Anonymity systems are critical in achieving free, open communication on today's Internet. In particular, Tor, a popular peer-to-peer anonymous ssystem, has become a staple in resisting online censorship by rogue nations and allowing journalists to safely communicate with sources world-wide.
However, it is surprisingly difficult to create a robust, efficient service that runs on top of a system like Tor. Today, the use of Tor is largely relegated to web proxies and hidden services, and unfortunately, neither of these applications have the ability to scale to handle dynamic workloads or attacks by automated bots.
Conversely, in the "non-anonymous" Internet, services are thriving like never before due to innovations in software-defined networking (SDN), network function virtualization (NFV), and content delivery networks (CDNs). The present and future Internet is comprised of programmable networks, but there do not exist the basic primitives to achieve such features in anonymous networks.
Our architecture, Bento, allows users to write functions and upload them to willing Tor relays. The architecture protects relays from the functions they are running on behalf of other users, and protects the users from the relays running their functions.
We are developing a myriad of functions that demonstrate that a programmable Tor can be a more secure, robust, and anonymous Tor. Stay tuned for more details!
Our artifact-evaluated Bento source code is available.
This work has spawned off multiple sub-projects. More information, including links to code repositories, are available at these sites: