Statistical and combinatorial analysis of the TOR routing protocol: structural weaknesses identified in the TOR network

Abstract

In this paper, we present the results of a deep TOR routing protocol analysis from a statistical and combinatorial point of view. We have modelled all possible routes of this famous anonymity network exhaustively while taking different parameters into account with the data provided by the TOR foundation only. We have then confronted our theoretical model with the reality on the ground. To do this, we have generated thousands of roads on the actual TOR network and compared the results obtained with those predicted by the theory. A last step of combinatorial analysis has enabled us to identify critical subsets of Onion routers (ORs) which 33%, 50%, 66% and 75% of the TOR traffic respectively depends on. We have also managed to extract most of the TOR relay bridges which are non public nodes managed by the TOR foundation. The same results as for the ORs have been observed.

Appendix

1.1 Statistical model for the TOR routing protocol

The results obtained seem to indicate that the distribution of TOR routes follows a power law distribution (general case including Pareto, Zipf, Mandelbrot laws). We will limit ourselves to the discrete case (however, when the number of data is large enough—which is our case—it is possible to work with the continuous version of this law [4]. For more detailed information of these laws the reader can refer to [2, 4] we also used for statistical analysis.

A discrete variable X follows a Power law if its probability density is given by

$$\begin{aligned} p (x) = P[X = x] = C. x^{-\alpha } \end{aligned}$$

where \(\alpha \) is a constant parameter called power parameter of the law and C is the proportionality factor. In practice, most of the phenomena obey a power law for some \(x \ge x_{min}\). The constant C is given by the value \(x_{min}\) using the fact that

$$\begin{aligned} \int _{x_{min}}^{\infty } p(x)dx = 1 \end{aligned}$$

This results in \(C = \frac{\alpha - 1}{x_{min}^{-\alpha + 1}}\)

On a graph with logarithmic scales (log–log representation), the graph of a power law is a line since when noting \(y = P[X = x]\) we can write

$$\begin{aligned} \log (y) = \alpha .\log (x) + \log (C) \end{aligned}$$

Another useful representation is the inverse of the so-called cumulative cumulative distribution function (\(P[X[X > x] = 1 - F (x)\)). This is the one we will use here to compare the theoretical law obtained with the empirical law of data. In the following we will limit ourselves to the estimation of the parameters \(\alpha \) (maximum likelihood method, validation by the Kolmogorov–Smirnov adequacy test) and \(x_{min}\) (exhaustive estimation on all the values minimizing the D value of the Kolmogorov–Smirnov test).

Table 7 Results for all possible TOR routes (D represents the Kolmogorov–Smirnov distance between data and model)

Fig. 7

Inverse cumulative density functions of data compared to the fitted law. The red dotted line (resp. green and blue) describes the power law (resp. log–normal and exponential law) (color figure online)

Table 8 Results for 1-billion top TOR routes (D represents the Kolmogorov–Smirnov distance between data and model)

Fig. 8

Inverse cumulative density functions of data compared to the fitted law (1-billion top TOR routes). The red dotted line (resp. green and blue) describes the power law (resp. log–normal and exponential law)(color figure online)

It should be noted that in few cases, the theory suggests that empirical data can be described by two laws, without any clear distinction between the two. In our case. In three cases, the log–normal law has been identified as a possible alternative, but relatively close to the power law. Let us recall that a random variable X follows a log–normal law if \(Y = \ln (X)\) follows a normal law of average \(\mu \) and standard deviation \(\sigma \) (denoted \(LOG_\mathcal {N} (\mu , \sigma )\)).

For all possible routes (around 10 billions) we have results given in Table 7 and in Fig. 7. For Guard nodes occurences, let us mention the fact that the \(LOG_\mathcal {N}(7.38, 0.956)\) law is a possible alternative law.

Table 8 and Fig. 8 provides the results for the top one billion routes. For the Guard nodes occurences, we have \(LOG_\mathcal {N}(5.99, 0.661)\) as possible alternative law while for the Exit nodes occurrences, \(LOG_\mathcal {N}(8.47, 0.827)\) can be also an alternative law.