PeerFlow: Secure Load Balancing in Tor
Authors: Aaron Johnson (U.S. Naval Research Laboratory), Rob Jansen (U.S. Naval Research Laboratory), Nicholas Hopper (University of Minnesota), Aaron Segal (Yale University), Paul Syverson (U.S. Naval Research Laboratory)
Volume: 2017
Issue: 2
Pages: 74–94
DOI: https://doi.org/10.1515/popets-2017-0017
Abstract: We present PeerFlow, a system to securely load balance client traffic in Tor. Security in Tor requires that no adversary handle too much traffic. However, Tor relays are run by volunteers who cannot be trusted to report the relay bandwidths, which Tor clients use for load balancing. We show that existing methods to determine the bandwidths of Tor relays allow an adversary with little bandwidth to attack large amounts of client traffic. These methods include Tor’s current bandwidthscanning system, TorFlow, and the peer-measurement system EigenSpeed. We present an improved design called PeerFlow that uses a peer-measurement process both to limit an adversary’s ability to increase his measured bandwidth and to improve accuracy. We show our system to be secure, fast, and efficient. We implement PeerFlow in Tor and demonstrate its speed and accuracy in large-scale network simulations.
Keywords: Tor, distributed systems, security
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.
