Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection
This work addresses security and anonymity issues for Tor users, presenting an incremental improvement over previous path-selection methods.
The paper tackles the problem of Tor users being vulnerable to deanonymization by adversaries observing network relays, and it proposes a trust-aware path selection algorithm that helps users avoid traffic-analysis attacks while maintaining plausible deniability, with evaluations showing effectiveness in avoiding single global adversaries and country-level threats.
Tor users are vulnerable to deanonymization by an adversary that can observe some Tor relays or some parts of the network. We demonstrate that previous network-aware path-selection algorithms that propose to solve this problem are vulnerable to attacks across multiple Tor connections. We suggest that users use trust to choose the paths through Tor that are less likely to be observed, where trust is flexibly modeled as a probability distribution on the location of the user's adversaries, and we present the Trust-Aware Path Selection algorithm for Tor that helps users avoid traffic-analysis attacks while still choosing paths that could have been selected by many other users. We evaluate this algorithm in two settings using a high-level map of Internet routing: (i) users try to avoid a single global adversary that has an independent chance to control each Autonomous System organization, Internet Exchange Point organization, and Tor relay family, and (ii) users try to avoid deanonymization by any single country. We also examine the performance of Trust-Aware Path selection using the Shadow network simulator.