Leveraging Network Maps to Improve Evaluations of Overlay System Performance and Security
Distributed systems often communicate through overlaynetworks, which use custom addressing and protocols tocommunicate between participating nodes at the application layer,but route those custom messages over the standard networkinfrastructure. Overlay networks enable application systemdesigners to focus on the intended operation of their systemdistinct from the network layer. This can have several benefits:improvements at lower levels of the technology stack canbe assimilated without modifying the application layer protocol,and modeling application behavior is easier because the protocol doesn'tdepend on network interactions.However, while this enables overlay networks to be easily studiedand modeled, this very abstraction can make it difficult tounderstand how their interaction with the network underlayaffects them. Ideally the application's behavior would becompletely isolated from the network layer, but in practice thisis rarely the case. For instance, application layer modelingcannot easily predict exactly how a widespread deployment willbehave; security and performance can both be affected by the pathoverlay networks take through the underlay network. This canmake conscientious operators of overlay networks hesistant tomake large modifications to their protocol for fear itsinteraction with lower layers, once distributed across the internet, will haveunintended effects. For instance, the Tor Project, which managesthe Tor anonymity network, is relativelyconservative with respect to protocol changes, in part because offears that a change might affect anonymity through someunexpected interaction with the underlying network, whether dueto routing or performance.The goal of this thesis is to introduce network maps which canbe used to effectively evaluate overlay network technologies withrespect to both performance and anonymity within evaluationplatforms that provide a safe environment for experimentation.Safe evaluation environments are critical in that they permitmodification of core protocols without affecting active systemusers. We discuss the advantages and disadvantages posed bydifferent classes of evaluation platforms andhow they can interface with our proposed network maps.We present a series of techniques for constructing these network maps which combine network information fromdisparate sources into large graphs which represent the globalinternet. For each type of network data, we discuss the sources from whichthey can be obtained and the types of inaccuracies they canintroduce in network evaluations. Given the set of availabledata, we propose methods for constructing network maps bycombining these sources of information.We develop maps at two granularity levels, then present severalcase studies which use the proposed mapping techniques incombination with several platforms to perform security andperformance evaluations of the Tor anonymity network, including aconsideration of the effects of modifications to the Torprotocol. The first study investigates the performance andsecurity implications of a number of modifications to Tor's relayselection strategy. We show that while Tor's existing strategy ishighly effective, there are opportunities for performanceimprovement from layered selection strategies. A second studyresearches the level and prevalence of the threat posed to Torusers by network level adversaries, showing that Tor users arehighly vulnerable -- perhaps more so than previously thought --against network adversaries.
MetadataShow full item record
Showing items related by title, author, creator and subject.