PCTCP

Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks

Mashael Alsabah, Ian Goldberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)

Abstract

Recently, there have been several research efforts to design a transport layer that meets the security requirements of anonymous communications while maximizing the network performance experienced by users. In this work, we argue that existing proposals suffer from several performance and deployment issues and we introduce PCTCP, a novel anonymous communication transport design for overlay networks that addresses the shortcomings of the previous proposals. In PCTCP, every overlay path, or circuit, is assigned a separate kernel-level TCP connection that is protected by IPsec, the standard security layer for IP. To evaluate our work, we focus on the Tor network, the most popular low-latency anonymity network, which is notorious for its performance problems that can potentially deter its wider adoption and thereby impact its anonymity. Previous research showed that the current transport layer design of Tor, in which several circuits are multiplexed in a single TCP connection between any pair of routers, is a key contributor to Tor's performance issues. We implemented, experimentally evaluated, and confirmed the potential gains provided by PCTCP in an isolated testbed and on the live Tor network. We ascertained that significant performance benefits can be obtained using our approach for web clients, while maintaining the same level of anonymity provided by the network today. Our realistic large-scale experimental evaluation of PCTCP shows improvements of more than 60% for response times and approximately 30% for download times compared to Tor. Finally, PCTCP only requires minimal changes to Tor and is easily deployable, as it does not require all routers on a circuit to upgrade.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages349-360
Number of pages12
DOIs
Publication statusPublished - 2013
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin
Duration: 4 Nov 20138 Nov 2013

Other

Other2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
CityBerlin
Period4/11/138/11/13

Fingerprint

Overlay networks
Telecommunication networks
Routers
Networks (circuits)
Communication
Network performance
Testbeds

Keywords

  • performance improvement
  • tor
  • transport design

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Alsabah, M., & Goldberg, I. (2013). PCTCP: Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 349-360) https://doi.org/10.1145/2508859.2516715

PCTCP : Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. / Alsabah, Mashael; Goldberg, Ian.

Proceedings of the ACM Conference on Computer and Communications Security. 2013. p. 349-360.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Alsabah, M & Goldberg, I 2013, PCTCP: Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. in Proceedings of the ACM Conference on Computer and Communications Security. pp. 349-360, 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, 4/11/13. https://doi.org/10.1145/2508859.2516715
Alsabah M, Goldberg I. PCTCP: Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. In Proceedings of the ACM Conference on Computer and Communications Security. 2013. p. 349-360 https://doi.org/10.1145/2508859.2516715
Alsabah, Mashael ; Goldberg, Ian. / PCTCP : Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. Proceedings of the ACM Conference on Computer and Communications Security. 2013. pp. 349-360
@inproceedings{ca8b5c7a847d48ac8a07ff3ad0056c83,
title = "PCTCP: Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks",
abstract = "Recently, there have been several research efforts to design a transport layer that meets the security requirements of anonymous communications while maximizing the network performance experienced by users. In this work, we argue that existing proposals suffer from several performance and deployment issues and we introduce PCTCP, a novel anonymous communication transport design for overlay networks that addresses the shortcomings of the previous proposals. In PCTCP, every overlay path, or circuit, is assigned a separate kernel-level TCP connection that is protected by IPsec, the standard security layer for IP. To evaluate our work, we focus on the Tor network, the most popular low-latency anonymity network, which is notorious for its performance problems that can potentially deter its wider adoption and thereby impact its anonymity. Previous research showed that the current transport layer design of Tor, in which several circuits are multiplexed in a single TCP connection between any pair of routers, is a key contributor to Tor's performance issues. We implemented, experimentally evaluated, and confirmed the potential gains provided by PCTCP in an isolated testbed and on the live Tor network. We ascertained that significant performance benefits can be obtained using our approach for web clients, while maintaining the same level of anonymity provided by the network today. Our realistic large-scale experimental evaluation of PCTCP shows improvements of more than 60{\%} for response times and approximately 30{\%} for download times compared to Tor. Finally, PCTCP only requires minimal changes to Tor and is easily deployable, as it does not require all routers on a circuit to upgrade.",
keywords = "performance improvement, tor, transport design",
author = "Mashael Alsabah and Ian Goldberg",
year = "2013",
doi = "10.1145/2508859.2516715",
language = "English",
isbn = "9781450324779",
pages = "349--360",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - PCTCP

T2 - Per-circuit TCP-over-IPsec transport for anonymous communication overlay networks

AU - Alsabah, Mashael

AU - Goldberg, Ian

PY - 2013

Y1 - 2013

N2 - Recently, there have been several research efforts to design a transport layer that meets the security requirements of anonymous communications while maximizing the network performance experienced by users. In this work, we argue that existing proposals suffer from several performance and deployment issues and we introduce PCTCP, a novel anonymous communication transport design for overlay networks that addresses the shortcomings of the previous proposals. In PCTCP, every overlay path, or circuit, is assigned a separate kernel-level TCP connection that is protected by IPsec, the standard security layer for IP. To evaluate our work, we focus on the Tor network, the most popular low-latency anonymity network, which is notorious for its performance problems that can potentially deter its wider adoption and thereby impact its anonymity. Previous research showed that the current transport layer design of Tor, in which several circuits are multiplexed in a single TCP connection between any pair of routers, is a key contributor to Tor's performance issues. We implemented, experimentally evaluated, and confirmed the potential gains provided by PCTCP in an isolated testbed and on the live Tor network. We ascertained that significant performance benefits can be obtained using our approach for web clients, while maintaining the same level of anonymity provided by the network today. Our realistic large-scale experimental evaluation of PCTCP shows improvements of more than 60% for response times and approximately 30% for download times compared to Tor. Finally, PCTCP only requires minimal changes to Tor and is easily deployable, as it does not require all routers on a circuit to upgrade.

AB - Recently, there have been several research efforts to design a transport layer that meets the security requirements of anonymous communications while maximizing the network performance experienced by users. In this work, we argue that existing proposals suffer from several performance and deployment issues and we introduce PCTCP, a novel anonymous communication transport design for overlay networks that addresses the shortcomings of the previous proposals. In PCTCP, every overlay path, or circuit, is assigned a separate kernel-level TCP connection that is protected by IPsec, the standard security layer for IP. To evaluate our work, we focus on the Tor network, the most popular low-latency anonymity network, which is notorious for its performance problems that can potentially deter its wider adoption and thereby impact its anonymity. Previous research showed that the current transport layer design of Tor, in which several circuits are multiplexed in a single TCP connection between any pair of routers, is a key contributor to Tor's performance issues. We implemented, experimentally evaluated, and confirmed the potential gains provided by PCTCP in an isolated testbed and on the live Tor network. We ascertained that significant performance benefits can be obtained using our approach for web clients, while maintaining the same level of anonymity provided by the network today. Our realistic large-scale experimental evaluation of PCTCP shows improvements of more than 60% for response times and approximately 30% for download times compared to Tor. Finally, PCTCP only requires minimal changes to Tor and is easily deployable, as it does not require all routers on a circuit to upgrade.

KW - performance improvement

KW - tor

KW - transport design

UR - http://www.scopus.com/inward/record.url?scp=84889016084&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84889016084&partnerID=8YFLogxK

U2 - 10.1145/2508859.2516715

DO - 10.1145/2508859.2516715

M3 - Conference contribution

SN - 9781450324779

SP - 349

EP - 360

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -