Opened 7 years ago
Closed 2 years ago
#6460 closed task (wontfix)
Devise metrics to measure the safety of the Tor network
Reported by: | asn | Owned by: | |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Metrics/Analysis | Version: | |
Severity: | Keywords: | ||
Cc: | gsathya, karsten, arma, robgjansen, ln5, amj703, nikita@…, r.a@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
We need to develop measurements to quantify the security and safety of the Tor network.
Such metrics will become even more useful to evaluate the effects of the upcoming exit node funding on the Tor network.
Child Tickets
Ticket | Status | Owner | Summary | Component |
---|---|---|---|---|
#5755 | closed | karsten | Atlas could show "fraction of Tor network by weight" graphs over time? | Metrics/Relay Search |
#6232 | closed | Make entropy-over-time graph | Metrics/Analysis | |
#6329 | closed | karsten | Write script to aggregate relay weights by country, AS, or relay family | Metrics Utilities |
#6443 | closed | Graph cdf of probability of selecting among the biggest k exits | Metrics/Analysis | |
#7026 | closed | Adversary-based metrics | Metrics/Analysis |
Change History (9)
comment:1 Changed 7 years ago by
comment:2 Changed 7 years ago by
Cc: | gsathya karsten arma added |
---|
comment:3 Changed 7 years ago by
Cc: | robgjansen added |
---|
Some papers on measuring anonymity:
- Towards an Information Theoretic Metric for Anonymity by Danezis et al. which uses the concept of information theoretic entropy to measure the anonymity of mix networks. Done in #6232 wrt the bandwidth weights of the consensus.
- Towards measuring anonymity by Diaz et al. which comes up with the concept of degree of anonymity. Graphs of the degree of anonymity of the Tor network were created in #6232.
- Measuring Anonymity Revisited by Tóth et al. which gives examples on why entropy and degree of entropy are not the best ways of measuring anonymity and proposes local anonymity measure as a more correct way.
They said that entropy as a measurement is flawed because two anonymous networks with the same number of users but completely different anonymity properties can have the same entropy. Also, there are anonymous networks with degree of anonymity *very* close to 1 that are completely broken.
They also said that entropy as a measurement describes the amount of information that an adversary needs to completely and deterministically deanonymize a user. They argue that an adversary is also successful if his attack has a big chance of deanonymizing the user. They believe that entropy can't handle the probability that an attacker's attack will succeed and their local anonymity measure measurement tries to provide that.
I'm not sure how useful it would be for us to use local anonymity measure as a network security measurement.
- A Combinatorial Approach to Measuring Anonymity by Edman et al. which provides a different model of measuring anonymity.
They quantify anonymity by modeling all possible communications and input/output of nodes of an anonymity system as a bipartite graph and then use some graph theory to get a single value that characterizes the system's anonymity.
It seems like a fun approach but the paper is concentrated on mixnets and I'm not sure how it can be generalized to onion routing.
What other anonymity-measuring research have I missed or forgot?
comment:4 Changed 7 years ago by
Cc: | ln5 added |
---|
comment:5 Changed 7 years ago by
Cc: | amj703 added |
---|
comment:6 Changed 7 years ago by
Note to self: Ian's paper The Mis-entropists: New Approaches to Measures in Tor
, and Paul's paper Why I'm not an Entropist
are also related to the topic of measuring diversity on the Tor network.
comment:7 Changed 6 years ago by
Cc: | nikita@… added |
---|
comment:8 Changed 6 years ago by
Cc: | r.a@… added |
---|
comment:9 Changed 2 years ago by
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Closing tickets in Metrics/Analysis that have been created 5+ years ago and not seen progress recently, except for the ones that "nickm-cares" about.
Example of such metrics are the graphs generated by #6232 and #6443; dealing with the diversity of the network.
The blog post Research problem: measuring the safety of the Tor network has more useful metrics that need development: https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network
Another idea that could be useful is measuring (and plotting over time) the probability that a circuit's entry node and exit node will belong to the same country/AS.
Another idea would be to measure the bandwidth capacity of relays running exploitable or non-recommended versions of Tor.