1 / 24

Freenet

Freenet . A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg B Wiley T W Hong. Introduction. Design goals Producer and consumer anonymity Deniability for storers of information Resistance to hostile third parties

asher
Télécharger la présentation

Freenet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg B Wiley T W Hong

  2. Introduction • Design goals • Producer and consumer anonymity • Deniability for storers of information • Resistance to hostile third parties • Efficient dynamic storage and routing • Decentralization of network functions

  3. Features • Responds adaptively to usage patterns • Files are moved transparently, replicated and deleted without centralized location indexes • It operates at application layer • Assumes the existence of a secure transport layer

  4. Security Issues • How to provide anonymity? • Consumers may use browser proxy services • However, producers may keep session logs • Contacting a particular server reveals the information needed • Producers may ensure anonymity by using encrypted URL services • No protection against the operator of the service

  5. Architecture • Peer to peer network of nodes that query one another • Each node has it’s local data store and dynamic routing table • Enables users to share unused disk space and increases the storage capacity of the network

  6. Basic Model • Nodes know only their immediate upstream and downstream neighbors • Queries are given a unique identifier and hops-to-live count • Queries are forwarded to a node based on previous information

  7. If a previous message is seen, forwarded to another node • Process continues until file is obtained or hops-to-live counter is exceeded • Success or Failure is passed back up the chain

  8. Retrieving Data • User hashes a short descriptive string to obtain file key • She then sends the “Request” message to her own node • If present, returns with message saying it was the source • If not, looks up nearest key in routing table and forwards to the next node

  9. If request is ultimately successful, node passes it back up the upstream requestor • It also makes a local cache of the very same file • Future requests will be serviced faster • Similar keys will also be forwarded to the same node • For security, any node along the path can claim to be the author of the file

  10. If a node cannot forward to it’s preferred downstream node, it sends to it’s second-nearest key • If that doesn’t match, then third nearest key and so on • If none of them match, it sends a failure message to it’s upstream node which follows the same procedure

  11. Storing (Inserting) Data • Similar to requesting data • User picks a text string(title) and hashes it to a file key and sends it to her node • If there is a collision, user is informed • If no collision, node sends to the closest key in routing table

  12. This goes on until hops-to-live is reached • If a collision occurs anywhere, the node sends back the file along with a notice and is treated as a request • If not, the file is sent and copied at each node

  13. Effects 1. New files tend to end up near files with similar keys enabling efficiency 2. New nodes can inform the network of their existence 3. An attacker trying to insert a corrupted or empty file under the same key will actually spread the real file further

  14. Managing Data • Node storage uses a LRU cache • When a new file arrives, by insert or request, the least recently used file is removed • Thus, if a file is needed, it will remain on some node • Or it will fade away

  15. Naming, Searching, Updating • Possible Name collisions are a problem • Solutions :- • Introduce two level structure, wherein Real files are stored under a unique key • An indirect file consists of a list of binary keys corresponding to that name and a search is made • Protects against malicious attacks of replacement

  16. Insertion • Author can insert a no. of indirect files with pointers to real files • Collisions could be accepted in these files and be a sort of library of similar text titles • Private key encryption and public key decryption could be used to get info • Indirect file could also inserted under a signature verifying key

  17. Performance • Networks of 500 – 900 nodes • Each with a datastore size of 40 items • Routing table size of 50 addresses • 10 unique items stored in each node

  18. Security • Primary Goal – To provide anonymity of requestors and inserters of files • Receiver anonymity may be viewed as key anonymity • In Freenet routing depends on the key, so it is not possible • Hashes of keys may be used

  19. Sender Anonymity • A node does not know whether it’s downstream neighbor is the actual source or forwarding it • A statistical analysis of network traffic may help the attacker in determining the source • Depth value may also help in determining the source

  20. To prevent an eavesdropper, user should use the node on her own machine as the first point of entry • Messages between nodes are encrypted • Pre routing can be added by encrypting with a succession of public keys • This determines the route of the encrypted message

  21. Denial of Service Attacks • Insert a lot of garbage files • Use the Hash Cash scheme to prevent against this • Divide storage into two sections – one for new inserts and one for ‘established’ files • Protects against a person trying to spread garbage files • Difficulty in introducing genuine new files

  22. Conclusion • This scheme keeps information anonymous and is highly scalable • Provides effective means of storage and retrieval • More rigorous tests with many more nodes and improvements to the basic protocol are required

  23. Gnutella • Many similarities exist between Freenet and Gnutella • Everyone is visible to everyone else as long as you are ‘online’ • Users are split up into groups • Gnutella employs a broadcast search for files which grows exponentially

  24. Napster • Napster has a centralized server, which does not store any data • It coordinates searches of users • Security risk – • If centralized server is shut down, no way of distributing files • The law!

More Related