Researchers from the University of Waterloo and the US Naval Research Laboratory presented the results of the development of a Tor network simulator, comparable in the number of nodes and users to the main Tor network and allowing for experiments close to real conditions. The tools and network modeling methodology prepared during the experiment made it possible, on a computer with 4 TB of RAM, to simulate the operation of a network of 6489 Tor nodes, to which 792 thousand virtual users are simultaneously connected.
It is noted that this is the first full-scale simulation of the Tor network, the number of nodes in which corresponds to the real network (the working Tor network has about 6 thousand nodes and 2 million connected users). A full simulation of the Tor network is of interest from the point of view of identifying bottlenecks, simulating attack behavior, testing new optimization methods in real conditions, and testing security-related concepts.
With a full-fledged simulator, Tor developers will be able to avoid the practice of conducting experiments on the main network or on individual worker nodes, which create additional risks of violating user privacy and do not exclude the possibility of failures. For example, support for a new congestion control protocol is expected to be introduced in Tor in the coming months, and the simulation will allow us to fully study its operation before deployment on a real network.
In addition to eliminating the impact of experiments on the confidentiality and reliability of the main Tor network, the presence of separate test networks will make it possible to quickly test and debug new code during the development process, immediately implement changes for all nodes and users without waiting for the completion of lengthy intermediate implementations, more quickly create and test prototypes with implementation of new ideas.
Work is underway to improve the tools, which, as stated by the developers, will reduce resource consumption by 10 times and will allow, on the same equipment, to simulate the operation of networks that are superior to the real network, which may be required to identify possible problems with Tor scaling. The work also created several new network modeling methods that make it possible to predict changes in the state of the network over time and use background traffic generators to simulate user activity.
The researchers also studied the pattern between the size of the simulated network and the reliability of the projection of experimental results onto the real network. During Tor development, changes and optimizations are pre-tested on small test networks that contain significantly fewer nodes and users than the real network. It was found that statistical errors in predictions obtained from small simulations can be compensated for by repeating independent experiments multiple times with different sets of initial data, given that the larger the simulated network, the fewer repeated tests are required to obtain statistically significant conclusions.
To model and simulate the Tor network, researchers are developing several open projects distributed under the BSD license:
- Shadow is a universal network simulator that allows you to run real network application code to recreate distributed systems with thousands of network processes. To simulate systems based on real, unmodified applications, Shadow uses system call emulation techniques. Network interaction of applications in a simulated environment is carried out through the deployment of VPN and the use of simulators of typical network protocols (TCP, UDP). Supports custom simulation of virtual network characteristics such as packet loss and delivery delays. In addition to experiments with Tor, an attempt was made to develop a plugin for Shadow to simulate the Bitcoin network, but this project was not developed.
- Tornettools is a toolkit for generating realistic models of the Tor network that can be run in the Shadow environment, as well as for launching and configuring the simulation process, collecting and visualizing the results. Metrics that reflect the operation of the real Tor network can be used as templates for network generation.
- TGen is a generator of traffic flows based on parameters specified by the user (size, delays, number of flows, etc.). Traffic shaping schemes can be specified both based on special scripts in GraphML format and using probabilistic Markov models for the distribution of TCP flows and packets.
- OnionTrace is a tool for tracking performance and events in a simulated Tor network, as well as for recording and replaying information about the formation of chains of Tor nodes and assigning traffic flows to them.
Source: opennet.ru