Today's Internet is not designed to protect the privacy of its users against network surveillance, and source and destination of any communication is easily exposed to third party observer. Tor, a volunteer-operated anonymity network, offers low-latency practical performance for unicast anonymous communication without central point of trust. However, Tor is known to be slow and it can not support group communication with scalable performance. Despite the extensive public interest in anonymous group communication, there is no system that provides anonymous group communication without central point of trust. This dissertation presents MTor, a low-latency anonymous group communication system. We construct MTor as an extension to Tor, allowing the construction of multi-source multicast trees on top of the existing Tor infrastructure. MTor does not depend on an external service (e.g., an IRC server or Google Hangouts) to broker the group communication, and avoids central points of failure and trust. MTor's substantial bandwidth savings and graceful scalability enable new classes of anonymous applications that are currently too bandwidth-intensive to be viable through traditional unicast Tor communication--e.g., group file transfer, collaborative editing, streaming video, and real-time audio conferencing. We detail the design of MTor and then analyze its performance and anonymity. By simulating MTor in Shadow and TorPS using realistic models of the live Tor network's topology and recent consensus records from the live Tor network, we show that MTor achieves 29% savings in network bandwidth and 73% reduction in transmission time as compared to the baseline approach for anonymous group communication among 20 group members. We also demonstrate that MTor scales gracefully with the number of group participants, and allows dynamic group composition over time. Importantly, as more Tor users switch to group communication, we show that the overall performance and bandwidth utilization for group communication improves. Finally, we discuss the anonymity implications of MTor and measure its resistance to traffic correlation attacks.
Ph. D. University of Pennsylvania 2015. Department: Computer and Information Science. Supervisor: Boon Thau Loo. Includes bibliographical references.