Metrics for Security and Performance in Low-Latency Anonymity Systems

  • Steven J. Murdoch
  • Robert N. M. Watson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5134)


In this paper we explore the tradeoffs between security and performance in anonymity networks such as Tor. Using probability of path compromise as a measure of security, we explore the behaviour of various path selection algorithms with a Tor path simulator. We demonstrate that assumptions about the relative expense of IP addresses and cheapness of bandwidth break down if attackers are allowed to purchase access to botnets, giving plentiful IP addresses, but each with relatively poor symmetric bandwidth. We further propose that the expected latency of data sent through a network is a useful performance metric, show how it may be calculated, and demonstrate the counter-intuitive result that Tor’s current path selection scheme, designed for performance, both performs well and is good for anonymity in the presence of a botnet-based adversary.


Malicious Node Path Selection Candidate Node Threat Model Exit Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  2. 2.
    Dingledine, R., Mathewson, N.: Tor protocol specification. Technical report, The Tor Project (October 2007),
  3. 3.
    Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against anonymous systems. Technical Report CU-CS-1025-07, University of Colorado at Boulder (2007)Google Scholar
  4. 4.
    Øverlier, L., Syverson, P.F.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Oakland, CA, US. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  5. 5.
    Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by Internet-exchange-level adversaries. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A system for anonymous and unobservable Internet access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Snader, R., Borisov, N.: A tune-up for Tor: Improving security and performance in the Tor network. In: Network & Distributed System Security Symposium. Internet Society (February 2008)Google Scholar
  8. 8.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 259–263. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 184–188. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Douceur, J.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Dingledine, R., Mathewson, N.: Tor path specification. Technical report, The Tor Project (October 2007),
  12. 12.
    Fuller, V., Li, T.: Classless inter-domain routing (CIDR): The Internet address assignment and aggregation plan. RFC 4632, IETF (August 2006)Google Scholar
  13. 13.
    Dagon, D.: Personal communicationGoogle Scholar
  14. 14.
    Kleinrock, L.: Queueing Systems, vol. 2. John Wiley, Chichester (1976)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Steven J. Murdoch
    • 1
  • Robert N. M. Watson
    • 1
  1. 1.Computer LaboratoryUniversity of CambridgeUK

Personalised recommendations