oa QUTor: QUIC-based Transport Architecture for Anonymous Communication Overlay Networks

In this new century, the growth of Information and Communication Technology (ICT) has a significant influence on our life. The wide spread of internet created an information society where the creation, distribution, use, integration and manipulation of information is a significant economic, political, and cultural activity. However, it has also brought its own set of challenges. Internet users have become increasingly vulnerable to online threats like botnets, Denial of Service (DoS) attacks and phishing spam mail. Stolen users’ information can be exploited by many third party entities. Some Internet Service Provider (ISP) sell this data to advertising companies which analyse it and build its marketing strategy to influence the customer choices by breaking their privacy. Oppressive governments exploit revealed users private data to harass members of the opposition parties, activist from civil society and journalists. Anonymity networks has been introduced in order to allow people to conceal their identity online. This is done by providing unlinkability between the user IP address, his digital fingerprint, and his online activities. Tor is the most widely used anonymity network today, serving millions of users on a daily basis using a growing number of volunteer-run routers [1]. Clients send their data to their destinations through a number of volunteer-operated proxies, known as Onion Routers (ORs). If a user wants to use the network to protect his online privacy, the user installs the Onion Proxy (OP), which bootstraps by contacting centralized servers, known as authoritative directories, to download the needed information about ORs serving in the network. Then, the OP builds overlay paths, known as circuits, which consist of three ORs-entry guard, middle and exit-where only the entry guard knows the user, and only the exit knows the destination. Tor helps internet users to hide their identities, however it introduces large and highly variable delays experienced in response and download times during web surfing activities that can be inconvenient for users. Traffic congestion adds further delays and variability to the performance of the network. Besides, an end-to-end flow control approach which does not react to congestion in the network.

To improve Tor performance, we propose to integrate QUIC for Tor. QUIC [2] (Quick UDP Internet Connections) is a new multiplexed and secure transport atop UDP, developed by Google. QUIC is implemented over UDP to solves a number of transport-layer and application-layer problems experienced by modern web applications. It reduces connection establishment latency. QUIC handshakes frequently require zero roundtrips before sending payload. It improves congestion control and multiplexes without head-of-line blocking. QUIC is designed for multiplexed streams, lost packets carrying data for an individual stream generally only impact that specific stream. In order to recover from lost packets without waiting for a retransmission, QUIC can complement a group of packets with an Forward Error Correction (FEC) packet. QUIC connections are identified by a 64-bit connection identification (ID). When a QUIC client changes Internet Protocol (IP) addresses, it can continue to use the old connection ID from the new IP address without interrupting any in-flight requests. QUIC provides multiplexing and flow control equivalent to HTTP/2, security equivalent to TLS, and connection semantics, reliability, and congestion control equivalent to TCP. QUIC shows a good performance against HTTP/1.1 [3]. We are expecting good results to improve the performance of Tor since QUIC is one of the most promising solutions to decrease latency [4]. A QUIC Stream is a bi-directional flow of bytes across a logical channel within a QUIC connection. This later is a conversation between two QUIC endpoints with a single encryption context that multiplexes streams within it. QUIC multiplestream architectures improves Tor performance and solves head-of-line problem. In first step, we implemented QUIC in OR nodes to be easily upgraded to the new architecture without modifying end user OP. Integrating QUIC will not degrade Tor security as it provides a security equivalent to TLS (QUIC Crypto) and soon it will use TLS 1.3.