Abstract
The Tor network estimates its relays’ bandwidths using relay self-measurements of client traffic speeds. These estimates largely determine how existing traffic load is balanced across relays, and they are used to evaluate the network’s capacity to handle future traffic load increases. Thus, their accuracy is important to optimize Tor’s performance and strategize for growth. However, their accuracy has never been measured. We investigate the accuracy of Tor’s capacity estimation with an analysis of public network data and an active experiment run over the entire live network. Our results suggest that the bandwidth estimates underestimate the total network capacity by at least 50% and that the errors are larger for high-bandwidth and low-uptime relays. Our work suggests that improving Tor’s bandwidth measurement system could improve the network’s performance and better inform plans to handle future growth.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Research safety board, August 2019. https://research.torproject.org/safetyboard
Tor directory protocol, version 3, September 2019. https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt
Tor Metrics Portal, August 2019. https://metrics.torproject.org
Andre, G., Alexandra, D., Samuel, K.: SmarTor: smarter tor with smart contracts: improving resilience of topology distribution in the Tor network. In: Annual Computer Security Applications Conference (ACSAC) (2018)
Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against Tor. In: Workshop on Privacy in the Electronic Society (WPES) (2007)
Cangialosi, F., Levin, D., Spring, N.: Ting: measuring and exploiting latencies between all Tor nodes. In: Conference on Internet Measurement (IMC) (2015)
Darir, H., Sibai, H., Borisov, N., Dullerud, G., Mitra, S.: TightRope: towards optimal load-balancing of paths in anonymous networks. In: Workshop on Privacy in the Electronic Society (WPES) (2018)
Dingledine, R.: The lifecycle of a new relay. Tor Blog Post, September 2013. https://blog.torproject.org/lifecycle-new-relay
Dingledine, R., Hopper, N., Kadianakis, G., Mathewson, N.: One fast guard for life (or 9 months). In: Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) (2014)
Dingledine, R., Mathewson, N.: Tor protocol specification, November 2018. https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt
Dingledine, R., Mathewson, N.: Tor path specification, September 2019. https://gitweb.torproject.org/torspec.git/tree/path-spec.txt
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security Symposium (2004)
Dinh, T.N., Rochet, F., Pereira, O., Wallach, D.S.: Scaling up anonymous communication with efficient nanopayment channels. Proc. Priv. Enhanc. Technol. (PoPETs) 2020(3), 175-203 (2020)
Ghosh, M., Richardson, M., Ford, B., Jansen, R.: A TorPath to TorCoin: proof-of-bandwidth altcoins for compensating relays. In: Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) (2014)
Greubel, A., Pohl, S., Kounev, S.: Quantifying measurement quality and load distribution in Tor. In: Annual Computer Security Applications Conference (ACSAC) (2020)
Jansen, R.: Measuring the accuracy of tor relays’ advertised bandwidths, July 2019. https://lists.torproject.org/pipermail/tor-relays/2019-July/017535.html
Jansen, R., Hopper, N., Kim, Y.: Recruiting new tor relays with BRAIDS. In: Conference on Computer and Communications Security (CCS) (2010)
Jansen, R., Johnson, A., Syverson, P.: LIRA: lightweight incentivized routing for anonymity. In: Network and Distributed System Security Symposium (NDSS) (2013)
Jansen, R., Miller, A., Syverson, P., Ford, B.: From onions to shallots: rewarding tor relays with TEARS. In: Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) (2014)
Jansen, R., Tschorsch, F., Johnson, A., Scheuermann, B.: The sniper attack: anonymously deanonymizing and disabling the Tor network. In: Network and Distributed System Security Symposium (NDSS) (2014)
Jansen, R., Vaidya, T., Sherr, M.: Point break: a study of bandwidth denial-of-service attacks against Tor. In: USENIX Security Symposium (2019)
Johnson, A., Jansen, R., Hopper, N., Segal, A., Syverson, P.: PeerFlow: secure load balancing in Tor. Proceedings on Privacy Enhancing Technologies (PoPETs) 2017(2), 74-94 (2017)
Johnson, A., Wacek, C., Jansen, R., Sherr, M., Syverson, P.: Users get routed: traffic correlation on tor by realistic adversaries. In: Conference on Computer and Communications Security (CCS) (2013)
Juga: How bandwidth scanners monitor the tor network. tor blog post, April 2019. https://blog.torproject.org/how-bandwidth-scanners-monitor-tor-network
Mani, A., Brown, T.W., Jansen, R., Johnson, A., Sherr, M.: Understanding Tor usage with privacy-preserving measurement. In: Internet Measurement Conference (IMC) (2018)
Moore, W.B., Wacek, C., Sherr, M.: Exploring the potential benefits of expanded rate limiting in Tor: slow and steady wins the race with tortoise. In: Annual Computer Security Applications Conference (ACSAC) (2011)
Mozilla: Mozilla research grants 2019H1 (2019). https://mozilla-research.forms.fm/mozilla-research-grants-2019h1/forms/6510. call for Proposals
“Johnny” Ngan, T.-W., Dingledine, R., Wallach, D.S.: Building incentives into Tor. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 238–256. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_19
Panchenko, A., et al.: Website fingerprinting at Internet scale. In: Network and Distributed System Security Symposium (NDSS) (2016)
Perry, M.: TorFlow: Tor network analysis. In: Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) (2009)
Snader, R., Borisov, N.: EigenSpeed: secure peer-to-peer bandwidth evaluation. In: International Workshop on Peer-to-Peer Systems (IPTPS) (2009)
Mozilla research call: tune up tor for integration and scale, May 2019. https://blog.torproject.org/mozilla-research-call-tune-tor-integration-and-scale
Thill, F.: Hidden service tracking detection and bandwidth cheating in Tor anonymity network. Master’s thesis, University of Luxembourg (2014)
Wright, M., Adler, M., Levine, B.N., Shields, C.: The predecessor attack: an analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(7), 489–522 (2004)
Acknowledgments
This work has been partially supported by the Office of Naval Research (ONR), the Defense Advanced Research Projects Agency (DARPA), and the National Science Foundation (NSF) under award number CNS-1925497.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Figure 7 shows for each relay position the uptime by absolute discovered capacity quartiles. We observe that for all positions relays with higher discovered capacity have higher uptime, although we notice that guard relays have higher overall uptime (due to the additional uptime and stability requirements to get the Guard flag), and middles have a larger number of relays with low uptime.
The effect of relay uptime, where relays are ranked by their absolute discovered capacity. (a) Shows exit relays split into 4 sets by rank. Summary of the absolute discovered capacities (in Mbit/s): min = \(-88.0\), Q1 0.00, med = 0.0, Q3 = 39.1, max = 707. (b) Shows guard relays split into 4 sets by rank. Summary of the absolute discovered capacities (in Mbit/s): min = \(-90.3\), Q1 = 0.00, med = 0.428, Q3 = 31.1, max = 881. (c) Shows middle relays split into 4 sets by rank. Summary of the absolute discovered capacities (in Mbit/s): min = \(-169\), Q1 = 0.00, med = 0.00, Q3 = 5.13, max = 774.
Figure 8 shows the capacity of guard and middle relays after the speed test by quartiles of relative discovered capacity. It includes only relays with at least 75% uptime. It shows that for high-uptime relays in both positions, most of the discovered capacity is among the largest relays. We can especially see that for middle relays, the low amount of discovered capacity is due to the large number of relays with very little total or discovered capacity.
Absolute capacity of relays after the speed test, where relays are ranked by their relative discovered capacity. Relative discovered capacity is computed as \((\text {after}-\text {before})/\text {after}\). Includes only relays with uptime of 75% (273 days) or more during the year preceding the speed test. (a) Shows guard relays split into 4 sets by rank (1,238 guards had at least 75% uptime). (b) Shows middle relays split into 4 sets by rank (983 middles had at least 75% uptime).
Figure 9 shows the effect of relay capacity on the discovered capacity by position when only relays with at least 75% uptime are considered.
Absolute capacity of relays after the speed test, where relays are ranked by their absolute discovered capacity. Absolute discovered capacity is computed as \(\text {after}-\text {before}\) Includes only relays with uptime of 75% (273 days) or more during the year preceding the speed test. (a) Shows exit relays split into 4 sets by rank (379 exits had at least 75% uptime). (b) Shows guard relays split into 4 sets by rank (1,238 guards had at least 75% uptime). (c) Shows middle relays split into 4 sets by rank (983 middles had at least 75% uptime).
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Jansen, R., Johnson, A. (2021). On the Accuracy of Tor Bandwidth Estimation. In: Hohlfeld, O., Lutu, A., Levin, D. (eds) Passive and Active Measurement. PAM 2021. Lecture Notes in Computer Science(), vol 12671. Springer, Cham. https://doi.org/10.1007/978-3-030-72582-2_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-72582-2_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72581-5
Online ISBN: 978-3-030-72582-2
eBook Packages: Computer ScienceComputer Science (R0)