TorPolice: Towards Enforcing Service-Defined Access Policies in Anonymous Systems
This addresses the problem of botnet abuse and usability issues for service providers and legitimate Tor users, offering a novel solution to enhance Tor's resilience.
The paper tackles the lack of access control in Tor, which leaves it vulnerable to botnet abuse and attacks, by proposing TorPolice, a privacy-preserving framework that enables service providers to enforce access policies and throttle malicious requests while maintaining service for legitimate users.
Tor is the most widely used anonymity network, currently serving millions of users each day. However, there is no access control in place for all these users, leaving the network vulnerable to botnet abuse and attacks. For example, criminals frequently use exit relays as stepping stones for attacks, causing service providers to serve CAPTCHAs to exit relay IP addresses or blacklisting them altogether, which leads to severe usability issues for legitimate Tor users. To address this problem, we propose TorPolice, the first privacy-preserving access control framework for Tor. TorPolice enables abuse-plagued service providers such as Yelp to enforce access rules to police and throttle malicious requests coming from Tor while still providing service to legitimate Tor users. Further, TorPolice equips Tor with global access control for relays, enhancing Tor's resilience to botnet abuse. We show that TorPolice preserves the privacy of Tor users, implement a prototype of TorPolice, and perform extensive evaluations to validate our design goals.