We have the following components to our evaluation:
-
Shadow Simulation: To measure how our setup affects the Tor network as a whole.
-
CenTor Function: Deploying the CenTor function on Bento
-
Anonymity Metrics (Optional, graphs and logs provided in this repo): To measure the level of anonymity a client achieves by using CenTor, we utilize a set of scripts (explained below). The anonymity is assessed by calculating the entropy, which reflects the distribution of clients across different geographical locations, Autonomous System Numbers (ASNs), and countries. This allows us to quantify how well CenTor maintains client anonymity in a region selected by the client.
-
Latency (Optional, graphs and logs provided in this repo): We examine the impact of CenTor on latency by comparing file download times across three different configurations:
- Vanilla Tor: This uses a standard 6-hop Tor circuit (6 relays between the client and the server).
- CenTor without region selection: A Tor circuit where CenTor reduces the number of hops by 3 (i.e., a 3-hop Tor circuit without prioritizing geographical proximity).
- CenTor with region selection: A 3-hop CenTor circuit where the client selects a geographically closer region (or shadow) for the relays, further optimizing latency.
Simulating network scenarios for CenTor requires the use of the Shadow simulator. This is a resource-intensive process, so we recommend simulating at a reduced scale (e.g., 0.2
of the network).
-
Shadow can be downloaded from GitHub:
Shadow Repository
-
Clone the repository from GitHub:
git clone https://github.com/shadow/tornettools.git
-
Navigate to the cloned repository:
cd tornettools
-
Create a virtual environment (optional, but recommended):
python3 -m venv venv
-
Activate the virtual environment:
- On Linux/macOS:
source venv/bin/activate
- On Windows:
.\venv\Scripts\activate
- On Linux/macOS:
-
Install the required Python packages:
pip install -r requirements.txt
-
Run the Tornettools setup to ensure all dependencies are correctly configured:
python setup.py install
-
Verify installation by running a sample command:
tornettools --help
- Once downloaded, configure it according to the scenarios described in section 5.2 of our paper.
Simulation Scenarios: Note: Our simulations used 100% of the Tor Network which is highly resource intensive. We recommend replicating these scenarios to 10-30% of the Tor network.
a. Baseline Experiment:
Install Bento on 25% of the Tor relays and compare its performance to a setup where Bento is installed on 50% of the relays.
- Download Bento and add the
./runserver
and/tgen
command to each node to simulate Bento traffic. - Modify
shadow.config.yaml
to replicate the experiment. - Ensure consistency in the number of Bento nodes for each experimental run to maintain accuracy.
b. Multiple Clients Connecting to a Single CenTor Instance:
Set up 25% of the clients to connect to the same relay/Bento node by changing the IP in the TGen file. Compare the performance of clients connected to the relay versus clients not connected. For accurate results, ensure the torrc
file of the Bento node is set to non-anonymous so that clients use a 3-hop circuit.
c. Multiple CenTor Instances on a Single Tor Relay:
Increase the number of instances running on a single relay by adjusting the "then" count (e.g., increase to 10). Compare the performance of these multiple instances against a generic relay setup.
d. Shadow-Aware Routing:
Configure 10% of the clients to connect to a Bento relay (set to non-anonymous, mimicking CenTor), but restrict routing to North American relays only. This can be achieved by adjusting the client’s torrc
configuration file. Compare this setup to a generic Tor client routing setup, and observe how it impacts both client and relay performance.
-
Ensure that
apache2
is installed and running on the server. -
Verify that the Tor service is active.
-
Start the Bento server by navigating to the appropriate directory and running the following command:
sudo ./runserver.py
-
Ensure that the
centor.func
file has the correct listening address and port. If the client is connecting from outsidelocalhost
, set the listening address to0.0.0.0
. -
Upload the CenTor server as a Bento function by running the
bento-driver.py
script:python3 bento-driver.py <bento_address> <port>
-
Ensure that
client_ftp.py
is configured with the correct connection address. -
To connect to the function, use the following commands:
cd setup python3 client_ftp.py
This section details how to evaluate the performance and configuration of CenTor on the Bento infrastructure. We will guide you through the setup process, running simulations, and debugging steps necessary to test CenTor in various configurations.
- Login: (This will be provided by the reviewer)
- Password: (This will be provided by the reviewer)
The evaluation process requires you to interact with four terminal windows on the Bento server. Follow these steps closely:
-
First Terminal - Run Tor:
-
In the first terminal, start the Tor service. This will establish the core functionality required for Onion Service testing.
-
Use the following command to start Tor:
tor
-
-
Second Terminal - Start the Bento Server:
-
In the second terminal, navigate to the Bento server directory and start the Bento server.
-
Change to the Bento server directory:
cd Bento/bento/server
-
Start the Bento server with root privileges:
sudo ./runserver.py
This command initiates the Bento server, which hosts the CenTor functions required for further testing.
-
-
Third Terminal - Upload and Run
centor.func
:-
In the third terminal, navigate to the CenTor directory where the function is stored and upload the
centor.func
to the Bento server. This function simulates the CenTor operation on the server. -
Change to the CenTor testing directory:
cd Bento/testing/CenTor
-
Use the following command to upload and execute the function, specifying the Bento server's address and port (default:
0.0.0.0
and port8888
):python3 bento_driver.py 0.0.0.0 8888
-
-
Fourth Terminal - Transfer Service Files:
-
In the fourth terminal, navigate to the setup directory and transfer the service files to the Bento server. This involves using the
client_ftp.py
script to simulate file transfer to the server. -
Change to the setup directory:
cd Bento/testing/CenTor/setup
-
Run the FTP client script:
python3 client_ftp.py
-
Sample input for file transfer might look like this:
1, test, test/, index.html
This input indicates transferring the file
index.html
to the/test/
directory under thetest
service.The new CDN onion address will be displayed as shown below.
-
If issues arise during setup or operation, follow these debugging instructions to troubleshoot:
-
Check Apache Configuration Files:
- Verify that the Apache configuration files are correctly set up. The key configuration files to check are:
/etc/apache2/sites-available/test.conf
: This file defines virtual host settings./etc/apache2/apache2.conf
: This is the main Apache configuration file that should include or reference the virtual host settings.
- Verify that the Apache configuration files are correctly set up. The key configuration files to check are:
-
Check
centor.func
Directory Setup:- Ensure that the
centor.func
script is correctly creating necessary directories for file storage. Double-check the paths and permissions to make sure the script has access to create and manage directories.
- Ensure that the
-
Reload Apache Service:
-
If changes are made to Apache configuration files, or if there are issues with loading the function, restart the Apache service to apply the changes:
sudo systemctl restart apache2
-
-
Run the Server Script with Root Privileges:
- If there are issues related to permissions or service access, try running the server script with
sudo
to ensure it has adequate permissions.
- If there are issues related to permissions or service access, try running the server script with
-
Remove Temporary Test Directory:
-
If there are errors related to hostnames or keys, particularly if a previous test failed, clear the
/tmp/test/
directory and retry the test:sudo rm -r /tmp/test
-
If further Apache configuration is needed, here are the critical paths:
-
Root Directory for Website Files:
- The primary location for Apache website configuration is found in
/etc/apache2/apache2.conf
.
- The primary location for Apache website configuration is found in
-
Website Configuration Files:
- Virtual host configurations for the CenTor service are stored in
/etc/apache2/sites-available/test.conf
.
- Virtual host configurations for the CenTor service are stored in
Hidden Service Configuration (Supplementary)
The Onion Service created for this evaluation uses a temporary directory for storing hostnames and keys:
- Hostname and Key Storage:
Located in/tmp/test/
, this directory stores the hostname and key files required for Tor’s hidden services. This should be monitored and managed carefully during the setup.
For more information on Apache virtual hosts and how to configure them, refer to the official guide:
Virtual Host Configuration Guide
These scripts are used to generate the necessary data for evaluating the performance of CenTor.
-
users.py
:This script divides IPs across ASNs in proportion to the total number of users in each country. For example, if an ASN in a country contains 40% of the total IPs, and the country has 100 users (based on
users.txt
), that ASN is assigned 40 users in the output file\\data\\generated\\<country_final.txt>
. -
country.py
:Generates the list of Tor relays available in each country. This helps define the network layout for experimentation.
-
entry_node.py
:Produces a list of entry nodes (the first hop in a Tor circuit) per country, which is critical for understanding the distribution of entry points into the Tor network.
-
exit_node.py
:Generates a list of exit nodes (the last hop in a Tor circuit) for each country, which is used to determine how traffic leaves the Tor network.
These scripts calculate various performance metrics that are used to analyze anonymity and relay density in a region chosen by a client.
-
country_entropy.py
:Computes the entropy of client distribution across different countries in a given region (or shadow). This metric quantifies how spread out the clients are across countries and indicates the level of anonymity.
-
asn_entropy.py
:Similar to
country_entropy.py
, this script calculates the entropy of client distribution across ASNs (network operators) in a given region. A higher entropy indicates a more diverse distribution, contributing to better anonymity. -
relay_density.py
:Measures the density of Tor relays in a specific region. This helps understand how many relays are available in a particular geographic area, which can impact latency and anonymity.
-
entry_density.py
:Computes the density of entry relays in a selected region, helping analyze how distributed the initial connection points are in the Tor network.
-
exit_density.py
:Similar to
entry_density.py
, this script measures the density of exit relays, which is important for evaluating where traffic exits the network and impacts the performance and anonymity of the service.
-
users.txt
:Contains the number of Tor users per country as of April 23, 2021, (data gathered from Tor Metrics).
-
entry.txt
:Contains the number of Tor entry nodes available in each country, generated using
entry_node.py
. -
exit.txt
:Contains the number of Tor exit nodes available in each country, generated using
exit_node.py
.
-
\\data\\<country_asn.txt>
:Lists the number of IP addresses associated with each ASN in a specific country. This data is retrieved from ipinfo.io.
-
\\data\\generated\\<country_final.txt>
:This file stores the final number of users distributed proportionally across ASNs based on the total number of users in a country, as generated by
users.py
. -
relay_data.txt
:Contains data about the number of Tor relays in each country, generated using
country.py
.
In this section, we will guide you through the process of testing the performance of CenTor clients using scripts from the CenTor GitHub repository(/CenTor/experiments/scripts
). Please note that these tests require Tor to be installed on your system. The primary goal is to evaluate CenTor in different scenarios, such as region-based relays and varying anonymity configurations.
- Tor Installed: Ensure Tor is properly installed and configured on your machine. This is necessary for testing CenTor services and clients.
- Modify
torrc
Configuration: You will need to modify the Tor configuration file (torrc
) to test different regions and anonymity settings, as explained in the instructions below.
-
Region-Specific Relays:
For CenTor tests, you can restrict relays to specific regions. For example, if you want to limit the CenTor client to use relays within Europe, modify thetorrc
file accordingly. By default, Tor will route traffic through a global set of relays, but CenTor allows you to focus on specific regions. -
Non-Anonymous vs Anonymous Services:
In CenTor, the service is non-anonymous, allowing for better performance and fewer hops. In contrast, the generic Tor Onion Service operates as anonymous, prioritizing privacy by adding more hops to the circuit. You will need to update thetorrc
file to reflect these differences when testing.
Here are the key scripts used for evaluating the performance of CenTor clients and services:
-
centor_client.py
:
This script is designed to simulate the behavior of a CenTor client. It connects to the CenTor service and tests how the client performs when utilizing non-anonymous, region-restricted relays.Usage: This script helps in analyzing how a client using CenTor performs compared to generic Tor clients in terms of latency, throughput, and relay availability.
-
centor_service.py
:
This script is used to launch the CenTor service. The CenTor service differs from traditional Onion Services in that it operates without the anonymity requirement, reducing the number of hops and optimizing for performance.Usage: Run this script to start the CenTor service before connecting clients (using
centor_client.py
). This script is crucial for setting up the non-anonymous service for testing. -
client.py
:
This script represents a generic Tor client. It simulates a typical Tor user interacting with an Onion Service, utilizing the default 6-hop, anonymous Tor circuit.Usage: Use this script to compare the performance of a standard anonymous client against CenTor. This will help highlight the differences in latency, bandwidth, and anonymity between a generic Tor client and a CenTor client.
-
client_without_la.py
:
This script tests a Tor client without relays in a specific shadow or region. It simulates the behavior of a client whose traffic is routed through a less-optimized relay network, either by excluding certain regions or by modifying the number of available relays.Usage: This script is useful for testing how performance changes when specific regions or relays are excluded from the client’s routing path. This simulates a scenario where clients have fewer relay choices, which impacts both latency and anonymity.
To focus the CenTor client on specific regions (e.g., Europe), you need to configure the torrc
file to limit the selection of relays. Here’s how to do it:
-
Locate the
torrc
file:- On most systems, the
torrc
file is located in/etc/tor/torrc
or~/.torrc
(depending on your OS and installation method).
- On most systems, the
-
Edit the
torrc
file:-
Open the
torrc
file in a text editor. -
Add the following configuration to restrict relays to a specific region (e.g., Europe): This configuration forces Tor to only use entry and exit nodes in Europe.
EntryNodes {eu} ExitNodes {eu} StrictNodes 1
-
-
Non-Anonymous CenTor Service:
- For CenTor testing, set the service to non-anonymous by removing the default Tor anonymity settings. Ensure that the configuration in
torrc
reflects this by adjusting the hop count and other related parameters: This minimizes hops and avoids strict anonymity settings, making CenTor more performance-optimized.
- For CenTor testing, set the service to non-anonymous by removing the default Tor anonymity settings. Ensure that the configuration in
-
Generic Tor Onion Service:
- For comparison, revert back to the default anonymous Tor configuration for the generic client tests. This ensures that the standard Onion Service uses a full 6-hop circuit.
Once the torrc
file is configured, follow these steps to run the scripts:
-
Launch the CenTor Service:
-
First, run
centor_service.py
to start the CenTor service. -
Command:
python3 centor_service.py
-
-
Test CenTor Client:
-
After the CenTor service is running, use
centor_client.py
to test the CenTor client. -
Command:
python3 centor_client.py
-
-
Test Generic Tor Client:
-
To compare the performance of a standard Tor client, run
client.py
. -
Command:
python3 client.py
-
-
Test Client Without Region-Specific Relays:
-
For a scenario where the client is not restricted to specific relays, use
client_without_la.py
. -
Command:
python3 client_without_la.py
-
- CenTor Client (
centor_client.py
): Simulates a performance-optimized, non-anonymous client connected to a specific region. - CenTor Service (
centor_service.py
): Hosts the CenTor service for non-anonymous, region-optimized testing. - Generic Tor Client (
client.py
): Represents the standard, anonymous Tor client for comparison. - Tor Client Without Region Restrictions (
client_without_la.py
): Tests how performance degrades when region-specific relay restrictions are not applied.
The following links provide access to the results and performance graphs for the CenTor experiments:
-
Figure 18 Results: The results for Figure 18 can be found in the CenTor repository under the directory
exp_exit
. These results focus on the exit relay performance under different configurations and scenarios.Results for Fig 18: (
CenTor/experiments/exp_exit
) -
Figure 3 Results: The results for Figure 3 are available in the repository under the
results
directory.
Results for Fig 3: CenTor/experiments/results
-
Figure 14 Visualization (Colab): You can visualize the data and results for Figure 14 through this Colab notebook.
-
Scripts for Plotting Performance Graphs (Colab): The scripts used to plot performance graphs can be accessed and executed via this Colab notebook.
-
Multipath Routing Experiments: The repository also includes multipath routing experiments under the
uTor
directory. These experiments explore how multipath routing affects the performance of Onion Services by leveraging multiple circuit paths to improve reliability and reduce latency.Multipath Routing Experiments:
Centor/uTor
To test uTor under various configurations and settings, follow these detailed steps:
-
Running
fingerprints.py
Script:- The
fingerprints.py
script is used to generate anexclude
file, which lists the top one-eighth of the fastest relays in the Tor network. These fast relays are excluded during experimentation to simulate more realistic, low-bandwidth network conditions. - We launch Tor with the
StrictNodes=0
option, which allows us to use relays outside the excluded list without fully eliminating these faster resources. - Refer to the Tor manual for more details.
- The
-
Launching the Onion Service:
- We use a customized
torrc
file to launch the Onion Service. The configuration is provided at run-time in the Python scriptutor_launch_service.py
. - This configuration is designed to favor low-bandwidth Tor relays, which makes the network topology more representative of a real-world scenario where high-bandwidth relays are not always available.
- We use a customized
-
uTor Client Setup:
- On the client side, we follow a similar approach to prioritize low-bandwidth relays in the circuit construction. The configuration is applied through the client’s
torrc
file.
- On the client side, we follow a similar approach to prioritize low-bandwidth relays in the circuit construction. The configuration is applied through the client’s
-
Data Retrieval Using Multiple Circuits:
- The client script (
uTor.py
) retrieves data from the Onion Service using threads to simulate multipath data retrieval. Each thread requests data through different circuits or paths, ensuring that we test the reliability and performance of the service under these conditions.
- The client script (
-
Organizing Data on the Client Side:
- Once the data is retrieved, the client organizes it by forcing the threads to execute in a sequential order (scheduling). This ensures that the data from different circuits can be handled and processed in a consistent manner.
-
New-Circuit Creation with
MaxCircuitDirtiness
:- In the
torrc
file, we set theMaxCircuitDirtiness NUM
option to force the creation of a new circuit after a certain amount of time (NUM seconds). This prevents circuits from becoming too "stale" and ensures that each test uses fresh circuits for performance evaluation.
- In the
-
Running
uTor
as a Function with Bento:- In addition to manual testing,
uTor
can be deployed as a function with Bento. This provides additional flexibility and scalability for running experiments on larger datasets or in different network environments.
- In addition to manual testing,
fingerprints.py
: Generates an exclude list of top fast relays to simulate more realistic network conditions by removing high-performance relays.- Customized
torrc
: Used for both the Onion Service and client-side to prioritize low-bandwidth relays and create a real-world testing environment. uTor.py
: Retrieves data via multiple circuits, simulating a multipath routing approach.- Data organization: Ensures data from different circuits is processed in a controlled manner using thread scheduling.
MaxCircuitDirtiness
: Forces circuit renewal, keeping circuit conditions fresh during long-running experiments.uTor
as a Bento function: Allows CenTor testing and experimentation at scale.
References:
- Bento GitHub: https://github.com/breakerspace/bento
- Shadow GitHub: https://github.com/shadow/tornettools