A Game Theoretic Analysis of Improvements to Tor's Resilience to Entry-Exit and End-to-End Attacks

Tor is among the most used overlay networks for anonymous communication. This anonymity can be undermined via entry-exit and end-to-end attacks. Using Game Theory, we analyze the viability of several methods for reducing Tor's vulnerability to such attacks. Entry-exit attacks rely upon controlling entry and exit nodes -- internal elements within the Tor Network, while end-to-end attacks utilize Autonomous Systems (internet service providers), elements outside of the Tor Network. Because both types of attacks rely on probability, we use Monte Carlo simulation and model the success probability maximizing strategies of adversaries. We analyze changes to Tor's node selection strategy that decrease the success probability of such attacks. Our goal is to support anonymity preserving systems against large Autonomous Systems providers and attackers with plenty of resources. We build upon previous work, but we also test eliminating the exit node bandwidth threshold and decreasing asymmetric routing to make compromising anonymity less likely. Given our results, we suggest the abandonment of the bandwidth threshold of exit nodes. Abandoning this threshold would not affect the bandwidth of the Tor network much, while it would impair an attacker's success probability significantly. We show that an attackers' success probability can be lowered by 23% over a year of usage. While prior to our changes (and assuming a large fraction of compromised nodes), anonymity is preserved ~62% of the time over a year, implementing our changes increases anonymity preservation to 85%.