Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers.” Clarke, et.al.

Goals & Properties Anonymity for producers and consumers Deniability for storers Resistance to denial of service attacks Efficient storage and routing Decentralization Whole file is the unit of storage No guarantee of permanent storage Operates at application layer Files named by location-independent keys Transparent lazy replication Goals Properties

Assigning a Key keyword-signed key : key is derived from a short descriptive string chosen by the user when the file is inserted into the system signed-subspace key : key is derived from the public key generated by the user; creates a personal namespace content-hash key : key is derived from hashing the file’s contents Note: content-hash key and signed-subspace key can be used with an indirection mechanism to handle updatable files.

Keyword-signed key key generation string private key public key hash file key file signature encrypt stored file Note: retrieval requires only “string” Problems resulting from “flat” name space: Collisions (different users selecting same string for different files) Key-squatting (junk files in popularly named positions)

Signed-subspace key string public key hash file key encrypt stored file private key file signature hash xor Notes: retrieval requires (string, public key) directory simulation through a file containing descriptive strings for other files

Content-hash key random key file key encrypt stored file file hash Note: retrieval requires (file key, random key)

Updateable Files Notes: A combination of content-hash keys and signed-subspace keys To update: 1.Insert new file using CHK method using new (file key, random key) 2.Insert new indirect file using original (public key, string) Key collisions on indirect file causes older version to be discarded Old version of file still available using its (file key, random key) index Technique can also be used to split large files into parts file (1) insert using CHK (file key, random key) indirect file (2) insert using SSK (3) publish (public key, string)

Message Structure Incremented at each hop Used to set hops-to-live in response Initialized to small random value When =1, not automatically incremented with probability p transaction IDhops-to-livedepthpayload Set by sender to limit propogation Decremented on each hop When = 1, forwarded again with probability p 64 bit randomly generated Used to prevent routing cycles request/reply

Retrieval (key, hops-to-live) local node local store (1) request (2) check local store (3) send request using routing table (5) cache (4) file & source (6) Update route table (7) deliver file Notes: Request contains (key, hops-to-live) Any node on reply path can change source to be itself or any other node File cached at all nodes along return path 1.Improved subsequent access 2.Redundancy improve fault tolerance

key 1 node 1 key 2 node 2 …… Notes: Each node maintains routing table Route request to node which has the closest lexicographic matching key Use depth-first-search with backtracing Table entries added as new files acquired by the node routing table Routing

Insertion local node local store (1) insert (2) check local store (3) send insert using routing table (5a) if file, cache (4) file or OK (5a) if file, update route table filekey (5b) If OK, send file Notes: Inserted file stored at all nodes along search path Any node on path can change the source to itself or any other node Inserts announce the existence of the node Attempts to insert junk files are rejected and the real file is further propagated

Scalability

Fault Tolerance

Free Haven “…the Free Haven Project aims to design, implement, and deploy a functioning distributed anonymous storage service.” Dingledine et.al.

Forms of Anonymity Anonymity of agents (authors, publishers, readers, and servers) – no link between the agent and a given document Document anonymity – servers do not know what documents they store Query anonymity – servers do not know the identity of documents which satisfies a users request

Structure Documents (file) –Each document is divided into shares –Each document is assigned an expiration date Servers –Community of servers – servnet –Each server has a persistent identification – pseudonym –Each server exposes a public key and a (set of) r er reply blocks –Each server has a database of the public keys and the r er reply blocks of all other servers –Servers form contracts to store shares for a specified interval of time –Fulfilling a contract increases that server’s reputation

Insertion ce41f889d e89edbdddf243662d8c :25:24 … …digital signature of above… A file F is broken into shares f 1, …, f n where k (<n) shares are needed to reconstruct the file A key pair (PK doc, SK doc ) is generated for F Each share is signed All shares of a given file are indexed by Hash(PK doc ) Possible share representation:

Retrieval Reader –Generates (PK client, SK client ) key pair for the transaction –Generates a one-time r er reply block (rrb) –Broadcast request (H(PK doc ), PK client, rrb) to all servers Server –Checks for availability of any shares with index of H(PK doc ) –Encrypts each found share with PK client –Sends each encrypted share using rrb

R er Reply Blocks Goal: a sender is provided by a receiver (nym) with the means to transmit a message to that receiver such that the sender has no knowledge of the actual receiver server

Constructing a reply block Anon-To: Encrypt-Key: key1 Encrypt with public key of Anon-To: Encrypt-Key: key2 replyblock-1 Anon-To: Encrypt-Key: key3 replyblock-2 Encrypt with public key of

Encryptions in transit message cyphertext-A sign; encrypt with nym public key encrypt with key3 cyphertext-B cyphertext-A encrypt with key2 cyphertext-C cyphertext-B encrypt with key1

Flow of data replyblock-2 cyphertext-A server cyphertext-C replyblock-1 cyphertext-B