FlashFlow: A Secure Speed Test for Tor
The Tor network uses a measurement system to estimate its relays' forwarding capacity and to balance traffic among them. This system has been shown to be vulnerable to adversarial manipulation. Moreover, its accuracy and effectiveness in benign circumstances has never been fully quantified. We first obtain such a quantification by analyzing Tor metrics data and performing experiments on the live network. Our results show that Tor currently underestimates its true capacity by about 50 traffic by 15-25 present FlashFlow, a system to measure the capacity of Tor relays. Our analysis shows that FlashFlow limits a malicious relay to obtaining a capacity estimate at most 1.33 times its true capacity. Through realistic Internet experiments, we find that FlashFlow measures relay capacity with at least 89 of the time. Through simulation, we find that FlashFlow can measure the entire Tor network in less than 5 hours using 3 measurers with 1 Gbit/s of bandwidth each. Finally, simulations using FlashFlow for load balancing shows that, compared to TorFlow, network weight error decreases by 86 50 KiB, 1 MiB, and 5 MiB transfer times decreases by 15 respectively. Moreover, FlashFlow yields more consistent client performance: the median rate of transfer timeouts decreases by 100 deviation of 50 KiB, 1 MiB, and 5 MiB transfer times decreases by 55 41 relative to TorFlow as the total client-traffic load increases, demonstrating that FlashFlow is better suited to supporting network growth.
READ FULL TEXT