{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T14:19:36Z","timestamp":1761401976233,"version":"3.41.0"},"reference-count":65,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2018,12,10]],"date-time":"2018-12-10T00:00:00Z","timestamp":1544400000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1149832, CNS-1064986, CNS-1204347, CNS-1223825, CNS-1314637 and CNS-1527401"],"award-info":[{"award-number":["CNS-1149832, CNS-1064986, CNS-1204347, CNS-1223825, CNS-1314637 and CNS-1527401"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Project Agency","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Space and Naval Warfare Systems Center Pacific","award":["N66001-11-C-4020"],"award-info":[{"award-number":["N66001-11-C-4020"]}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division","award":["FTCY1500057"],"award-info":[{"award-number":["FTCY1500057"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2019,2,28]]},"abstract":"<jats:p>\n            Tor\u2019s growing popularity and user diversity has resulted in network performance problems that are not well understood, though performance is understood to be a significant factor in Tor\u2019s security. A large body of work has attempted to solve performance problems without a complete understanding of where congestion occurs in Tor. In this article, we first study congestion in Tor at individual relays as well as along the entire end-to-end Tor path and find that congestion occurs almost exclusively in egress kernel socket buffers. We then analyze Tor\u2019s socket interactions and discover two major contributors to Tor\u2019s congestion: Tor writes sockets sequentially, and Tor writes as much as possible to each socket. To improve Tor\u2019s performance, we design, implement, and test KIST: a new socket management algorithm that uses real-time kernel information to\n            <jats:italic>dynamically compute the amount to write<\/jats:italic>\n            to each socket while considering\n            <jats:italic>all circuits of all writable sockets<\/jats:italic>\n            when scheduling cells. We find that, in the medians, KIST reduces circuit congestion by more than 30%, reduces network latency by 18%, and increases network throughput by nearly 10%. We also find that client and relay performance with KIST improves as more relays deploy it and as network load and packet loss rates increase. We analyze the security of KIST and find an acceptable performance and security tradeoff, as it does not significantly affect the outcome of well-known latency, throughput, and traffic correlation attacks. KIST has been merged and configured as the default socket scheduling algorithm in Tor version 0.3.2.1-alpha (released September 18, 2017) and became stable in Tor version 0.3.2.9 (released January 9, 2018). While our focus is Tor, our techniques and observations should help analyze and improve overlay and application performance, both for security applications and in general.\n          <\/jats:p>","DOI":"10.1145\/3278121","type":"journal-article","created":{"date-parts":[[2018,12,10]],"date-time":"2018-12-10T13:09:16Z","timestamp":1544447356000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["KIST"],"prefix":"10.1145","volume":"22","author":[{"given":"Rob","family":"Jansen","sequence":"first","affiliation":[{"name":"U.S. Naval Research Laboratory, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matthew","family":"Traudt","sequence":"additional","affiliation":[{"name":"U.S. Naval Research Laboratory, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Geddes","sequence":"additional","affiliation":[{"name":"University of Minnesota, MN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chris","family":"Wacek","sequence":"additional","affiliation":[{"name":"Georgetown University, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Micah","family":"Sherr","sequence":"additional","affiliation":[{"name":"Georgetown University, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul","family":"Syverson","sequence":"additional","affiliation":[{"name":"U.S. Naval Research Laboratory, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,12,10]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Alessandro Acquisti Roger Dingledine and Paul Syverson. 2003. On the economics of anonymity. In Financial Cryptography and Data Security (FC).  Alessandro Acquisti Roger Dingledine and Paul Syverson. 2003. On the economics of anonymity. In Financial Cryptography and Data Security (FC).","key":"e_1_2_1_1_1","DOI":"10.1007\/978-3-540-45126-6_7"},{"doi-asserted-by":"publisher","key":"e_1_2_1_2_1","DOI":"10.1109\/SP.2012.35"},{"doi-asserted-by":"publisher","key":"e_1_2_1_3_1","DOI":"10.17487\/RFC2581"},{"doi-asserted-by":"publisher","key":"e_1_2_1_4_1","DOI":"10.1007\/978-3-642-39077-7_8"},{"doi-asserted-by":"publisher","key":"e_1_2_1_5_1","DOI":"10.1145\/2382196.2382208"},{"doi-asserted-by":"publisher","key":"e_1_2_1_6_1","DOI":"10.5555\/2032162.2032170"},{"doi-asserted-by":"publisher","key":"e_1_2_1_7_1","DOI":"10.1145\/2508859.2516715"},{"volume-title":"Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI).","author":"Aryan Simurgh","key":"e_1_2_1_8_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_9_1","DOI":"10.5555\/647597.731866"},{"doi-asserted-by":"publisher","key":"e_1_2_1_10_1","DOI":"10.1145\/2756509.2756518"},{"doi-asserted-by":"publisher","key":"e_1_2_1_11_1","DOI":"10.1109\/NSS.2010.47"},{"doi-asserted-by":"publisher","key":"e_1_2_1_12_1","DOI":"10.1109\/ARES.2013.17"},{"volume-title":"Proceedings of the Workshop on the Economics of Information Security (WEIS).","year":"2006","author":"Dingledine Roger","key":"e_1_2_1_13_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_14_1","DOI":"10.5555\/1251375.1251396"},{"doi-asserted-by":"publisher","key":"e_1_2_1_15_1","DOI":"10.1109\/MSP.2007.108"},{"volume-title":"Proceedings of the USENIX Security Symposium (USENIX).","year":"2009","author":"Evans Nathan S.","key":"e_1_2_1_17_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_18_1","DOI":"10.1109\/90.958323"},{"doi-asserted-by":"publisher","key":"e_1_2_1_19_1","DOI":"10.1109\/90.974527"},{"doi-asserted-by":"publisher","key":"e_1_2_1_20_1","DOI":"10.1007\/978-3-642-39077-7_9"},{"doi-asserted-by":"publisher","key":"e_1_2_1_21_1","DOI":"10.1145\/2665943.2665948"},{"volume-title":"Proceedings of theWorkshop on Hot Topics in Privacy Enhancing Technologies (HotPETs).","year":"2014","author":"Ghosh Mainak","key":"e_1_2_1_22_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_23_1","DOI":"10.1145\/2381966.2381972"},{"doi-asserted-by":"publisher","key":"e_1_2_1_24_1","DOI":"10.1145\/1400097.1400105"},{"doi-asserted-by":"publisher","key":"e_1_2_1_27_1","DOI":"10.1145\/1315245.1315257"},{"doi-asserted-by":"publisher","key":"e_1_2_1_28_1","DOI":"10.1145\/1698750.1698753"},{"volume-title":"Proceedings on Privacy Enhancing Technologies (PoPETs) 2017","year":"2017","author":"Imani Mohsen","key":"e_1_2_1_29_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_30_1","DOI":"10.1109\/JSAC.1986.1146410"},{"doi-asserted-by":"publisher","key":"e_1_2_1_31_1","DOI":"10.5555\/2372336.2372347"},{"volume-title":"Proceedings of the USENIX Security Symposium (USENIX).","year":"2012","author":"Jansen Rob","key":"e_1_2_1_32_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_33_1","DOI":"10.1145\/1866307.1866344"},{"doi-asserted-by":"publisher","key":"e_1_2_1_34_1","DOI":"10.1145\/2976749.2978310"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","year":"2013","author":"Jansen Rob","key":"e_1_2_1_35_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_36_1","DOI":"10.14722\/ndss.2018.23261"},{"volume-title":"Proceedings of the Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs).","year":"2014","author":"Jansen Rob","key":"e_1_2_1_37_1"},{"volume-title":"Proceedings of the USENIX Security Symposium (USENIX).","year":"2012","author":"Jansen Rob","key":"e_1_2_1_38_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_39_1","DOI":"10.1515\/popets-2017-0017"},{"doi-asserted-by":"publisher","key":"e_1_2_1_40_1","DOI":"10.14722\/ndss.2017.23307"},{"doi-asserted-by":"publisher","key":"e_1_2_1_41_1","DOI":"10.1145\/2508859.2516651"},{"doi-asserted-by":"publisher","key":"e_1_2_1_42_1","DOI":"10.1145\/1653662.1653732"},{"doi-asserted-by":"publisher","key":"e_1_2_1_43_1","DOI":"10.1109\/ICNP.2017.8117564"},{"doi-asserted-by":"publisher","key":"e_1_2_1_44_1","DOI":"10.5555\/1894863.1894882"},{"unstructured":"Nick Mathewson. 2004. Evaluating SCTP for Tor. http:\/\/archives.seul.org\/or\/dev\/Sep-2004\/msg00002.html. (September 2004). Listserv posting.  Nick Mathewson. 2004. Evaluating SCTP for Tor. http:\/\/archives.seul.org\/or\/dev\/Sep-2004\/msg00002.html. (September 2004). Listserv posting.","key":"e_1_2_1_45_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_46_1","DOI":"10.1145\/248157.248181"},{"doi-asserted-by":"publisher","key":"e_1_2_1_47_1","DOI":"10.17487\/RFC2018"},{"doi-asserted-by":"publisher","key":"e_1_2_1_48_1","DOI":"10.1007\/978-3-540-70630-4_5"},{"doi-asserted-by":"publisher","key":"e_1_2_1_49_1","DOI":"10.1145\/2915371.2915388"},{"doi-asserted-by":"publisher","key":"e_1_2_1_50_1","DOI":"10.1145\/2046707.2046732"},{"doi-asserted-by":"publisher","key":"e_1_2_1_51_1","DOI":"10.1145\/2076732.2076762"},{"doi-asserted-by":"publisher","key":"e_1_2_1_52_1","DOI":"10.1145\/1180405.1180410"},{"doi-asserted-by":"publisher","key":"e_1_2_1_54_1","DOI":"10.1109\/SP.2005.12"},{"volume-title":"Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).","year":"2012","author":"Nowlan Michael F.","key":"e_1_2_1_55_1"},{"volume-title":"Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI).","year":"2013","author":"Nowlan Michael F.","key":"e_1_2_1_56_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_57_1","DOI":"10.17487\/RFC2988"},{"volume-title":"Proceedings of the USENIX Security Symposium (USENIX).","year":"2009","author":"Reardon Joel","key":"e_1_2_1_59_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_60_1","DOI":"10.1515\/popets-2017-0013"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","year":"2010","author":"Sherr Micah","key":"e_1_2_1_61_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_62_1","DOI":"10.1109\/SPW.2015.20"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","year":"2008","author":"Snader Robin","key":"e_1_2_1_63_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_64_1","DOI":"10.1515\/popets-2016-0040"},{"doi-asserted-by":"publisher","key":"e_1_2_1_65_1","DOI":"10.1145\/1866307.1866345"},{"volume-title":"Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).","year":"2016","author":"Tschorsch Florian","key":"e_1_2_1_66_1"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","year":"2013","author":"Wacek Chris","key":"e_1_2_1_67_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_68_1","DOI":"10.1515\/popets-2018-0019"},{"doi-asserted-by":"publisher","key":"e_1_2_1_69_1","DOI":"10.1007\/978-3-642-32946-3_9"},{"doi-asserted-by":"publisher","key":"e_1_2_1_70_1","DOI":"10.5555\/822086.823339"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3278121","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3278121","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3278121","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:09Z","timestamp":1750204449000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3278121"}},"subtitle":["Kernel-Informed Socket Transport for Tor"],"short-title":[],"issued":{"date-parts":[[2018,12,10]]},"references-count":65,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,2,28]]}},"alternative-id":["10.1145\/3278121"],"URL":"https:\/\/doi.org\/10.1145\/3278121","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2018,12,10]]},"assertion":[{"value":"2017-12-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-12-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}