New Selection Algorithm to Secure Tor Connection between Client and Guard; Torproject's Response Mechanism on Controversial Incidents

People always say that the 21 st century is the age of the world wide web. Since the invention of the world wide web in the late 20th century, it has been developing and, then, skyrocketing in professional and everyday life. However, since the early internet was developed as a tool for higher education and research, security of the internet was not at the top of the developer's mind. Nowadays, almost everyone has a device that’s the size of their pawn which can access the internet: smartphones. Also smart home devices are ubiquitous in American homes. However, the security of the internet is often overlooked, large corporations and the government are tracking ordinary citizens like you and me. To solve this privacy issue, many developers are searching and making tools to help ordinary people to have more privacy on the internet. My technical research topic is on the Onion Router (Tor), which is an open source project that routes users through different servers to help mask their identity. However, certain servers are safer for clients than others. My research topic aims to find a new algorithm to choose better servers for clients to go through to provide added anonymity. My STS topic looks at the social impact of such tools; where anonymity could bring privacy to ordinary citizens, but it also better hides cyber criminals from law enforcement. I will look into how Tor handles such trade offs as an organization.

On the modern internet, users usually find the shortest path to their destination server when requesting a website. In this way, the package will show its destination and origin information such as ip address. Tor routes user data through a volunteer run server where these web requests will be passed on under a different origin. Tor uses three servers to hide the user's identity, this way no one server knows the origin and destination of a web request. Some servers have implemented a technology called ROA or ROV. ROA is like a certified ownership of an ip address, in this way no server on the way could falsely claim a packet. ROV is the validation of the ROA object, making sure the data is routed correctly. Only when a client has ROA and the server has ROV, or vice versa, could the validation come into work. So my technical research project aims to find a new algorithm using bandwidth discount to better match up client and server so that there are more ROA and ROV pairs which would increase security by allowing validation. I have first used a python simulator to test the performance of the algorithm. Then, I modified the Tor source code to implement this algorithm on the actual Tor program to test the viability of this algorithm. After these experiments, the performance of my algorithm is comparable to the original algorithm. The security metrics have surpassed the original algorithm.

Tor brings privacy and freedom to ordinary users at no cost. However, it also acts as a perfect hideout for cyber criminals to conduct illegal activities on the web. I researched the current opinion on Tor in regards to its social impact. I looked at how users can affect Tor goal setting as well as how Tor can change its user's life. This completed the actor network system in my research project. I also looked into Tor policy and official forums to take a peek into the inner workings of Tor. I have conducted interviews with fellow students to gain some insight into the current opinion on Tor from college students inside and outside the tech field. After executing these research techniques, I have concluded that the user's of Tor affects Tor's goal setting when there are new needs from users. Tor affects its user's by exposing them to a whole new world of free internet to those in a censored country. This will change their world view and ultimately have the chance to change certain authoritarian governments through peaceful evolution.

In conclusion, I think I have achieved all of my goals except for running Tor on a large scale simulator. Large simulation needs a lot of computing resources and planning, so this has been eliminated from the technical portion. My project was fruitful since I have gained more social insight into the technical project I am working on, giving me more confidence in the justfulness of the software I am developing. Future developers should continue my research by running the algorithm in a large scale simulation to gain more confidence in the performance metrics of my project.