Opened 7 years ago

Closed 2 years ago

#6460 closed task (wontfix)

Devise metrics to measure the safety of the Tor network

Reported by: asn Owned by:
Priority: Medium Milestone:
Component: Metrics/Analysis Version:
Severity: Keywords:
Cc: gsathya, karsten, arma, robgjansen, ln5, amj703, nikita@…, r.a@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We need to develop measurements to quantify the security and safety of the Tor network.

Such metrics will become even more useful to evaluate the effects of the upcoming exit node funding on the Tor network.

Child Tickets

TicketStatusOwnerSummaryComponent
#5755closedkarstenAtlas could show "fraction of Tor network by weight" graphs over time?Metrics/Relay Search
#6232closedMake entropy-over-time graphMetrics/Analysis
#6329closedkarstenWrite script to aggregate relay weights by country, AS, or relay familyMetrics Utilities
#6443closedGraph cdf of probability of selecting among the biggest k exitsMetrics/Analysis
#7026closedAdversary-based metricsMetrics/Analysis

Change History (9)

comment:1 Changed 7 years ago by asn

Example of such metrics are the graphs generated by #6232 and #6443; dealing with the diversity of the network.

The blog post Research problem: measuring the safety of the Tor network has more useful metrics that need development: https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network

Another idea that could be useful is measuring (and plotting over time) the probability that a circuit's entry node and exit node will belong to the same country/AS.
Another idea would be to measure the bandwidth capacity of relays running exploitable or non-recommended versions of Tor.

comment:2 Changed 7 years ago by gsathya

Cc: gsathya karsten arma added

comment:3 Changed 7 years ago by asn

Cc: robgjansen added

Some papers on measuring anonymity:

  • Towards an Information Theoretic Metric for Anonymity by Danezis et al. which uses the concept of information theoretic entropy to measure the anonymity of mix networks. Done in #6232 wrt the bandwidth weights of the consensus.
  • Towards measuring anonymity by Diaz et al. which comes up with the concept of degree of anonymity. Graphs of the degree of anonymity of the Tor network were created in #6232.
  • Measuring Anonymity Revisited by Tóth et al. which gives examples on why entropy and degree of entropy are not the best ways of measuring anonymity and proposes local anonymity measure as a more correct way.

They said that entropy as a measurement is flawed because two anonymous networks with the same number of users but completely different anonymity properties can have the same entropy. Also, there are anonymous networks with degree of anonymity *very* close to 1 that are completely broken.

They also said that entropy as a measurement describes the amount of information that an adversary needs to completely and deterministically deanonymize a user. They argue that an adversary is also successful if his attack has a big chance of deanonymizing the user. They believe that entropy can't handle the probability that an attacker's attack will succeed and their local anonymity measure measurement tries to provide that.

I'm not sure how useful it would be for us to use local anonymity measure as a network security measurement.

  • A Combinatorial Approach to Measuring Anonymity by Edman et al. which provides a different model of measuring anonymity.

They quantify anonymity by modeling all possible communications and input/output of nodes of an anonymity system as a bipartite graph and then use some graph theory to get a single value that characterizes the system's anonymity.

It seems like a fun approach but the paper is concentrated on mixnets and I'm not sure how it can be generalized to onion routing.

What other anonymity-measuring research have I missed or forgot?

comment:4 Changed 7 years ago by ln5

Cc: ln5 added

comment:5 Changed 7 years ago by amj703

Cc: amj703 added

comment:6 Changed 7 years ago by asn

Note to self: Ian's paper The Mis-entropists: New Approaches to Measures in Tor, and Paul's paper Why I'm not an Entropist are also related to the topic of measuring diversity on the Tor network.

comment:7 Changed 6 years ago by nikita

Cc: nikita@… added

comment:8 Changed 6 years ago by ra

Cc: r.a@… added

comment:9 Changed 2 years ago by karsten

Resolution: wontfix
Status: newclosed

Closing tickets in Metrics/Analysis that have been created 5+ years ago and not seen progress recently, except for the ones that "nickm-cares" about.

Note: See TracTickets for help on using tickets.