Full Program »
Quantifying measurement quality and load distribution in Tor
Tor is a widely used anonymization network. Traffic is routed over different relay nodes to conceal the communication partner. However, if a single relay forwards too much traffic, de-anonymization attacks are possible. The Tor Load Balancing Mechanism (TLBM) is responsible for assigning traffic to relays.
In this work, we show that the current bandwidth measurement method of the \LBM is only suitable to verify the bandwidth of at most 60% of all relays. Most notably, the measurement results of other relays are neither dependent on their available bandwidth nor previous measurements.
However, as Tor favors fast relays during path selection, verifiable relays only handle a small fraction of Tor's traffic. More precisely, we show that only 7.2% of all circuits consist of entry and exit relays that can be verified by measurements.
We discuss the implications of these results and argue that the TLBM should focus at least as much on load distribution as on circuit performance.