An Anonymous Whistle-Blower and Document-Sharing Network

Home , Anonymous P2P, Morpheus (software)

Int'l Conf. Security and Management | SAM'15 | 157

WARP Net: An Anonymous Whistle-blower and Document-Sharing Network

Sean C. Mondesire College of Engineering and Computer Science, University of Central Florida, Orlando, FL, USA

Abstract— Recently, whistle-blowing media articles have With WARP Net, we contribute a simple, decentralized net- revealed wide-scale ethics violations and questionable gov- work where whistle-blowing documents and memorandums ernment and business behavior. These stories are grabbing are anonymously distributed. the headlines and shaking up global political and corporate The differences between WARP Net and other P2P over- landscapes. The alarming activities include improper busi- lay networks are in the proposed network’s n-tiered user- ness practices, gross negligence, and legal actions performed structure, data hopping, and ability to self-organize. The by some of the largest and most influential institutions combination of each of these features is dedicated to address around the globe. Unfortunately, there are many cases of specific security issues prevalent in popular P2P networks, negative repercussions on the whistle-blowers, the individ- including the identification of data sources and requesters. uals who are bringing awareness of these questionable Furthermore, this network addresses security issues prevalent behaviors. in other P2P networks, such as man-in-the-middle attacks This work addresses the problem of whistle-blower safety and mass malicious user collaboration. Through experimen- by providing a secure mechanism for information distribu- tation, we demonstrate the feasibility of the overlay network tion that protects the identity of its sources. We accomplish and analyze the impact of the data hopping on network this goal by presenting WARP Net, an anonymous peer-to- traffic. To do so, a data transfer comparison is made between peer overlay network that is centered on data hopping. With WARP Net and FreeNet, an established anonymous P2P WARP Net, we contribute a simple, decentralized network network that serves as the inspiration for many modern peer- where whistle-blowing documents and memorandums can based networks. be anonymously distributed. Through experimentation, we The paper is organized in the following manner: first, validate the feasibility of WARP Net by comparing its data a discussion is made on related P2P networks and the transfer and routing protocol with FreeNet, an established security challenges they face. Second, we define WARP anonymous peer-to-peer network. Net, covering the network’s topology, message routing, and self-organization. Finally, a demonstration of the network’s Keywords: Peer-to-Peer, Anonymous Document Sharing, feasibility is provided with an evaluation of its anonymous Whistle-blowing. message routing. 1. Introduction 2. Background Whistle-blower reporting of ethics violations and questionable practices in politics, government, and the corpo- Peer-to-Peer (P2P) networking is a type of information rate world is a recent emerging and popular media trend. distribution where individual networked computers (nodes) This type of reporting has uncovered incidents of improper share data directly with each other. This type of distribu- business practices, employee and animal abuses, and gross tion counters client-server based networks, where dedicated negligence . Furthermore, whistle-blowers have uncovered servers store and distribute data to nodes. P2P networks have questionable behaviors performed by government agencies, gained wide-spread popularity in the early 2000s with the including widespread surveillance programs and corruption presence of file-sharing software Napster, Gnutella, Kazaa, of power [1], [2]. Unfortunately, many whistle-blowers re- LimeWire, and Morpheus [6], [7], [8]. These and other ceive negative consequences after coming forward, resulting P2P file-sharing networks have allowed users from across in job termination, harassment, death threats, and legal the Internet to share and access media and document files persecution (ranging from being sued for financial damages effortlessly. Due to large-scaled copyright infringement and to being tried for treason) [3], [4], [5]. intellectual property and illegal material distribution, many This work addresses the problem of whistle-blower safety of these early P2P networks have been forced to become by providing a secure mechanism for information distribu- inactive or change their distribution method due to govern- tion that protects the identity of its sources. We accomplish ment and commercial prosecution [9], [10], [11]. In addition, this goal by presenting WARP Net, an anonymous peer-to- organizations, such as the Recording Industry Association peer (P2P) overlay network that is centered on data hopping. of America (RIAA) and the Motion Picture Association of 158 Int'l Conf. Security and Management | SAM'15 |

America (MPAA) has filed lawsuits against individual P2P cripple the network’s servers [18]. Anonymous P2P net- users for copyright infringement and the illegal distribution works face additional threats, including source identification of intellectual property [12]. These lawsuits have encouraged techniques, such as man-in-the-middle attacks, computer the development of decentralized, anonymous P2P networks network exploitation, and group collaborating. Man-in-the- that are robust and fault tolerant, hide the identity of its data middle (MitM) attacks occur when a third-party interrupts sources, and protect the activity of their users from third- the transfer of data between two, normally directly con- parties. nected, computers. This attack allows the MitM to intercept- then-forward data transmission, falsify data, compromise 2.1 Anonymous P2P Technologies encryption keys, and pinpoint the data origins. Computer Freenet is one of the first widely used anonymous P2P network exploitation (CNE) is a sophisticated method of networks that aimed at protecting user activity [13]. The net- data eavesdropping where a third-party is able to isolate work is a decentralized data store which heavily relies on its all network information entering and exiting an Internet IP; key-based routing system to protect queries and file retrieval. this type of attack has compromised the identity of data In essence, Freenet is a network of nodes communicating sources on the anonymous network Tor [19]. Finally, group with one another through the use of encrypted messages. collaboration occurs when a trusted P2P group is infiltrated Freenet nodes connect to several other users running the with a large portion of collaborating users with the intention Freenet protocol to establish a network of neighbors. When to undermine data hopping. Here, the collaborators share a node wishes to query for a file, encrypted messages are data hopping information to assist in the identification of passed from neighbor to neighbor. When a query command data sources and queries. Due to the complexity and resource is received, the node will search its local data store to detect required to execute a successful CNE, the presented work fo- if portions of the file are stored locally or if the location cuses on countering MitM attacks and group compromising. is known on the network, and return the results to the One generally successful method to counter MitM attacks neighbor who passed the query message. If the file location and group collaboration is the enforcement of the Friend-to- is unknown to a node, the query message is passed to that Friend philosophy for P2P networks. The main idea behind node’s neighbors. If the file location is not known after Friend-to-Friend (F2F) networks is that nodes only connect reaching a predefined search depth, messages are returned to nodes either they can trust or to nodes a friend of in reverse order, notifying neighbors a search branch has someone in a friend-of-a-friend web can trust. Files are not located the file. The use of relaying messages from only shared and queries are only made within a web-of- node-to-node guarantees the anonymity of the query author. trust where each node can be traced to another node through The guarantee is made since nodes can always claim to ’friend’ associations. Unfortunately, the enforcement of a be relaying another node’s query. To further enforce the F2F network does not guarantee complete security as it anonymity of users, Freenet encrypts and fragments shared carries two major disadvantages: 1) malicious "friendly" files to distribute the content across the network. Here, if nodes can infiltrate a network and 2) files outside of the a consumer knows the identity of the file producer, the friend web are unreachable. producer cannot be held accountable for the file transmission since it cannot have any idea of what file it is sharing. 3. WARP Net Other anonymous P2P systems include GNUnet [14], WARP Net is a P2P overlay network that is designed Free Haven [15], and the popular Tor Project [16]. Similar to protect the activity of its users. Particularly, WARP Net to Freenet, these systems incorporate message hopping to anonymizes data sources (whistle-blowers) and distributes establish anonymity and claim to be censorship-resistant. their documents to their intended in-network destinations. In particular, Tor focuses on anonymizing a user’s Internet The network employs a public-key cryptosystem to guard activity by forwarding network requests between nodes until network messages from prying eyes internal and external of a time-to-live (TTL) has expired. Upon expiration, the last the network. Succinctly, the network protects user anonymity node to receive the request acts on it on the source’s behalf. by establishing an n-tiered, F2F, encrypted message-hopping Then, the request’s results are traversed back to the source. network. Again, this type of routing makes it difficult for attackers to identify request sources, which improves the chances 3.1 Topology of anonymous web browsing, file transfers, and document WARP Net is an n-tiered based hierarchy where each sharing. level represents a top-down decomposition of a networked organization. First, the entire network represents an organi- 2.2 Security Issues in P2P Networking zation with several subparts. Each subsequent level contains Security exploits are known to have compromise P2P a lower structure role in the organization until a level of a networks in the past, ranging from the spread of malware collection of individual computers is reached. For simplicity, [17] to the execution of denial of service attacks that the remainder of the paper uses a 3-tiered hierarchy, where Int'l Conf. Security and Management | SAM'15 | 159

each level represents a unique role within the system. Figure reputation ratings, and have managed their groups properly. 1 shows an example of the 3-tiered network’s topology. LLs divide their resources by forwarding messages between groups and other LL’s and monitoring group behavior and performance. Two additional entities that exist in the system are the bootstrap and group servers. Bootstrap servers act as an entry point to the network for any node attempting to connect without knowledge of any other nodes. This server constantly receives updates from LLs on the network status and group formations to point newly-arrived nodes to the correct LL to join a desired group. Group servers act as dedicated entities that issue group encryption keys for group member validation and malicious node pruning. The network can thrive without both of these entities if addresses of online nodes are available and if a trusted third party is deemed unnecessary for key certification and distribution. Fig. 1: 3-Tiered WARP Net Hierarchy 3.2 Group Formation In this 3-tier example, all connected computers belong to a The network’s hierarchy is predetermined and established fictitious company and have unique organizational roles. The at the Bootstrap server. This minimal set of network organi- ”company” has three departments (administrated by lead- zation requires at least one LL, group, and GL to be online ers). Each leader is responsible for multiple teams (known and aware of the organization before accepting any users. as groups). Each group is comprised of a collection em- When a node wishes to locate fellow group members ployees (user-nodes). A user-node represents an individual through another node, a query can be sent containing a employee’s connected computer used to query and upload group search message signed using the group’s private key. and download documents. Each group has a small set of Eventually a node with the group’s public key will receive supervisors (group-leaders) that relay information between the message, most likely a LL, and retrieve the location of the users-nodes and leaders. Each leader relays information one of the group’s active GLs. The query will then be replied between leaders of other departments. More details about the along the same path to the verified incoming group member. responsibilities and capabilities of each role are described If a group member joins the network but is the only active below. one, the closest LL will recognize that group member to User-node: The bottom tier is comprised of user-nodes. be the sole active GL and will redirect any future group User-nodes have the privilege of making, answering, and inquiries to that active member. forwarding queries. They can also introduce and distribute When a group member joins the group or when a GL documents and files throughout the network. disconnects, the online GLs must make decisions on who to Group-Leaders: The middle tiered role is that of group- promote based candidate processing power and bandwidth. leaders (GL). GLs represent the current hosts of a group Once a new GL is assigned, the other GLs will update where user-nodes connect to in order to join the network and the promoted node’s status by transmitting collected query interact with other group members. GLs connect each group data and group status information. In addition the new GL member to other groups by establishing links to leader-of- will establish connections to all of the group members it is leader nodes. GLs divide their bandwidth and processing responsible for. The number of GL to user-node coverage is power between providing the services user-nodes offer, re- based on the group’s configuration where some groups may solving interaction disputes, validating incoming users, and want all of their GLs to be connected to all of the members maintaining the group formation. or have each GL be in charge of a section of the group. Leader-of-Leader: The top tier of the hierarchy is the Groups that allow GLs to connect to all group members leader-of-leader (LL) role. LLs connect groups to other allow each GL to act as a backup where if one GL is busy, groups by forwarding messages from one group’s GL to a another GL is easily accessible to provide the same service. different group’s GL. The main job of LLs is to forward mes- Also, messages can be verified easier with majority voting if sages from one group to all of the other connected groups. repetitive messages are transmitted from one group member LLs act very similar to GLs except they are responsible for to all of the GL. Groups that divide the group responsibilities GL behavior. The activities of LLs are checked by other LLs decrease the workload placed on each GL and allow these of the same leader-group (connected LLs governing the same nodes to focus serving their user-nodes. subset of groups) and their connected GLs. LLs are pro- Finally, the new GL will connect to the assigned LLs to moted from the GLs who have fast connections, outstanding allow the group to communicate with other groups. Once 160 Int'l Conf. Security and Management | SAM'15 |

the new GL is updated, that node can be used to help the We assume that each group member stores the public keys group process network requests and traffic. of their fellow group members and LL. This is because every LLs are assigned in a similar manner as the GLs. The ratio node can know the public keys of other nodes in different of LLs to groups should be adequate enough for each LL to groups by asking to the bootstrap. process network messages without creating a bottleneck or slow network performance. The performance of LLs is vital 3.4 Routing Protocol to the health of the system since LLs provide the links that The routing protocol describes how nodes communicate connect groups together and manages the communication with one another. The passing of messages allow file queries, between different sections of the network. With this reason, files transfers, postings, and network status updates to be LLs should be the most stable and high performing nodes processed securely throughout the network. All messages on the network because of the high performance demands exchanged between group members are encrypted using the query look-ups and data relays necessary to maintain the group’s symmetric key. Messages exchanged between non- network. group members are encrypted in a symmetric key generated When a group comes online for the first time, a leader- between the two nodes’ group public keys. All message group will be assigned to it by the pre-configured Bootstrap content remains unchanged while traveling between nodes. server. This normally means the leader-group that receives File Broadcasts: All document file names are broadcast the sole group member will be the leader-group that will to the entire group and to the group’s LL once a document service it. If a LL disconnects, the LLs of that leader- file is received at the GL. This broadcast allows users to group will promote the most outstanding GL or user-node. know when a document has been shared and can be used in By promoting user-nodes to LLs, group restructuring is future queries. minimized. On the other hand, promoting GLs to LLs allow File Queries: File queries search the network for shared for faster node comparisons at the cost of forcing the chosen files that satisfy the criteria in the query message. GL’s group to restructure to find a replacement GL. Each A user-node who initializes or receives a query sends the LL of a leader-group must be connected to all of the same query to either another random user-node in the same group GLs and LLs of other leader-groups for the stability of the or to one of the GLs based on a random roll. If the roll is network and the ability of LLs to reliably take part in the within the user’s forward threshold, the user-node will send reputation scheme. the message to another, random user-node. If a user-node Leader-groups may be disbanded when the number of received the same query twice, it will forward the query to groups serviced by a leader-group becomes small. In this a GL if a repeated query is not from a GL. If a user-node case, the leader-groups will pass on the responsibility of receives a query from a GL, it searches for the file locally serving its groups to other leader-groups. This should in- and does not forward the query any further. crease the number of potential query hits since groups are As an example, let node A represent a user-node making a guaranteed to interact with more groups and their members. query and where node B is the next hop. Both nodes reside in group G1. User-node A will send a message in the following 3.3 Key Distribution and Use format to node B: Several generated keys are exchanged to protect from ESG1[” FQ”||QID || Search String] eavesdropping, user impersonation, transfer verification, and forwarding receipts. It is assumed that every node in WARP When a query is exchanged between a GL and a LL, the Net has its own private-public key pair. Let (Pri, Pui)bethe group’s symmetric key is used if they both belong to the private-public key pair of a node with ID i. This key pair is same group. If not, the contents of the message is encrypted used for identification verification and signing receipts. in a symmetric key generated by the GL’s and the LL’s Each node must also keep a group private-public key pair group public key. ”FQ” is the message identifier notifying (Pr Gi, PuGi) where the node is a member of a group Gi. the message is a file query. The symbol || represents string The group key pair is generated by the group creator and concatenation. QID is the query identification number. It is is shared among group members. This is done by either generated by taking the hash value of the current time stamp, the creator exchanging the keys directly with each group the sender’s user ID, the search string, and a large random member, through invitations, or by posting the keys securely number. The label ”search string” is the file search criteria on the group’s server. each user will use to find files to satisfy the query. The bootstrap server receives and stores all group and user Query Hits: Once a node receives a file query, it will identification public keys to issue key certificates by using search its local machine for a file that meets the search’s the bootstrap’s private-public key pair (PrBoot, PuBoot). criteria and if a match is found, a query hit message is The key exchange occurs when a node or group enters the generated. Each node uses the query table to know who network though this system entry point for the first time or to forward a query hit to in order for the response to reach regenerates its key pair. the query author. This query table is a history of all queries Int'l Conf. Security and Management | SAM'15 | 161

which is stored locally. Once the hit traverses the complete not have the requested file in its shared files, it will forward reverse path, the query author should forward the hit to a the request to another group member who will perform the random group-member to create deniability. Let node A be same search. the query author, let node B be the node forwarding the hit ESG1[" FR"|| HID|| FRID || IP:PortMM || File Hash || File to A, and node X be the hit source who resides in group Offset|| File Length] G2. If node A forwards the hit to another node C, B cannot determine if A is the query author. Node C should continue Above is the message for a file request. It represents the the forwarding chain until a node has received the message message transferred from A to the next node in the path to twice or the forwarding probability has not been satisfied. X ."FR" is a file request identifier. HID is the received hit ID. FRID is the file request identification used to distinguish ESG2[”QH”|| QID|| HID || GroupIDX || IP:PortMM || File file requests. IP:PortMM is the IP and port number of the Info || SIGPrG2(H(File Info))] middle-man of the file source’s group. File Hash is the hash Above is the initial file hit the hit source will send of the requested file to be transmitted. File Offset is the transmit. ”QH” is the query hit identifier. QID is the query beginning offset of the requested file’s segment. File Length ID this hit message is replying to. HID is the hit ID which is is the distances from the offset to the requested file segment generated by taking the hash value of the current time stamp, length. the sender’s user ID, file information, and a large random File forwarding takes place when the hit source receives number. GroupIDX is the group ID of the hit source. This a file request that matches his query response. Here, the ID is used to identify where query hits and file transfers hit source X will forward the requested file fragment in the originate from. Following the group ID is the IP and port of reverse path back for the file request to the query source a middle-man that leads to the transfer of the requested file. A. An example message is below. ”FF” is the file forward Middle-men are nodes that act as a direct link between two identifier. FRID is the same FRID as the file request. File groups to exchange files. When a node returns a query hit, Info represents the hash, and the file offset and length of the he selects a fellow group member to be a liaison between fragment. Next is the hash of the file information signed in his group and that of the query author. Middle-men allow the hit author’s group private key, followed by the fragment query authors to bypass a potentially long chain of hops to data of the actual requested portion of the file. issue a file request to the hit author. Now a direct connection ESG2[”FF”|| FRID || File Info || SIGPrG2( H(File Info)) between the two groups can be established which should ||Fragment Data] result in file requests reaching hit authors faster. The middle-man address is followed by the file informa- 3.5 Disconnections tion containing the file name, file description, file offset and length, hash, and other vital information in regard to the Because all user-nodes of a group are connected to each file. The message is concluded with the group’s signature other, the problem of disconnections is concerned with of the hashed value of same file information. The signature repairing path gaps of queries and file transfers. This repair is used to verify that the message came from the specified is done by using receipts forwarded to nodes away to redirect group. When the message is exchanged between two non- messages over the gap. For instance, if a query traveled from group members, the contents of the message are re-encrypted A to B then to C and node B disconnects some time after B using the symmetric key generated by both group’s public forwarded C’s receipt. Node A can send CC’s forwarded keys. receipt to signify that A is the next hop after B. Now all hit messages will be routed to A, repairing the gap. As stated File Requests: Once a query hit has been returned to earlier, GL or LL disconnects are handled by promoting the query author A, a file request can be performed. To outstanding nodes to higher positions. The promoted nodes protect A’s identity, A has the option to connect to the will receive network updates by their fellow GLs or LLs. middle-man directly or ask another user-node in the group to connect on its behalf. If the request is forwarded to another group member, that node has the option to connect to the 4. Data Analysis middle-man directly or forward the request again. Similar To simulate the unique features of WARP Net, a new to forwarding file queries, this decision to connect to the P2P simulator was designed and implemented, WARP-Sim. middle-man or forward the request is base on a forward WARP-Sim is a discrete event simulator witten in Java and probability. It is essential that the number of forwards is low is used to monitor the network behavior and feasibility of since long chains from a file query author to the hit author the system. For these feasibility tests, encryption is not will create noticeable delays in the file transfer. Once a node performed during the simulation and nodes joining and from A’s group connects to the middle-man of X’s group leaving the network are not simulated. Future research will specified in the hit message, the middle man will connect to analyze fault tolerance and encryption delays in WARP a user-node W in its group and request the file. If W does Net. The simulator pre-configured the network with node 162 Int'l Conf. Security and Management | SAM'15 |

placement and their web of interconnectivity. Each simulated uploads attempted, 2,729 downloads completed, and 19,175 node possesses characteristics such as available bandwidth file fragments transferred among hops and query authors. and listing of shared files. File Transfer and Bandwidth Statistics: Even though B. Experiment 1: Initial Performance the average bandwidth for each node was 78.05 KB/s, the 4.1 average download speed was 7.06 KB/s. This download Evaluation speed was the average transfer rate from the last hop to WARP Net was simulated using WARP-Sim for 10 runs the file request author. It took an average of 701.19 seconds to determine the average system statistics. 10 runs were for a node to receive a file after issuing a file request. This performed because there are a number of random variations delay is the time needed for each hop to receive the file plus per simulation run. Each run simulated the P2P network the time for locating the file’s source. Finally, the system for 3600 simulated seconds with 4,000 nodes processing used less than 21% of its bandwidth for all interactions. messages and interacting with each other. Of these 4,000 nodes, 200 groups were formed with 20 group members 4.3 Experiment 2: Group-Size Reduction each. A 5:1 ratio of user-nodes to GL was used. In addition, After noticing the delay the hops place on file transfers, each leader-group was assigned to oversee 3 groups where another experiment was executed where the size of groups each leader-group was comprised of the 3 fastest group- was decreased from 20 to 10 nodes and assigned a GL for members. LLs are the only nodes prohibited to make file every three user-nodes. All other simulation settings were requests and share files to ease the large workload of kept the same as the first experiment. message forwarding and group-governing expected of these Experiment 2 produced a faster average file transfer speed leaders. of 9.30 KB/s than experiment 1. Also, the average time The method of assigning bandwidth and number of shared needed from file request to download was 664.17 seconds, files for each node were comprised of the findings in [20], 37.02 seconds faster than experiment 1’s. [21]. 70% of all nodes had high-speed Internet connections. Of those nodes, 90% had broad-band connections and 10% 4.4 Experiment 3: Increased Hop Probability had T1 or T3 connections. Of the 30% dial-up nodes, with Group-Size Reduction 60% possessed 33.6-56kbps connections, 15% possessed 64- 128kbps connections, and 25% used 14.4-28.8kbps connec- Experiment 2 showed that file transfer speeds could be tions. increased with smaller groups since there are less nodes to The number of shared files was determined by the band- provide cover. These increased speeds were at the cost of width, as influenced by the results in [21]. The dial-up nodes fewer nodes receiving queries due to the average amount had a 20% chance of sharing no files, 60% probability of of hops set to 5. To remedy this, a third experiment was sharing between 0 and 100 files, 14% chance of sharing devised, this time increasing the hop average to 6. All other between 100 and 1,000 files, and a 6% chance of sharing settings were left the same as experiment 2. Of the 514, 797 1,000 to 10,000 files. The high-speed nodes had a 10% file searches from the 2,500 file queries, there were 275, chance of sharing no files, 60% chance of sharing 0 to 100 511 hits. On average, 7.26 seconds were needed for the first files, 24% chance of sharing 100 to 1,000 files, and 6% query hit to make its way back to the query author. The chance of sharing 1,000 to 10,000 files. query authors saw an average download speed of 11.3 KB/s 2,500 file queries were processed randomly throughout and waited 183.79 seconds for each file. the simulated time. Each node was given an equally-likely chance of making any query at any time. Each query averaged 5 hops. For 20 percent of all query hits returned, the query author produced a reputation query for the hit source’s group and waited 60 seconds to receive the group’s rating. If the group’s rating is greater than or equal to 0 then the query author would issue a file request for the file returned in the hit. Also, all file requests sought a 1 MB fragment of the queried file. The forward probability was 50%. 4.2 Experiment 1 Results Search Results: Of the 2,500 file requests, approximately 225,422 hits were generated from 404,304 file queries, with about 224,828 of them reaching the file query author. The average time for the first query hit was 7.11 seconds. These Fig. 2: File Transfer Rates with WARP Net vs. FreeNet query hits spawned 40,260 file requests resulting in 30,935 Int'l Conf. Security and Management | SAM'15 | 163

5. Discussion network exploitation. The reputation method will improve network security by introducing policing within the group to WARP-Sim was designed to compare WARP Net with identify malicious files and users. Finally, WARP Net’s abil- Freenet. Because Freenet and WARP Net are different in ity to serve as an anonymous whistle-blowing and document- functionality, file transfers and bandwidth utilization are the sharing network will be demonstrated with the presence of most comparable metrics of the two systems. Figure 2 shows realistic security vulnerabilities and malicious users. the average file transfer speeds between Freenet and WARP Net. Freenet’s simulation averaged download speeds to be between 9.7 KB/s for the nodes with fast internet connects References and 6.2 KB/s for dial-up nodes. With an average download [1] T. N. Y. T. E. Board, “Edward snowden, whistle-blower,” Jan. 2014. [2] E. M. Glenn Greenwald and L. Poitras, “Edward snowden: the speed of 7.1 KB/s in experiment 1, 9.3 KB/s in experiment whistleblower behind the nsa surveillance revelations,” June 2013. 2, and 11.29 KB/s in experiment 3, WARP Net’s file transfer [3] J. Tate, “Bradley manning sentenced to 35 years in wikileaks case,” speeds are comparable with Freenet’s. With about 70% of all Aug. 2013. [4] J. P. Near and M. P. Miceli, “Retaliation against whistle blowers: nodes in the simulation of Freenet having high speed Internet Predictors and effects.,” Journal of Applied Psychology, vol. 71, no. 1, connections, one can deduce that an average file transfer p. 137, 1986. speed of both fast and slow nodes is 8.65 KB/s. Compared to [5] J. Rothschild and T. D. Miethe, “Whistle-blower disclosures and management retaliation the battle to control information about organization this average, WARP Net outperforms the simulated Freenet corruption,” Work and occupations, vol. 26, no. 1, pp. 107–128, 1999. by 30.5%. Freenet’s bandwidth utilization for both download [6] S. Saroiu, K. P. Gummadi, and S. D. Gribble, “Measuring and ana- and upload combined averaged 4.98% usage, where WARP lyzing the characteristics of napster and gnutella hosts,” Multimedia systems, vol. 9, no. 2, pp. 170–184, 2003. Net’s nodes used 20% in experiment 1, 14% in experiment [7] N. Leibowitz, M. Ripeanu, and A. Wierzbicki, “Deconstructing the 2, and 17% in experiment 3. It is gathered that WARP kazaa network,” in Internet Applications. WIAPP 2003. Proceedings. Net’s load on bandwidth utilization is because nodes are The Third IEEE Workshop on, pp. 112–120, IEEE, 2003. [8] J. Liang, R. Kumar, and K. W. Ross, “Understanding kazaa,” processing more system functions such as the addition of Manuscript, Polytechnic Univ, p. 17, 2004. interaction receipts than Freenet. [9] G. S. Moohr, “Crime of copyright infringement: An inquiry based on It is concluded that because WARP Net is able to distribute morality, harm, and criminal theory, the,” BUL Rev., vol. 83, p. 731, 2003. files with a faster transfer rate than the established Freenet [10] R. Stern, “Napster: a walking copyright infringement?,” Micro, IEEE, and the query routing has resulted in fast responses, WARP vol. 20, no. 6, pp. 4–5, 2000. Net is a feasible P2P system for exchanging documents. The [11] D. Lichtman and W. Landes, “Indirect liability for copyright infringement: an economic perspective,” Harv. JL & Tech., vol. 16, p. 395, largest influence on file transfer rates is the number of hops 2002. between queries and resulting data transfers. [12] S. Goel, P. Miesing, and U. Chandra, “The impact of illegal peer- to-peer file sharing on the media industry,” California Management Review, vol. 52, no. 3, pp. 6–33, 2010. 6. Conclusion [13] I. Clarke, O. Sandberg, B. Wiley, and T. W. Hong, “Freenet: A distributed anonymous information storage and retrieval system,” in In this paper, WARP Net, an anonymous, friend-to-friend Designing Privacy Enhancing Technologies, pp. 46–66, Springer, P2P whistle-blowing and document-sharing network was 2001. [14] K. Bennett, C. Grothoff, T. Horozov, I. Patrascu, and T. Stef, “Gnunet- described in detail. The architecture and routing protocol is a truly anonymous networking infrastructure,” in In: Proc. Privacy secure due to the necessity of all nodes exchanging encrypted Enhancing Technologies Workshop (PET, Citeseer, 2002. messages and its use of a web-of-trust to establish peer [15] R. Dingledine, M. J. Freedman, and D. Molnar, “The free haven project: Distributed anonymous storage service,” in Designing Privacy associations. The anonymity of nodes is enforced through the Enhancing Technologies, pp. 67–95, Springer, 2001. notion of hop making, using nodes in the network as cover [16] T. Project, “Tor project: Anonymity online,” Apr. 2015. to allow for deniability for network activity. Experiments [17] A. A. Gostev, A. V. Nikishin, I. I. Soumenkov, and R. V. Rybalko, “System and method for malware detection in peer-to-peer computer compared the proposed network to Freenet, an established networks,” July 9 2013. US Patent 8,484,347. anonymous P2P network with similar characteristics. Results [18] H. Koo, Y. Lee, K. Kim, B.-h. Roh, and C. Lee, “A ddos attack by have determined that data transfer rates perform comparable flooding normal control messages in kad p2p networks,” in Advanced Communication Technology (ICACT), 2012 14th International Con- to the standard Freenet configuration when WARP Net has ference on, pp. 213–216, IEEE, 2012. a high data hop probability. When optimized, WARP Net [19] B. Schneier, “How the nsa attacks tor/firefox users with quantum and possesses significantly faster data transfer rates than its foxacid,” Oct. 2013. [20] A. G. H. Skogh, J. Haeggstrom and R. Ayani, “Fast freenet: Improving competitor. freenet performance by preferential partition routing and file mesh Future work will validate WARP Net’s ability to withstand propagation,” Cluster Computing and the Grid Workshops, 2006. common security vulnerabilities, incorporate a group-based [21] P. G. S. Saroiu and S. Gribble, “A measurement study of peer-to-peer file sharing systems,” Multimedia Computing and Networking, 2002. reputation scheme into the overlay network, and further examine the whistle-blowing dimensions of the system. The security validation will analyze WARP Net’s ability to protect user identity and withstand man-in-the-middle attacks, malicious and corrupted data propagation, and computer