Tor Circuits with Unordered Delivery Michael F. Nowlan, David Wolinsky, and Bryan Ford Yale University Dedis Lab.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
1 TCP Vegas: New Techniques for Congestion Detection and Avoidance Lawrence S. Brakmo Sean W. O’Malley Larry L. Peterson Department of Computer Science.

1 TCP Vegas: New Techniques for Congestion Detection and Avoidance Lawrence S. Brakmo Sean W. O’Malley Larry L. Peterson Department of Computer Science.
24-1 Chapter 24. Congestion Control and Quality of Service (part 1) 23.1 Data Traffic 23.2 Congestion 23.3 Congestion Control 23.4 Two Examples.

24-1 Chapter 24. Congestion Control and Quality of Service (part 1) 23.1 Data Traffic 23.2 Congestion 23.3 Congestion Control 23.4 Two Examples.
Playback-buffer Equalization for Streaming Media using Stateless Transport Prioritization Dan Tan, HPL, Palo Alto Weidong Cui, UC Berkeley John Apostolopoulos,

Playback-buffer Equalization for Streaming Media using Stateless Transport Prioritization Dan Tan, HPL, Palo Alto Weidong Cui, UC Berkeley John Apostolopoulos,
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.

LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
APOHN: Subnetwork Layering to Improve TCP Performance over Heterogeneous Paths April 4, 2006 Dzmitry Kliazovich, Fabrizio Granelli, University of Trento,

APOHN: Subnetwork Layering to Improve TCP Performance over Heterogeneous Paths April 4, 2006 Dzmitry Kliazovich, Fabrizio Granelli, University of Trento,
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.

Congestion Control Created by M Bateman, A Ruddle & C Allison As part of the TCP View project.
CS 408 Computer Networks Congestion Control (from Chapter 05)

CS 408 Computer Networks Congestion Control (from Chapter 05)
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.

Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.
Nick McKeown CS244 Lecture 6 Packet Switches. What you said The very premise of the paper was a bit of an eye- opener for me, for previously I had never.

Nick McKeown CS244 Lecture 6 Packet Switches. What you said The very premise of the paper was a bit of an eye- opener for me, for previously I had never.
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

Similar presentations

Ads by Google