[tor-dev] [GSoC '16] Exitmap project - Introduction and request for comments

Mridul Malpotra mridul.malpotra at gmail.com
Fri Mar 18 05:56:01 UTC 2016

Hi everyone! I'm Mridul. I wish to apply for the Exitmap improvements
project mentored by Dr. Philipp Winter for the Google Summer of Code 2016.
My current IRC handle is mtyamantau.

        1. Introduction - About myself and experience with Tor
        2. Exitmap - Current progress and questions
        3. GSoC - Rough proposal structure and questions

1. Introduction - About myself and experience with Tor

I'm Mridul Malpotra, currently in my senior year pursuing bachelors in
Computer Science from IIIT Delhi, India. My interests primarily lie in
computer networks and network security, specifically anonymous networks
like Tor and I2P. Through my now 1-year long undergraduate thesis work
under Dr. Sambuddho Chakravarty, I have had exposure to the Tor network,
relevant literature and some related projects, which helped me better
understand and appreciate the current research and development going on.

My work involved manually setting up testbeds through testing Tor networks
on our institute intranet as well as on PlanetLab (for those wondering, I
had recommended Chutney and Shadow). The current private testing Tor
network is running on a PlanetLab slice (iiitd_mridul2) with ~170 nodes
globally and 3 directory authorities. I used the control protocol through
the Stem library to help in multiple circuit creation and stream
attachments for measuring performance of a software over Tor.

I have also had experience with open source software, by contributing to
the Non intrusive load-monitoring toolkit (NILMTK) which is based on Python
and Pandas. While working there, I helped contribute code for additional
features, fixed a few bugs and also worked with a few of Python's package
management and documentation systems. Relevant links:

2. Exitmap - Current progress and questions

I recently read about Exitmap in the 'Differential Treatment of Anonymous
Users' paper by Khattak et. al. The use case for fast automated scanning
through Exitmap to evaluate ~1000 exit nodes was really interesting. On top
of that, it fitted my use case of testing a particular software's
performance over Tor. Familiarizing myself with the source code, I think I
understand the basic layout for how the scanner works and appreciate the
modularity of task executions. I followed the project's progress on github
and have read the 'Spoiled Onions' paper by Winter et. al.

In the coming 2 days, I plan to tinker around more with the code, discuss
concerns, issues and/or suggestions if any, and get myself properly
familiarized with the codebase. I also have certain ideas regarding what
modules could be added and improvements made, some of which I have
mentioned in the next section. I will also be reading the tech report on
Exitmap and would be grateful if you can recommend any other resource(s)
that I should be referring to.

Lastly, I had a few queries related to the project and/or paper and
apologize for the naivety in the questions if any.
        a. How was the bifurcation between stand-alone and same-process
modules decided? Are there any advantages to allow for multiple forked
processes for specific modules?
        b. For testing active attacks, can there be modules developed
keeping other cleartext protocols like SNMP and Telnet in mind?
Alternatively, is there a way to determine what protocols are being used
over Tor and their popularity?
        c. How is Exitmap being crowdsourced currently? I'm interested to
know how data is being collected from volunteers running the scanner.

3. GSoC - Rough proposal structure and questions

Here I am listing the possible objectives that my project will be focusing
on. I request your feedback and comments on the chosen topics and their

        1. Achieve autonomous scanning in Exitmap with periodic scans that,
based on a certain algorithm, fetches relay descriptors and automates
various subtasks for consistent data collection and verification. The main
challenges that I expect will be intelligently recognizing which tasks to
automate and when, and making the entire background process execution
efficient in resource consumption.

        2. Emulating multiple user interaction in individual modules and in
Exitmap overall to provide indistinguishability to Exitmap from regular
users. I will try to explore libraries for this purpose like Splinter with
Selenium or BeautifulSoup with Requests that help dynamically interaction
with the web resource. The main challenges that I expect will be to scale
this automated testing alongside the running asynchronous jobs and making
the entire scans look like genuine user interactions. Any suggestions on
better ways to do this will be helpful.

        3. Making the codebase more robust by adding unit test cases. I
plan on using either the plain unittest/unittest2 framework or
nose/nose2/pytest tools or any other alternatives that I may find or be
recommended. I plan to simultaneously write the unit test cases for new
code added and improve upon the exiting testing programs.

        4. (Optional) I read from the mail threads on the tor-dev mailing
list that the code needs to be converted to be Python3 compatible. Would
like your opinion on whether it is a viable option and if it is possible,
would like to include this in my list of tasks.

        5. (Optional) If I can spare time in the milestone timeline and if
discussion leads to some clarity, I would like to add another module for
more cleartext protocols that could be implemented like SNMP or Telnet. I
am also looking at possible local to remote attacks that are active at the
application layer and could be tested in Exitmap. I'll update if I find

Next, I am drafting a week-wise timeline of what I plan to do over the
duration of ~3 months. I will be dividing task 1 and 2 before and after the
mid-term, with the optional tasks done in either of the slots and testing
done alongside for everything. This is to ensure incremental milestones
that can be useful to the community as I develop. Also, as I gain clarity
on my objectives, I plan to refine this timeline to a week-wise format with
buffers placed accordingly and present it in 2 days time.

Lastly, I would appreciate any suggestions, criticism or feedback on this
proposal regarding content, volume or specificities. I am looking forward
to contributing to the Tor Project organization and interacting with
developers here.

Thanking you, (long mail I know, sorry)

Mridul Malpotra
Undergrad @ IIIT-Delhi <https://www.iiitd.ac.in/>
PGP keyID: 0xb716e33ab6d0a653
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160318/91eabc4a/attachment.html>

More information about the tor-dev mailing list