1. F REENET UDAYA S PISIPATI 02/26/08

2. C ONTENTS  Introduction  Design goals  Architecture  Basic model  Keys in searching  Retrieving data  Storing data  Managing data  Adding nodes  Protocol details  Performance Analysis  Small world model  Security  Conclusion

3. I NTRODUCTION  Drawbacks of current networked systems: Privacy Availability  Systems offering greater security and reliability are needed  Freenet -distributed information storage and retrieval system designed to address these concerns  Preliminary implementation can be downloaded from http://www.freenetproject.org/ http://www.freenetproject.org/

4. D ESIGN GOALS Anonymity for both producers and consumers of information Deniability for stores of information Resistance to attempts by third parties to deny access to information Efficient dynamic storage and routing of information Decentralization of all network functions

5. A RCHITECTURE Data files are named by location independent keys Nodes in the network query one another to store and retrieve these files Each node maintains its own local datastore, available to the network for reading and writing Dynamic routing table contains addresses of other nodes and the keys that they are thought to hold Users are provided hard drive extensions Requests for keys are passed from node to node Local decisions are made by each node Nodes only have knowledge of their immediate upstream and downstream neighbors in the chain Hops-to-live limit and pseudo-unique random identifiers are assigned to each node No node is privileged over any other node

6. K EY B ASED S EARCHING FILE ‘Desc’– key generation  Pb + Pr ; SHA(Pb) Desc + Pr KSK Encrypted FILE Signature E(FILE, Desc) Keyword signed key(KSK) Easy for retrieval – only need ‘Desc’ Minimal protection against tampering- Dictionary attacks, same Descriptive string for two files

7. K EYS AND S EARCHING ….. Problems with KSK – flat namespace (collisions), key squatting, dictionary attacks Signed Subspace Key (SSK) Randomly generated key pair  namespace ID SSK = SHA( SHA(‘D’) XOR SHA(Pb) ) Pr used to sign the file, file encrypted by using D (-)Publish – subspace Pb + ‘D’ (+)Owner can construct hierarchical space of arbitrary depth - using indirect files

8. KEYS AND SEARCHING… Content Hash Keys (CHK) = SHA (file contents) Files encrypted by a random encryption key Publish CHK + decryption key CHK + SSK  easily updateable files 2 step process – publish file, publish pointer Results in pointers to newer version Older versions accessed thru CHK Can be used for splitting files

9. K EYS AND SEARCHING : I NSERT, U PDATE AND S PLIT Insert a file under its CHK An indirect file (whose contents are the CHK) is inserted under the SSK Retrieval possible in two steps when SSK is known For updating the file, insert a new version under its CHK (different from the CHK of the old version) Insert a new indirect file under the original SSK pointing to the updated version Key collision occurs when the insert reaches the node which possesses the old version Check the signature on the new version and replace the old version if the signature is valid and most recent Split the file into a number of parts and insert each part under a CHK, also create an indirect file to point to the individual parts

10. R ETRIEVING DATA

11. S TORING DATA User calculates the binary file key for the file and sends a message to the his/her own node specifying the proposed key and a hops to live value The node checks to see if the key is already taken, if the key is found, the node returns the file like the result of a search, the user now chooses a different key and repeats the procedure If key is not found, the user node looks up the nearest key in its routing table and forwards the insert to the corresponding node If the hops-to-live limit has been reached without a key collision being detected, an “all clear” result will be propagated to the original inserter

12. M ANAGING DATA Node storage is managed as an LRU cache When a new file arrives which would cause the datastore to exceed the designated size, LRU files are evicted in order until there is room Advantage: This method allows outdated documents to fade away naturally

13. A DDING NODES

14. P ROTOCOL DETAILS Packet oriented protocol Request.Handshake Reply.Handshake Request.Data Reply.Restart Send.Data Reply.NotFound Request.Insert

15. R ING T OPOLOGY 1000 nodes in ring topology Datastore = 50 items RT = 250 items Keys associated with links are hash of destn IPs

16. PERFORMANCE ANALYSIS: SMALL WORLD MODEL Identification of a small-world network: Existence of a scale-free power-law distribution of links within the network The tail of the distribution provides the highly connected nodes needed to create short paths Result: The distribution closely approximates a power law except for the anomalous point representing nodes with filled 250-entry routing tables Loss of poorly connected nodes will not greatly affect routing in the network

17. S ECURITY : A NONYMITY PROPERTIES OF F REENET SystemAttackerSender Anonymity Key anonymity Basic FreenetLocal Eavesdropper Exposed Basic FreenetCollaborating nodes Beyond suspicionExposed Freenet + Pre-routing Local Eavesdropper ExposedBeyond suspicion Collaborating nodes Beyond suspicionExposed

18. C ONCLUSION Freenet provides an effective means of anonymous information storage and retrieval It keeps information anonymous and available while remaining highly scalable WIP: Implementing of a simulation and visualization suite which will enable more rigorous tests of the protocol and routing algorithm WIP: Implementation of a public-key infrastructure to authenticate nodes and create a searching mechanism

19. REFERENCES "Freenet: A Distributed Anonymous Information Storage and Retrieval System” http://www.doc.ic.ac.uk/~twh1/academic/papers/icsi-revised.pdf