TY - GEN
T1 - CLAPS
T2 - 27th ACM SIGSAC Conference on Computer and Communications Security, CCS 2020
AU - Rochet, Florentin
AU - Wails, Ryan
AU - Johnson, Aaron
AU - Mittal, Prateek
AU - Pereira, Olivier
N1 - Publisher Copyright:
© 2020 Owner/Author.
PY - 2020/10/30
Y1 - 2020/10/30
N2 - Much research has investigated improving the security and performance of Tor by having Tor clients choose paths through the network in a way that depends on the client's location. However, this approach has been demonstrated to lead to serious deanonymization attacks. Moreover, we show how in some scenarios it can lead to significant performance degradation. For example, we demonstrate that using the recently-proposed Counter-RAPTOR system when guard bandwidth isn't abundant could increase median download times by 28.7%. We propose the CLAPS system for performing client-location-aware path selection, which fixes the known security and performance issues of existing designs. We experimentally compare the security and performance of CLAPS to Counter-RAPTOR and DeNASA. CLAPS puts a strict bound on the leakage of information about the client's location, where the other systems could completely reveal it after just a few connections. It also guarantees a limit on the advantage that an adversary can obtain by strategic relay placement, which we demonstrate to be overwhelming against the other systems. Finally, due to a powerful formalization of path selection as an optimization problem, CLAPS is approaching or even exceeding the original goals of algorithms to which it is applied, while solving their known deficiencies.
AB - Much research has investigated improving the security and performance of Tor by having Tor clients choose paths through the network in a way that depends on the client's location. However, this approach has been demonstrated to lead to serious deanonymization attacks. Moreover, we show how in some scenarios it can lead to significant performance degradation. For example, we demonstrate that using the recently-proposed Counter-RAPTOR system when guard bandwidth isn't abundant could increase median download times by 28.7%. We propose the CLAPS system for performing client-location-aware path selection, which fixes the known security and performance issues of existing designs. We experimentally compare the security and performance of CLAPS to Counter-RAPTOR and DeNASA. CLAPS puts a strict bound on the leakage of information about the client's location, where the other systems could completely reveal it after just a few connections. It also guarantees a limit on the advantage that an adversary can obtain by strategic relay placement, which we demonstrate to be overwhelming against the other systems. Finally, due to a powerful formalization of path selection as an optimization problem, CLAPS is approaching or even exceeding the original goals of algorithms to which it is applied, while solving their known deficiencies.
KW - anonymity
KW - onion routing
KW - tor
UR - http://www.scopus.com/inward/record.url?scp=85096187366&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85096187366&partnerID=8YFLogxK
U2 - 10.1145/3372297.3417279
DO - 10.1145/3372297.3417279
M3 - Conference contribution
AN - SCOPUS:85096187366
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 17
EP - 34
BT - CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 9 November 2020 through 13 November 2020
ER -