Tor users are vulnerable to deanonymization by an adversary that can observe some Tor relays or some parts of the network. We propose that users use trust to choose paths through Tor that are less likely to be observed. We present a system to model this trust as probability distributions on the location of the user's adversaries. We propose the Trust-Aware Path Selection algorithm for Tor that helps users avoid traffic-analysis attacks while still choosing paths that could have been selected by many other users. We evaluate this algorithm in two settings using a high-level map of Internet routing: (i) users try to avoid a single global adversary that has an independent chance to control each Autonomous System organization, Internet Exchange Point organization, and Tor relay family, and (ii) users try to avoid deanonymization by any single country. We also examine the performance of trust-aware path selection using the Shadow Tor network simulator.
View on arXiv