PCTCP: Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks

Mashael Alsabah, Ian Goldberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Citations (Scopus)

Abstract

Recently, there have been several research efforts to design a transport layer that meets the security requirements of anonymous communications while maximizing the network performance experienced by users. In this work, we argue that existing proposals suffer from several performance and deployment issues and we introduce PCTCP, a novel anonymous communication transport design for overlay networks that addresses the shortcomings of the previous proposals. In PCTCP, every overlay path, or circuit, is assigned a separate kernel-level TCP connection that is protected by IPsec, the standard security layer for IP. To evaluate our work, we focus on the Tor network, the most popular low-latency anonymity network, which is notorious for its performance problems that can potentially deter its wider adoption and thereby impact its anonymity. Previous research showed that the current transport layer design of Tor, in which several circuits are multiplexed in a single TCP connection between any pair of routers, is a key contributor to Tor's performance issues. We implemented, experimentally evaluated, and confirmed the potential gains provided by PCTCP in an isolated testbed and on the live Tor network. We ascertained that significant performance benefits can be obtained using our approach for web clients, while maintaining the same level of anonymity provided by the network today. Our realistic large-scale experimental evaluation of PCTCP shows improvements of more than 60% for response times and approximately 30% for download times compared to Tor. Finally, PCTCP only requires minimal changes to Tor and is easily deployable, as it does not require all routers on a circuit to upgrade.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages349-360
Number of pages12
DOIs
Publication statusPublished - 2013
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin
Duration: 4 Nov 20138 Nov 2013

Other

Other2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
CityBerlin
Period4/11/138/11/13

    Fingerprint

Keywords

  • performance improvement
  • tor
  • transport design

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Alsabah, M., & Goldberg, I. (2013). PCTCP: Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 349-360) https://doi.org/10.1145/2508859.2516715