Freenet an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Clarke, et.al. Goals & Properties Goals Anonymity for producers and consumers Deniability for storers Resistance to denial of service attacks Efficient storage and routing Decentralization Properties Whole file is the unit of storage No guarantee of permanent storage Operates at application layer Files named by location-independent keys Transparent lazy replication 1
Assigning a Key keyword-signed key : key is derived from a short descriptive string chosen by the user when the file is inserted into the system signed-subspace key : key is derived from the public key generated by the user; creates a personal namespace content-hash key : key is derived from hashing the file s contents Note: content-hash key and signed-subspace key canbeusedwithan indirection mechanism to handle updatable files. Keyword-signed key string key generation public key private key hash file key file stored file signature encrypt Note: retrieval requires only string Problems resulting from flat name space: Collisions (different users selecting same string for different files) Key-squatting (junk files in popularly named positions) 2
Signed-subspace key public key string hash hash xor hash file key private key stored file file encrypt signature Notes: retrieval requires (string, public key) directory simulation through a file containing descriptive strings for other files Content-hash key hash file file key stored file encrypt random key Note: retrieval requires (file key, random key) 3
Updateable Files indirect file (file key, random key) (1) insert using CHK (2) insert using SSK file (3) publish (public key, string) Notes: A combination of content-hash keys and signed-subspace keys To update: 1. Insert new file using CHK method using new (file key, random key) 2. Insert new indirect file using original (public key, string) Key collisions on indirect file causes older version to be discarded Old version of file still available using its (file key, random key) index Technique can also be used to split large files into parts Message Structure 64 bit randomly generated Used to prevent routing cycles request/reply transaction ID hops-to-live depth payload Incremented at each hop Used to set hops-to-live in response Initialized to small random value When =1, not automatically incremented with probability p Set by sender to limit propogation Decremented on each hop When = 1, forwarded again with probability p 4
Retrieval (key, hops-to-live) (1) request (7) deliver file local node (2) check local store (6) Update route table (3) send request using routing table (4) file & source (5) cache local store Notes: Request contains (key, hops-to-live) Any node on reply path can change source to be itself or any other node File cached at all nodes along return path 1. Improved subsequent access 2. Redundancy improve fault tolerance Routing key 1 key 2 node 1 node 2 Notes: Each node maintains routing table Route request to node which has the closest lexicographic matching key Use depth-first-search with backtracing Table entries added as new files acquired by the node routing table 5
file key Insertion (1) insert local node (2) check local store (3) send insert using routing table (5a) if file, update route table (4) file or OK (5a) if file, cache (5b) If OK, send file local store Notes: Inserted file stored at all nodes along search path Any node on path can change the source to itself or any other node Inserts announce the existence of the node Attempts to insert junk files are rejected and the real file is further propagated Scalability 6
Fault Tolerance Free Haven the Free Haven Project aims to design, implement, and deploy a functioning distributed anonymous storage service. Dingledine et.al. 7
Forms of Anonymity Anonymity of agents (authors, publishers, readers, and servers) no link between the agent and a given document Document anonymity servers do not know what documents they store Query anonymity servers do not know the identity of documents which satisfies a users request Structure Documents (file) Each document is divided into shares Each document is assigned an expiration date Servers Community of servers servnet Each server has a persistent identification pseudonym Each server exposes a public key and a (set of) remailer reply blocks Each server has a database of the public keys and the remailer reply blocks of all other servers Servers form contracts to store shares for a specified interval of time Fulfilling a contract increases that server s reputation 8
Insertion A file F is broken into shares f 1,,f n where k (<n) shares are needed to reconstruct the file A key pair (PK doc,sk doc ) is generated for F Each share is signed All shares of a given file are indexed by Hash(PK doc ) Possible share representation: <share> <PKdoc> ce41f889d7569704e89edbdddf243662d8c784</pkdoc> <sharenum> 1 </sharenum> <totalshares> 100 </totalshares> <sufficientshares> 60 </sufficientshares> <expiration> 2000-06-11-22:25:24</expiration> <data> </data> <signature> digital signature of above </signature> </share> Retrieval Reader Generates (PK client,sk client ) key pair for the transaction Generates a one-time remailer reply block (rrb) Broadcast request (H(PK doc ), PK client, rrb) to all servers Server Checks for availability of any shares with index of H(PK doc ) Encrypts each found share with PK client Sends each encrypted share using rrb 9
Remailer Reply Blocks Goal: a sender is provided by a receiver (nym) with the means to transmit a message to that receiver such that the sender has no knowledge of the actual receiver usr@a rem@b rem@isp server Constructing a reply block Anon-To: usr@a Encrypt-Key: key1 Encrypt with public key of rem@b Anon-To: rem@b Encrypt-Key: key2 replyblock-1 Encrypt with public key of rem@isp Anon-To: rem@isp Encrypt-Key: key3 replyblock-2 10
Encryptions in transit message cyphertext-a cyphertext-b sign; encrypt with nym public key encrypt with key3 encrypt with key2 encrypt with key1 cyphertext-a cyphertext-b cyphertext-c Flow of data server rem@isp rem@b usr@a replyblock-2 cyphertext-a replyblock-1 cyphertext-b cyphertext-c 11