Performance measurements and blocking-resistance analysis in the Tor network

by karsten | May 21, 2009

The Tor network has grown to more than one thousand relays and millions of casual users over the past few years. We are proud of our network's popularity, but with growth has come increasing performance problems and attempts by some countries to block access to the Tor network. In order to address these problems, we need to learn more about the Tor network. In this post, I describe the current state of network measurements in Tor and some proposed additions to help us understand the network better.

Right now, relays, bridges, and directories gather the following data for statistical purposes:

  • Relays and bridges count the number of bytes that they have pushed in 15-minute intervals over the past 24 hours. They include these data in extra-info documents that they send to the directory authorities whenever they publish their server descriptor. See Figure 3 in the analysis of directory archives that shows that roughly half of the available bandwidth capacity is utilized.
  • Bridges further include a rough number of clients per country that they have seen in the past 48 hours in their extra-info documents. We added this feature in version 0.2.0.13-alpha to help us learn when a given country is trying to block connections to bridges. It also lets us understand bridge adoption better: see for an example an analysis of bridge users by countries.
  • Directories since version 0.2.1.1-alpha can be configured to count the number of clients they see per country in the past 24 hours and to write them to a local file. We have used these data in the past to estimate total numbers and origins of clients.

It turns out that we need to learn more about the Tor network to make it more useful for everyone. In particular, we are trying to identify performance bottlenecks and want to be ready to notice if any countries start blocking access to the Tor network. Therefore, I am planning to extend network measurements by the following kinds of data:

  • Entry guards should count the number of clients per country seen in the past 24 hours and include these numbers in their extra-info documents. These data are similar to what bridges already gather about their clients as well as directories if configured accordingly. (Remember, because Tor paths are more than one hop, the entry guard knows you are using Tor but does not know anything about your destinations.) We need country counts from entry guards to learn how many clients are connected to a single entry guard and if there are or start to be any restrictions for clients connecting from specific countries.
  • Relays should determine statistics about the number of bytes and cells waiting in their local queues and report them to the directory authorities in their extra-info documents. We need to learn more about buffer sizes of relays at various loads to identify current and future performance problems and fix them.
  • Exit nodes should include the number of bytes and streams they pushed over the past 24 hours broken down by exiting port in their extra-info documents. These data are important for us to identify load-balancing problems with respect to exit policies.

These approaches have been designed so that none of the network data can be used to deanonymize our users. All network data are aggregated before being uploaded to the directory authorities: client addresses are resolved to countries, added up over at least 24 hours, and rounded up to the next multiple of a fixed number (currently 8). All network data should be made available via the directories just as the current statistical data can be obtained from downloading extra-info documents. The details of the network measurements as outlined here will be specified in proposals and discussed on the developer mailing list. You can check out our results on the metrics project page as we make progress.

We are excited to finally start tackling the performance problems and to prepare ourselves to notice when countries start blocking access to the Tor network. We would love to have help from the rest of the research community in discussing safe ways to measure the described network data and to analyze them later on.

Comments

Please note that the comment area below has been archived.

May 21, 2009

Permalink

It may just be my computer, but I'm in China and am at the moment unable to connect to the Tor network.

May 21, 2009

Permalink

It worked well up until today. I am now receiving a message in the message log which states:

"May 22 18:21:09.015 [Warning] No specified exit routers seem to be running, and StrictExitNodes is set: can't choose an exit."

Can anyone assist please?

Check out
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryEx…

Especially the part where we suggest that you not use ExitNodes and
StrictExitNodes. They're easy to screw up and leave yourself in a broken
state.

So, "stop doing that" would be my suggestion. In the future we hope to
have a better interface for choosing your path (and/or exit) by country.

May 22, 2009

Permalink

What are you doing to increase security when nodes are chosen in anti privacy country's like Germany that starting on 1/1-2009 started to log information about from and to IPs and even worse 1/1-2009 Swedish espionage organization(FRA) started collecting & analysing a copy of all the data that passes the Swedish border !!!

Do you plan to use 4 nodes in these circuits in the future with a maximum of 1 node in these country's or how do you withstand these intrusions of the personal integrity these country's started with ?

For the record, 1/1/2009 was nearly 6 months ago. We hope you're using secure protocols through Tor such that the risks are lessened. Someone watching any node will only see you're using Tor, or what IP address you're visiting from an exit node. If an entry node, they'll know your IP. If an exit node, they'll know where you are going. In either case, they can't put who and what together.

A better question is what to do if your first and last node are in the same country, and I don't think we have an answer for that yet.

May 23, 2009

In reply to phobos

Permalink

"For the record, 1/1/2009 was nearly 6 months ago."
Yes i know that. I only mention this as i understand that Tor has still not made a good solution to solve this problem that needs fixing.
"We hope you're using secure protocols through Tor such that the risks are lessened."
Yes of course i am.

"A better question is what to do if your first and last node are in the same country, and I don't think we have an answer for that yet."

You do know that country's like Germany, USA, Sweden and so on are sending these data to the other country's even if it's against there own laws so stopping circuits with 3 nodes in the same country(does this work yet, it wasn't before) or even first & last node as you mention is not enough as a measure against these data retention & collecting they have started with.
Tor's circuits needs to have at least 1 entry or exitnode out of there reach to be a safe solution.

If you would allow a maximum of 1 node from this group of country's who do this kind of things it would of cource improve security a lot for they who themselfs are not able to recofigure there torrc-file.
I understand that this could be a problem because a country like Germany has such a large portion of the Tor networks total bandwidth.

May 24, 2009

Permalink

Cannot connect here in Okinawa. Kinda irritating really.

Potentially could be wifi router settings blocking specific ports, but is highly unlikely.

Issue remains the same.

[Notice] We're missing a certificate from authority with signing key [gibberish key removed]: launching request.
[Notice] We're missing a certificate from authority with signing key [gibberish key removed]: launching request.
[Notice] We're missing a certificate from authority with signing key [gibberish key removed]: launching request.
[Warning] 0 unknown, 3 missing key, 2 good, 0 bad, 0 no signature, 4 required

My first thought from the "3 missing key" part is that you are using a very old Tor version. Which Tor version is this? And can you post the [gibberish key removed] parts, too? There's nothing secret in them, and maybe they help us resolve the problem.

July 12, 2009

Permalink

Your program is actively being used to steal my internet band width to the point that we cannot operate our business.

I now have a timeswitch on the modem so the internet only runs during working hours.

I need you to provide me a program so I have control over the service that I am paying for.

Just remember this if you are not doing something wrong then you dont need to hide what you are doing.

phobos

July 12, 2009

In reply to by Stolen From (not verified)

Permalink

Here's the email I sent you earlier:

Hello,

Thanks for contacting us. Did you install Tor? If so, Tor has many
ways to control the amount of bandwidth consumed. Many users donate
their unused bandwidth to help others who need their privacy and
anonymity online.

> > I need you to provide me a program so I have control over the service
> > that I am paying for.

We can't provide you a program to control your ISP. If you can tell me
what you installed, assuming it's tor, I can help you from there.

> > Just remember this if you are not doing something wrong then you
> > don't need to hide what you are doing.

This is a false dichotomy. There are many reasons to protect your
communications, or to provide some control over who collects information
about you on the Internet without your permission.
https://torproject.org/torusers provides a few examples of users who
need their communications protected.

July 12, 2009

Permalink

Hello,

I just installed the new Tor bundle with Firefox, and when I select "View the Network" from the Vidalia Control Panel, none of the country flags appear in the Relay column to the left.

I had the Tor bundle before the recent Vidalia update, and the flags always appeared normally. (I ended up removing that bundle, and replacing it with the brand new one.)

Do you know -- is this a bug, or a temporary error in the network? I would rather not delete this new Vidalia bundle and start all over again, adding the add-ons, etc., if there is a simple fix for it.

With thanks,

ATP

January 26, 2010

Permalink

Everything worked fine, till yesterday. Now I cant connect and keep getting these messages:
Jan 26 12:36:19.710 [Notice] We're missing a certificate from authority with signing key 665711AF821C459DC59A8491FAD1B9D7A7800ECF: launching request.
Jan 26 12:36:19.711 [Notice] We're missing a certificate from authority with signing key 6584DF098CFC68ACBF5E551532C8A58674586820: launching request.
Jan 26 12:41:24.818 [Notice] We're missing a certificate from authority with signing key 665711AF821C459DC59A8491FAD1B9D7A7800ECF: launching request.
Jan 26 12:41:24.820 [Notice] We're missing a certificate from authority with signing key 6584DF098CFC68ACBF5E551532C8A58674586820: launching request.
Jan 26 12:41:25.081 [Warning] TLS error: unexpected close while renegotiating

What do I do?

October 28, 2011

Permalink

For this Error/Notice

We're missing a certificate from authority with signing

Update you Tor, cheers.