Part II Projects

New and innovative pluggable transports for Tor

Several countries now block Tor through deep packet inspection. To make Tor more accessible from such locations, it is possible to build a pluggable transport which disguises Tor's protocol signature, and make it harder to block.

Not-very-smart transports like ROT13 and base64 are nice but not very interesting. This project would explore more advanced possibilities for blocking-resistant communication, both in terms of making the content of packets look different from Tor, but also disguising meta-data (addresses, packet size, timing, etc...). Other possibilities include helping users access servers behind NAT (e.g. with pwnat) and resisting active probing (e.g. with BridgeSPA).

Integrating Tor with user-space transport protocol libraries

Tor currently sends data over TCP links between nodes. Prior research has indicated that this may not be optimal, and instead the role that TCP plays (congestion control and reliability) should be moved into Tor itself. This would allow a number of desirable changes, such as preventing errors on one circuit delaying another, and giving Tor control and visibility of congestion control.

There are many ways to do this, each with their own tradeoffs and difficulty of implementation. This project will be to select one (or more) option and implement it in Tor. The primary goal will be to test this modified version of Tor in simulation, but if it turns out to work well, it could be deployed in the live Tor network.

Measuring and improving network diversity in Tor

There are a growing number of people who are unwilling to run their own Tor nodes (especially exit nodes, which deal with abuse complaints), but are willing to donate money to someone else to run Tor nodes on their behalf. Due to economies of scale, it is also cheaper to run a small number of high-capacity nodes, rather than a large number of low-capacity nodes – consequently reducing network diversity.

For performance reasons, the probability that a particular node is selected by the Tor software is proportional to the bandwidth it offers. As a result, high-capacity nodes are much more likely to be used, and much more likely to be in a position to carry out surveillance on Tor users.

It is an open research problem how to deal with this weakness, although there has been some initial work. This project will be to develop metrics for the network diversity, and analyze how these translate to user security. Then different approaches for improving user security could be developed, for example limiting the capacity which can be offered by one organisation or the Tor software selecting nodes based on diversity measurements, in addition to node capacity.

Other projects

I am also happy to consider other projects, particularly related to banking security and privacy. You may also like to see the list of projects and research ideas from Tor.

Further information

To discuss further, please contact me.

Last modified 2012-07-09 14:13:14 +0100

[ Home ]