The Evaluation of Circuit Selection Methods on Tor

Tor provides anonymity online by routing traffic through encrypted tunnels, called circuits, over paths of anonymizing relays. To enable users to connect to their selected destination servers without waiting for the circuit to be build, the Tor client maintains a few circuits at all times. Nevertheless, Tor is slower to use than directly connecting to the destination server. In this paper, we propose to have the Tor client measure the performance of the pre-built circuits and select the fastest circuits for users to send their traffic over. To this end, we define and evaluate nine metrics for selecting which pre-built circuit to use based on different combinations of circuit length, Round Trip Time (RTT), and congestion. We also explore the effect on performance of the number of pre-built circuits at the time of the selection. Through whole-network experiments in Shadow, we show that using circuit RTT with at least three pre-built circuits allows the Tor client to identify fast circuits and improves median time to first byte (TTFB) by 22% over Tor and 15% over congestion-aware routing, the state-of-the-art in Tor circuit selection. We evaluate the security of the proposed circuit selection mechanism against both a relay-level and a network-level adversary and find no loss of security compared with Tor.