Integrate AS-aware circuit selection
The "ASToria" Tor client has been available since 2015, but I haven't seen any analysis of it from Tor Project or any plans to integrate any of the ideas. The general idea behind ASToria is to improve path selection to minimize the risk of AS-level traffic correlation. It is effectively an enhanced version of Tor's current naïve path-selection behavior which simply involves avoiding circuits with relays that share too small of a subnet. This is a similar proposal to #10221 (moved), which was created before this paper was published.
Tor should integrate AS-aware circuit selection (whether by including the ASToria code or creating a bespoke solution), or at the very least integrate AS-aware circuit measurement to make potential transition easier in the future. Additionally, this change would require no modifications of the Tor protocol and would be completely backwards-compatible with the network. From the paper's abstract:
We find that up to 40% of all circuits created by Tor are vulnerable to attacks by traffic correlation from Autonomous System (AS)-level adversaries, 42% from colluding AS-level adversaries, and 85% from state-level adversaries. In addition, we find that in some regions (notably, China and Iran) there exist many cases where over 95% of all possible circuits are vulnerable to correlation attacks, emphasizing the need for AS-aware relay-selection.
Astoria reduces the number of vulnerable circuits to 2% against AS-level adversaries, under 5% against colluding AS-level adversaries, and 25% against state-level adversaries. In addition, Astoria load balances across the Tor network so as to not overload any set of relays.
Key points:
- The code has already been written and just needs a cleanup and some review.
- Load balancing is done to prevent individual relays from being overloaded.
- No changes to the protocol are needed, making this fully backwards-compatible.
- AS-level traffic analysis risk is reduced from 40% to 2% for any given circuit.
https://arxiv.org/abs/1505.05173 https://github.com/sbunrg/Astoria