Ting: Measuring and Exploiting
Latencies Between All Tor Nodes
Frank Cangialosi Dave Levin Neil Spring
University of Maryland
1
Measuring latencies
Ping
Measurement
Host
External
Host
Limited to the nodes
we control
2
Measuring latencies
Ping
Measurement
Host
To gain broader insight, we can:
External
Host
1. Control more nodes?
2. Estimate latencies?
Limited to the nodes
we control
3
Measuring latencies
Ping
Measurement
Host
Goal
External
Host
Limited to the nodes
we control
Latency between
arbitrary nodes
4
King technique
[Gummadi et al, 2002]
ns
ns
5
King technique
[Gummadi et al, 2002]
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Q
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
A
Q
Q
ns
ns
A
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Ping
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Subtract latencies
Ping
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Subtract latencies
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Subtract latencies
King does not directly measure
the path between two hosts
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Subtract latencies
King does not directly measure
the path between two hosts
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Subtract latencies
King does not directly measure
the path between two hosts
ns
ns
5
King technique
[Gummadi et al, 2002]
Measure the RTT of
recursive DNS queries
Subtract latencies
King does not directly measure
the path between two hosts
ns
ns
Only 3% support
recursive queries
5
TING
a tool for measuring latency
between arbitrary Tor nodes
1
Accurate — measures the full path between end hosts
2
Practical — does not require modification of end hosts
6
What is Tor?
Anonymity-enabling overlay network
Packets routed through series of relays, called a circuit
Client
Destination
Clients choose their own circuits
7
What is Tor?
Anonymity-enabling overlay network
Packets routed through series of relays, called a circuit
Client
Destination
Clients choose their own circuits
7
Why Tor?
Large
Diverse
Growing
6,536 relays in 77 countries
(on October 29, 2015)
5,520 /24s, ~61% residential networks
[https://metrics.torproject.org]
8
Tor-specific constraints
x
9
y
Tor-specific constraints
x
9
y
Tor-specific constraints
x
9
y
Tor-specific constraints
Ping
x
9
y
Tor-specific constraints
Ping
Subtract latencies?
x
9
y
Tor-specific constraints
Tor traffic may be
treated differently
9
x
y
Tor-specific constraints
Tor traffic may be
treated differently
1
10%
ICMP slower
0.8
CDF
0.6
0.4
0.2
0
-15
x
25%
TCP slower
-10
-5
0
5
10
min(ICMP) - min(TCP) (msec)
10
15
y
Tor-specific constraints
Tor traffic may be
treated differently
x
11
y
Tor-specific constraints
Tor traffic may be
treated differently
x
11
y
Tor-specific constraints
Tor traffic may be
treated differently
Tor
Cannot create
one-hop circuits
11
x
y
Tor-specific constraints
Tor traffic may be
treated differently
Tor
Cannot create
one-hop circuits
12
x
y
Tor-specific constraints
Tor traffic may be
treated differently
Cannot create
one-hop circuits
x
13
y
Tor-specific constraints
Tor traffic may be
treated differently
Cannot create
one-hop circuits
x
14
y
Tor-specific constraints
Tor traffic may be
treated differently
Cannot create
one-hop circuits
x
F
Must account for
forwarding delays
14
y
Tor-specific constraints
Tor traffic may be
treated differently
Cannot create
one-hop circuits
x
y
F
Must account for
forwarding delays
14
Queuing / Scheduling
Encryption & Decryption
Context Switches
Tor-specific constraints
Tor traffic may be
treated differently
Cannot create
one-hop circuits
x
F
Must account for
forwarding delays
14
y
F
F
Queuing / Scheduling
Encryption & Decryption
Context Switches
F
Tor-specific constraints
Tor traffic may be
treated differently
Cannot create
one-hop circuits
x
Must account for
forwarding delays
15
y
Ting technique
x
16
y
1
Measurement Host
s
d
3
Summary
x
x
2
y
17
y
1
Measurement Host
3
Measure full path between x and y
s
d
w
z
Summary
x
x
2
y
18
y
1
Measurement Host
3
Measure full path between x and y
s
d
w
z
Summary
x
x
2
y
18
y
1
Measurement Host
3
Measure full path between x and y
s
d
w
z
Summary
x
x
2
y
18
y
1
Measurement Host
2
3
Measure full path between x and y
s
d
w
z
Summary
x
F
x
F
y
F
F
F
18
y
F
F
F
1
Measurement Host
2
3
Measure full path between x and y
s
d
w
z
Summary
x
F
x
F
y
F
F
F
18
y
F
F
F
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and x
Summary
x
F
x
y
19
y
F
F
F
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and x
Summary
x
F
x
y
19
y
F
F
F
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and x
Summary
x
F
y
F
F
x
y
F
19
F
F
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and x
Summary
x
F
y
F
F
x
y
F
19
F
F
1
Measurement Host
s
d
w
z
-
2
3
Isolate RTT between
client and x
Summary
x
F
y
F
F
x
y
F
19
F
F
1
Measurement Host
s
d
w
z
–
2
3
Isolate RTT between
client and x
Summary
x
F
y
F
F
x
y
F
20
F
F
1
Measurement Host
s
d
w
z
–
2
3
Isolate RTT between
client and x
Summary
Subtract latencies
x
F
y
F
F
x
y
F
20
F
F
1
Measurement Host
s
d
w
z
–
2
3
Isolate RTT between
client and x
Summary
x
F
x
y
F
20
y
F
F
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and y
Summary
x
F
x
y
21
y
F
F
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and y
Summary
x
F
x
y
21
y
F
F
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and y
Summary
x
F
y
F
F
F
x
y
F
21
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and y
Summary
x
F
y
F
F
F
x
y
F
21
1
Measurement Host
s
d
w
z
2
3
Isolate RTT between
client and y
Summary
x
F
y
F
F
F
x
y
F
21
1
Measurement Host
s
d
w
z
–
2
3
Isolate RTT between
client and y
Summary
x
F
y
F
F
F
x
y
F
22
1
Measurement Host
s
w
–
2
3
–
Isolate RTT between
client and y
d
Summary
Subtract
latencies
z
x
F
y
F
F
F
x
y
F
22
1
–
2
3
–
Isolate RTT between
client and y
Summary
x
F
22
y
F
1
–
2
–
3
= RTT(x,y) + Fx + Fy
Summary
x
y
F
F
23
1
2
–
3
–
s
d
s
d
s
d
w
z
w
z
w
z
x
y
x
y
x
y
24
min ( X * 1 )
– min ( X *
2 )
– min ( X *
3 )
s
d
s
d
s
d
w
z
w
z
w
z
x
y
x
y
x
y
Minimum of multiple, independent samples of each circuit
25
Ting evaluation
Implemented Ting using the Stem Tor controller
No modifications to the Tor client
How well does Ting work?
How accurate?
How many samples?
How consistent?
26
Ting evaluation
How well does Ting work?
How accurate?
How many samples?
How consistent?
31
Tor relays
930
Total pairs
27
How accurate is Ting?
1
All Pairs
Fraction of PlanetLab Pairs
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.5
1
Measured / Real
28
1.5
2
How accurate is Ting?
Ideal
1
All Pairs
Fraction of PlanetLab Pairs
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.5
1
Measured / Real
28
1.5
2
How accurate is Ting?
Ideal
1
All Pairs
Fraction of PlanetLab Pairs
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.5
1
Measured / Real
28
1.5
2
How accurate is Ting?
Ideal
1
All Pairs
Fraction of PlanetLab Pairs
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.5
1
Measured / Real
1.5
Ting estimates typically within 10% of “real”
28
2
How accurate is Ting?
Ideal
1
< 50 ms
50-150 ms
150-250 ms
> 250 ms
Fraction of PlanetLab Pairs
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.5
1
Measured / Real
1.5
Ting estimates typically within 10% of “real”
29
2
How accurate is Ting?
Ideal
1
< 50 ms
50-150 ms
150-250 ms
> 250 ms
Fraction of PlanetLab Pairs
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.5
1
Measured / Real
1.5
Ting estimates typically within 10% of “real”
29
2
How accurate is Ting?
Ideal
1
< 50 ms
50-150 ms
150-250 ms
> 250 ms
Fraction of PlanetLab Pairs
0.9
0.8
Relative error lower at
higher latencies
0.7
0.6
0.5
Forwarding delays create
an additive error
0.4
0.3
0.2
RTT(x,y) + Fx + Fy
0.1
0
0
0.5
1
Measured / Real
1.5
Ting estimates typically within 10% of “real”
29
2
How many samples does Ting need?
1
Fraction ofFraction
Pairs
Cumulative
0.9
0.8
0.7
0.6
0.5
0.4
0.3
Measured Min
Within 1ms
Within 1%
Within 5%
Within 10%
0.2
0.1
0
0
100 200 300 400 500 600 700 800 900 1000
Cumulative Samples Per Circuit
30
How many samples does Ting need?
1
Fraction ofFraction
Pairs
Cumulative
0.9
0.8
0.7
0.6
0.5
0.4
0.3
Measured Min
Within 1ms
Within 1%
Within 5%
Within 10%
0.2
0.1
0
0
100 200 300 400 500 600 700 800 900 1000
Cumulative Samples Per Circuit
30
How many samples does Ting need?
1
0.9
Fraction of Pairs
0.8
0.7
Only ~15 samples needed to
reach values within 5% of min
0.6
0.5
0.4
0.3
0.2
0.1
Within 5%
0
0
100 200 300 400 500 600 700 800 900 1000
Cumulative Samples Per Circuit
Ting remains accurate with few samples
31
How consistent are Ting measurements?
30 pairs of real Tor relays, measured once an hour over a week
400
350
Latency (ms)
300
250
200
150
100
50
0
0
5
10
15
20
25
30
Pairs (Sorted in Increasing Order of Median Latency)
32
How consistent are Ting measurements?
30 pairs of real Tor relays, measured once an hour over a week
50% vary by < 5ms
over a week
Ting measurements need not be updated often
Evaluation summary
How well does Ting work?
Typically within 10% of real latency
Remains accurate with few samples
Vary by only a few ms over time
Ting’s stability and accuracy permit
collection of an all-pairs RTT dataset
Evaluation summary
How well does Ting work?
Typically within 10% of real latency
Remains accurate with few samples
Vary by only a few ms over time
Ting’s stability and accuracy permit
collection of an all-pairs RTT dataset
All-pairs RTT dataset
50
Tor relays outside of our control
1,225 pairs in all-pairs RTT dataset
Geographic distribution
Latency distribution
1
CDF
0.8
0.6
0.4
0.2
0
0
100 200 300 400 500 600 700 800
Latency (msec)
35
Applications
1
Speeding up deanyonmization of Tor circuits
2
Improving Tor’s path selection algorithm
3
Gain insight into non-Tor nodes
36
Applications
1
Speeding up deanyonmization of Tor circuits
37
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Malicious
Destination
Client
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Malicious
Destination
Client
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Malicious
Destination
Client
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Attacker’s Goal: find all nodes in the circuit
Malicious
Destination
Client
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Attacker’s Goal: find all nodes in the circuit
Malicious
Destination
Client
Probe
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Attacker’s Goal: find all nodes in the circuit
Malicious
Destination
Client
Probe
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Attacker’s Goal: find all nodes in the circuit
Malicious
Destination
Client
Probe
Time- and bandwidth-intensive
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Attacker’s Goal: find all nodes in the circuit
Malicious
Destination
Client
Probe
Time- and bandwidth-intensive
Done in an unguided fashion
38
Classic traffic-analysis attack
[Murdoch and Danezis, 2005]
Attacker’s Goal: find all nodes in the circuit
Malicious
Destination
Client
Probe
Time- and bandwidth-intensive
Done in an unguided fashion
38
Classic traffic-analysis attack
1
RTT-unaware
Ignore too-large RTTs
+ informed target selection
0.9
0.8
0.7
CDF
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Fraction of nodes tested
39
1
Classic traffic-analysis attack
1
RTT-unaware
Ignore too-large RTTs
+ informed target selection
0.9
0.8
0.7
CDF
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Fraction of nodes tested
39
1
Faster deanonymization with Ting
Apply what the attacker knows about latencies
40
Faster deanonymization with Ting
Apply what the attacker knows about latencies
e2e RTT
40
Faster deanonymization with Ting
Apply what the attacker knows about latencies
e2e RTT
40
Directly
measured
Faster deanonymization with Ting
Apply what the attacker knows about latencies
e2e RTT
Pre-measured
with Ting
40
Directly
measured
Faster deanonymization with Ting
Apply what the attacker knows about latencies
e2e RTT
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
40
Directly
measured
Faster deanonymization with Ting
Apply what the attacker knows about latencies
e2e RTT
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
40
Directly
measured
Faster deanonymization with Ting
Reason about what the client → entry RTT would have to be
e2e RTT
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
40
Directly
measured
Faster deanonymization with Ting
Reason about what the client → entry RTT would have to be
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
41
Directly
measured
Faster deanonymization with Ting
Reason about what the client → entry RTT would have to be
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
41
Directly
measured
Ruling out nodes without probing them
Reason about what the client → entry RTT would have to be
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
42
Directly
measured
Ruling out nodes without probing them
Reason about what the client → entry RTT would have to be
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
42
Directly
measured
Ruling out nodes without probing them
Reason about what the client → entry RTT would have to be
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
42
Directly
measured
Ruling out nodes without probing them
Reason about what the client → entry RTT would have to be
Client’s RTT would
have to be negative
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
42
Directly
measured
Ruling out nodes without probing them
Reason about what the client → entry RTT would have to be
Too-Large RTT
Client’s RTT would
have to be negative
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
42
Directly
measured
Ruling out too-large RTTs
1
RTT-unaware
Ignore too-large RTTs
+ informed target selection
0.9
0.8
0.7
CDF
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Fraction of nodes tested
43
1
Ruling out too-large RTTs
1
RTT-unaware
Ignore too-large RTTs
+ informed target selection
0.9
0.8
0.7
CDF
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Fraction of nodes tested
43
1
Informed target selection
Probe nodes according to probability that they are on the circuit
Too-Large RTT
Client’s RTT would
have to be negative
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
44
Directly
measured
Informed target selection
Probe the more likely circuits first
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
45
Directly
measured
Informed target selection
Probe the more likely circuits first
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
45
Directly
measured
Informed target selection
Probe the more likely circuits first
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
45
Directly
measured
Informed target selection
Probe the more likely circuits first
Average Ting RTT
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
45
Directly
measured
Informed target selection
Probe the more likely circuits first
Average Ting RTT
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
45
Directly
measured
Informed target selection
Probe the more likely circuits first
Score
Lower score implies higher likelihood
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
46
Directly
measured
Informed target selection
Probe the more likely circuits first
Score
Lower score implies higher likelihood
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
46
Directly
measured
Informed target selection
Probe the more likely circuits first
Score
Lower score implies higher likelihood
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
47
Directly
measured
Informed target selection
Probe the more likely circuits first
Score
Lower score implies higher likelihood
Pre-measured
Client’s RTT to the
with Ting
entry node is unknown
47
Directly
measured
Faster deanonymization with Ting
1
RTT-unaware
Ignore too-large RTTs
+ informed target selection
0.9
0.8
0.7
CDF
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Fraction of nodes tested
1
Informed target selection decreases search time by a median of 1.5×
48
Faster deanonymization with Ting
1
RTT-unaware
Ignore too-large RTTs
+ informed target selection
0.9
0.8
0.7
CDF
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Fraction of nodes tested
1
Informed target selection decreases search time by a median of 1.5×
48
Faster deanonymization with Ting
1
RTT-unaware
Ignore too-large RTTs
+ informed target selection
0.9
0.8
0.7
CDF
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Fraction of nodes tested
1
Informed target selection decreases search time by a median of 1.5×
48
Summary
We lack a practical tool for measuring the latency
between two arbitrary hosts
TING
measures the latency between Tor nodes
is fast, accurate, and practical
Source code and data available at:
www.cs.umd.edu/projects/ting
49
Implementation
Ting Client
Test Relays
Language: Python
Tor Controller: Stem
Tor-0.2.3.25-patched
SLOC: ~400
Tor-0.2.4.22 (latest)
PublishDescriptors 0
Restricted Exit Policy
Uptime: > 1 month
50