Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 66d5ce266e
Branches Tags
tor
/
doc
/
spec
/
proposals
/
155-four-hidden-service-improvements.txt

155-four-hidden-service-improvements.txt 5.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 
  1. Filename: 155-four-hidden-service-improvements.txt
    2. 

  2. Title: Four Improvements of Hidden Service Performance
    3. 

  3. Author: Karsten Loesing, Christian Wilms
    4. 

  4. Created: 25-Sep-2008
    5. 

  5. Status: Finished
    6. 

  6. Implemented-In: 0.2.1.x
    7. 

  7. 

  8. Change history:
    9. 

  9. 

  10.   25-Sep-2008  Initial proposal for or-dev
    11. 

  11. 

  12. Overview:
    13. 

  13. 

  14.   A performance analysis of hidden services [1] has brought up a few
    15. 

  15.   possible design changes to reduce advertisement time of a hidden service
    16. 

  16.   in the network as well as connection establishment time. Some of these
    17. 

  17.   design changes have side-effects on anonymity or overall network load
    18. 

  18.   which had to be weighed up against individual performance gains. A
    19. 

  19.   discussion of seven possible design changes [2] has led to a selection
    20. 

  20.   of four changes [3] that are proposed to be implemented here.
    21. 

  21. 

  22. Design:
    23. 

  23. 

  24.   1. Shorter Circuit Extension Timeout
    25. 

  25. 

  26.   When establishing a connection to a hidden service a client cannibalizes
    27. 

  27.   an existing circuit and extends it by one hop to one of the service's
    28. 

  28.   introduction points. In most cases this can be accomplished within a few
    29. 

  29.   seconds. Therefore, the current timeout of 60 seconds for extending a
    30. 

  30.   circuit is far too high.
    31. 

  31. 

  32.   Assuming that the timeout would be reduced to a lower value, for example
    33. 

  33.   30 seconds, a second (or third) attempt to cannibalize and extend would
    34. 

  34.   be started earlier. With the current timeout of 60 seconds, 93.42% of all
    35. 

  35.   circuits can be established, whereas this fraction would have been only
    36. 

  36.   0.87% smaller at 92.55% with a timeout of 30 seconds.
    37. 

  37. 

  38.   For a timeout of 30 seconds the performance gain would be approximately 2
    39. 

  39.   seconds in the mean as opposed to the current timeout of 60 seconds. At
    40. 

  40.   the same time a smaller timeout leads to discarding an increasing number
    41. 

  41.   of circuits that might have been completed within the current timeout of
    42. 

  42.   60 seconds.
    43. 

  43. 

  44.   Measurements with simulated low-bandwidth connectivity have shown that
    45. 

  45.   there is no significant effect of client connectivity on circuit
    46. 

  46.   extension times. The reason for this might be that extension messages are
    47. 

  47.   small and thereby independent of the client bandwidth. Further, the
    48. 

  48.   connection between client and entry node only constitutes a single hop of
    49. 

  49.   a circuit, so that its influence on the whole circuit is limited.
    50. 

  50. 

  51.   The exact value of the new timeout does not necessarily have to be 30
    52. 

  52.   seconds, but might also depend on the results of circuit build timeout
    53. 

  53.   measurements as described in proposal 151.
    54. 

  54. 

  55.   2. Parallel Connections to Introduction Points
    56. 

  56. 

  57.   An additional approach to accelerate extension of introduction circuits
    58. 

  58.   is to extend a second circuit in parallel to a different introduction
    59. 

  59.   point. Such parallel extension attempts should be started after a short
    60. 

  60.   delay of, e.g., 15 seconds in order to prevent unnecessary circuit
    61. 

  61.   extensions and thereby save network resources. Whichever circuit
    62. 

  62.   extension succeeds first is used for introduction, while the other
    63. 

  63.   attempt is aborted.
    64. 

  64. 

  65.   An evaluation has been performed for the more resource-intensive approach
    66. 

  66.   of starting two parallel circuits immediately instead of waiting for a
    67. 

  67.   short delay. The result was a reduction of connection establishment times
    68. 

  68.   from 27.4 seconds in the original protocol to 22.5 seconds.
    69. 

  69. 

  70.   While the effect of the proposed approach of delayed parallelization on
    71. 

  71.   mean connection establishment times is expected to be smaller,
    72. 

  72.   variability of connection attempt times can be reduced significantly.
    73. 

  73. 

  74.   3. Increase Count of Internal Circuits
    75. 

  75. 

  76.   Hidden services need to create or cannibalize and extend a circuit to a
    77. 

  77.   rendezvous point for every client request. Really popular hidden services
    78. 

  78.   require more than two internal circuits in the pool to answer multiple
    79. 

  79.   client requests at the same time. This scenario was not yet analyzed, but
    80. 

  80.   will probably exhibit worse performance than measured in the previous
    81. 

  81.   analysis. The number of preemptively built internal circuits should be a
    82. 

  82.   function of connection requests in the past to adapt to changing needs.
    83. 

  83.   Furthermore, an increased number of internal circuits on client side
    84. 

  84.   would allow clients to establish connections to more than one hidden
    85. 

  85.   service at a time.
    86. 

  86. 

  87.   Under the assumption that a popular hidden service cannot make use of
    88. 

  88.   cannibalization for connecting to rendezvous points, the circuit creation
    89. 

  89.   time needs to be added to the current results. In the mean, the
    90. 

  90.   connection establishment time to a popular hidden service would increase
    91. 

  91.   by 4.7 seconds.
    92. 

  92. 

  93.   4. Build More Introduction Circuits
    94. 

  94. 

  95.   When establishing introduction points, a hidden service should launch 5
    96. 

  96.   instead of 3 introduction circuits at the same time and use only the
    97. 

  97.   first 3 that could be established. The remaining two circuits could still
    98. 

  98.   be used for other purposes afterwards.
    99. 

  99. 

  100.   The effect has been simulated using previously measured data, too.
    101. 

  101.   Therefore, circuit establishment times were derived from log files and
    102. 

  102.   written to an array. Afterwards, a simulation with 10,000 runs was
    103. 

  103.   performed picking 5 (4, 6) random values and using the 3 lowest values in
    104. 

  104.   contrast to picking only 3 values at random. The result is that the mean
    105. 

  105.   time of the 3-out-of-3 approach is 8.1 seconds, while the mean time of
    106. 

  106.   the 3-out-of-5 approach is 4.4 seconds.
    107. 

  107. 

  108.   The effect on network load is minimal, because the hidden service can
    109. 

  109.   reuse the slower internal circuits for other purposes, e.g., rendezvous
    110. 

  110.   circuits. The only change is that a hidden service starts establishing
    111. 

  111.   more circuits at once instead of subsequently doing so.
    112. 

  112. 

  113. References:
    114. 

  114. 

  115.   [1] http://freehaven.net/~karsten/hidserv/perfanalysis-2008-06-15.pdf
    116. 

  116. 

  117.   [2] http://freehaven.net/~karsten/hidserv/discussion-2008-07-15.pdf
    118. 

  118. 

  119.   [3] http://freehaven.net/~karsten/hidserv/design-2008-08-15.pdf
    120. 

  120.