Lab member Sunkanmi Oluwadare, working with Dr. Jacques Bou Abdo, presented “From TOR to ORB28: Towards Formal Anonymity Guarantees” at the IEEE Symposium on Security and Privacy, one of the most prestigious venues for cybersecurity research worldwide.
The work addresses a long-standing gap in anonymity research. Prior studies measured Tor’s centralization and modeled its adversaries, but none derived the emergent functional structure that bandwidth-weighted relay selection actually produces, the structure that decides each individual user’s anonymity. Through a source-code analysis of Tor’s selection routines, the poster shows that relay choice follows weighted random sampling and formally characterizes the resulting network as a tripartite weighted random multigraph.
The model was validated against 88,121 live circuits across three datasets, with Kolmogorov-Smirnov tests confirming the model’s fidelity. The findings expose a “glass cannon” topology in which a small structural core concentrates trust before any adversary acts: an attacker compromising the top 1% of relays by bandwidth can deanonymize 16.58% of all circuits, while compromising the bottom 1% deanonymizes none, a 16:1 leverage ratio. Anonymity loss is binary, not gradual.
The conclusion is direct. Anonymity in Tor is not a uniform guarantee. It is unequally distributed, formally quantifiable, and determined by the very algorithm that makes Tor fast.
From TOR to ORB28 – Formal Anonymity Guarantees
Lab member Sunkanmi Oluwadare and Dr. Jacques Bou Abdo presented "From TOR to ORB28" at the IEEE Symposium on Security and Privacy, formally proving that anonymity in Tor is not a uniform guarantee but a structural variable, unequally distributed and determined by the network's own design
