DOCSLIB.ORG

Methods for Secure Decentralized Routing in Open Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Methods for Secure Decentralized Routing in Open Networks Technische Universit¨at M¨unchen Lehrstuhl f¨urNetzarchitekturen und Netzdienste Methods for Secure Decentralized Routing in Open Networks Nathan S. Evans Vollst¨andigerAbdruck der von der Fakult¨atf¨urInformatik der Technischen Universit¨atM¨unchen zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Prof. Dr. Thomas Neumann Pr¨uferder Dissertation: 1. Christian Grothoff, Ph.D (UCLA) 2. Professor Mikhail J. Atallah 3. Univ.-Prof. Dr. Thomas Huckle Die Dissertation wurde am 22. Juni 2011 bei der Technischen Unversit¨atM¨unchen eingereicht und durch die Fakult¨atf¨ur Informatik am 10. August 2011 angenommen. ABSTRACT The contribution of this thesis is the study and improvement of secure, de- centralized, robust routing algorithms for open networks including ad-hoc networks and peer-to-peer (P2P) overlay networks. The main goals for our secure routing algorithm are openness, efficiency, scalability and resilience to various types of attacks. Common P2P routing algorithms trade-off decen- tralization for security; for instance by choosing whether or not to require a centralized authority to allow peers to join the network. Other algorithms trade scalability for security, for example employing random search or flood- ing to prevent certain types of attacks. Our design attempts to meet our security goals in an open system, while limiting the performance penalties incurred. The first step we took towards designing our routing algorithm was an analysis of the routing algorithm in Freenet. This algorithm is relevant be- cause it achieves efficient (order O(log n)) routing in realistic network topolo- gies in a fully decentralized open network. However, we demonstrate why their algorithm is not secure, as malicious participants are able to severely disrupt the operation of the network. The main difficulty with the Freenet routing algorithm is that for performance it relies on information received from untrusted peers. We also detail a range of proposed solutions, none of which we found to fully fix the problem. A related problem for efficient routing in sparsely connected networks is the difficulty in sufficiently populating routing tables. One way to improve connectivity in P2P overlay networks is by utilizing modern NAT traversal techniques. We employ a number of standard NAT traversal techniques in our approach, and also developed and experimented with a novel method for NAT traversal based on ICMP and UDP hole punching. Unlike other NAT traversal techniques ours does not require a trusted third party. Another technique we use in our implementation to help address the connectivity problem in sparse networks is the use of distance vector routing in a small local neighborhood. The distance vector variant used in our system employs onion routing to secure the resulting indirect connections. Materially to this design, we discovered a serious vulnerability in the Tor protocol which allowed us to use a DoS attack to reduce the anonymity of the users of this extant anonymizing P2P network. This vulnerability is based on allowing paths of unrestricted length for onion routes through the network. Analyzing Tor and implementing this attack gave us valuable ii Abstract knowledge which helped when designing the distance vector routing protocol for our system. Finally, we present the design of our new secure randomized routing al- gorithm that does not suffer from the various problems we discovered in previous designs. Goals for the algorithm include providing efficiency and robustness in the presence of malicious participants for an open, fully decen- tralized network without trusted authorities. We provide a mathematical analysis of the algorithm itself and have created and deployed an imple- mentation of this algorithm in GNUnet. In this thesis we also provide a detailed overview of a distributed emulation framework capable of running a large number of nodes using our full code base as well as some of the challenges encountered in creating and using such a testing framework. We present extensive experimental results showing that our routing algorithm outperforms the dominant DHT design in target topologies, and performs comparably in other scenarios. Abstract iii Acknowledgments Chapter2 is based on work previously presented at ACSAC 2007 [59], and was extended into the author's master thesis [57]. The work presented in Chapter3 was published at P2P 2010 [122]. Chapter4 is strongly based on our paper published at Usenix Security 2009 [58]. Chapter6 is a longer version of a workshop publication published at CSET'11 [60]. Chapter7 contains material which was, at the time of this writing, accepted for pub- lication at NSS 2011 [56]. This research was supported in part by the NLnet Foundation from the Netherlands (http://nlnet.nl/), under NSF Grant No. 0416969 and by the Deutsche Forschungsgemeinschaft (DFG) under ENP GR 3688/1-1. I would like to thank my advisor, Christian Grothoff, for his guidance and patience throughout the course of my graduate career. Additionally, I would like to thank other co-authors and contributors to my research ef- forts. Specifically, Chris GauthierDickey was instrumental in the research which led to [59]. Roger Dingledine provided key insight into Tor and asked excellent questions which made the work presented in [58] that much more applicable to the real world. Samy Kamkar came up with the initial tech- nique presented in [122], and Andreas M¨ullerprovided the testbed upon which our implementation was evaluated on real world NATed networks. Without the ideas, critical evaluation and writing skills of these individuals none of this research would have been possible. Special thanks are due to Ramki Thurimella and Krista Grothoff for their \behind the scenes" efforts which have contributed both to the quality (and understandability) of the research presented in this thesis, and to my personal growth throughout the course of my graduate career. In particular, Ramki has often provided me with valuable advice on papers, presentations and more. Krista has tirelessly put up with bad writing and edited countless documents without remuneration. I am unable to thank Katie Haus enough for her unending support and encouragement in all aspects of my life throughout the course of this re- search. She has shown patience, creativity and resolve; at times providing solace, acting as muse, and even doing the dirty work of editing documents. Many of the figures throughout this thesis have her touch, and she is also very good at math! iv Abstract TABLE OF CONTENTS 1. Introduction ::::::::::::::::::::::::::::: 1 1.1 Network Environment . .2 1.1.1 Network Address Translation (NAT) . .3 1.1.2 Domain Name System (DNS) . .4 1.1.3 Public Key Infrastructure . .4 1.1.4 Trust Agility . .6 1.1.5 Summary . .6 1.2 Peer-to-Peer (P2P) Networks . .6 1.2.1 Centralized P2P . .7 1.2.2 Pure P2P . .8 1.2.3 Super-peer P2P . .8 1.3 Design Goals . .9 1.4 Methodology . 12 1.5 Summary and Overview . 13 2. Routing in the Dark: Pitch Black ::::::::::::::: 15 2.1 Introduction . 15 2.2 Related Work . 16 2.2.1 Distributed hash tables . 16 2.2.2 Small-World networks . 17 2.3 Freenet's \darknet" routing algorithm . 18 2.3.1 Network creation . 18 2.3.2 Operational overview . 19 2.3.3 Location swapping . 19 2.3.4 Content Storage . 21 2.3.5 Example . 21 2.4 Security Analysis . 23 2.4.1 Active Attack . 24 2.4.2 Natural Churn . 25 2.5 Experimental Results . 27 2.5.1 Distribution of Node Locations . 29 2.5.2 Routing Path Length . 32 2.5.3 Availability of Content . 35 2.5.4 Other Topologies . 38 2.6 Simulation of Churn . 41 2.7 Discussion . 43 vi Table of Contents 2.8 Conclusion . 45 3. Autonomous NAT Traversal ::::::::::::::::::: 47 3.1 Introduction . 47 3.2 Technical Approach . 48 3.2.1 NAT-to-NAT Communication . 50 3.2.2 Using UDP packets instead of ICMP ECHO REQUESTs 50 3.3 Implementations . 51 3.3.1 Implementation in NAT-Tester Framework . 51 3.3.2 Implementation in pwnat tool . 52 3.3.3 Implementation in the GNUnet Framework . 52 3.4 Experimental Results . 53 3.5 Discussion . 54 3.6 Conclusion . 54 4. A Practical Congestion Attack on Tor Using Long Paths : 55 4.1 Introduction . 55 4.2 Related Work . 56 4.2.1 Tor . 57 4.2.2 Attacks on Tor and other Mixes . 57 4.3 Our Attack . 60 4.3.1 JavaScript Injection . 61 4.3.2 Impact of Congestion on Arrival Times . 63 4.3.3 Statistical Evaluation . 65 4.3.4 Congestion Attack . 66 4.3.5 Optimizations . 67 4.4 Experimental Results . 68 4.5 Proposed Solutions . 80 4.6 Low-cost Traffic Analysis Failure Against Modern Tor . 85 4.7 Conclusion . 93 5. Fish-eye Bounded Distance Vector Protocol ::::::::: 95 5.1 Fish-eye and Zone Routing Protocols . 95 5.2 Implementation . 96 5.3 Distance Vector Service . 98 5.4 Message Example . 98 5.5 Neighborhood Size Estimate . 99 5.6 Distance Vector for Onion Routing . 101 5.7 FBDV Caveats: Onion Routing Without Anonymity . 102 5.8 Conclusion . 105 Table of Contents vii 6. Large-Scale Distributed Emulation of P2P Protocols ::: 107 6.1 Introduction . 107 6.2 Design Goals . 108 6.3 Related Work . 109 6.3.1 Simulation . 110 6.3.2 Emulation . 110 6.3.3 Combining Simulation and Emulation . 111 6.4 The GNUnet P2P Framework . 111 6.5 The Emulation Library . 112 6.5.1 Executing Experiments . 113 6.5.2 Peer Life Cycle . 113 6.5.3 Peer Group Life Cycle . 114 6.5.4 Topology . 115 6.6 Lessons Learned . 116 6.6.1 Cryptography . 117 6.6.2 Execution time . 118 6.6.3 Latency . 118 6.6.4 Sockets .
Load more

Recommended publications
  • Distributed Deep Learning in Open Collaborations
    Distributed Deep Learning In Open Collaborations Michael Diskin∗y~ Alexey Bukhtiyarov∗| Max Ryabinin∗y~ Lucile Saulnierz Quentin Lhoestz Anton Sinitsiny~ Dmitry Popovy~ Dmitry Pyrkin~ Maxim Kashirin~ Alexander Borzunovy~ Albert Villanova del Moralz Denis Mazur| Ilia Kobelevy| Yacine Jernitez Thomas Wolfz Gennady Pekhimenko♦♠ y Yandex, Russia z Hugging Face, USA ~ HSE University, Russia | Moscow Institute of Physics and Technology, Russia } University of Toronto, Canada ♠ Vector Institute, Canada Abstract Modern deep learning applications require increasingly more compute to train state-of-the-art models. To address this demand, large corporations and institutions use dedicated High-Performance Computing clusters, whose construction and maintenance are both environmentally costly and well beyond the budget of most organizations. As a result, some research directions become the exclusive domain of a few large industrial and even fewer academic actors. To alleviate this disparity, smaller groups may pool their computational resources and run collaborative experiments that benefit all participants. This paradigm, known as grid- or volunteer computing, has seen successful applications in numerous scientific areas. However, using this approach for machine learning is difficult due to high latency, asymmetric bandwidth, and several challenges unique to volunteer computing. In this work, we carefully analyze these constraints and propose a novel algorithmic framework designed specifically for collaborative training. We demonstrate the effectiveness of our approach for SwAV and ALBERT pretraining in realistic conditions and achieve performance comparable to traditional setups at a fraction of the cost. arXiv:2106.10207v1 [cs.LG] 18 Jun 2021 Finally, we provide a detailed report of successful collaborative language model pretraining with 40 participants. 1 Introduction The deep learning community is becoming increasingly more reliant on transfer learning.
    [Show full text]
  • Developing P2P Protocols Across NAT Girish Venkatachalam
    Developing P2P Protocols across NAT Girish Venkatachalam Abstract Hole punching is a possible solution to solving the NAT problem for P2P protocols. Network address translators (NATs) are something every software engineer has heard of, not to mention networking professionals. NAT has become as ubiquitous as the Cisco router in networking terms. Fundamentally, a NAT device allows multiple machines to communicate with the Internet using a single globally unique IP address, effectively solving the scarce IPv4 address space problem. Though not a long-term solution, as originally envisaged in 1994, for better or worse, NAT technology is here to stay, even when IPv6 addresses become common. This is partly because IPv6 has to coexist with IPv4, and one of the ways to achieve that is by using NAT technology. This article is not so much a description of how a NAT works. There already is an excellent article on this subject by Geoff Huston (see the on-line Resources). It is quite comprehensive, though plenty of other resources are available on the Internet as well. This article discusses a possible solution to solving the NAT problem for P2P protocols. What Is Wrong with NAT? NAT breaks the Internet more than it makes it. I may sound harsh here, but ask any peer-to-peer application developer, especially the VoIP folks, and they will tell you why. For instance, you never can do Web hosting behind a NAT device. At least, not without sufficient tweaking. Not only that, you cannot run any service such as FTP or rsync or any public service through a NAT device.
    [Show full text]
  • Technology Stack for Decentralized Mobile Services
    Technology Stack for Decentralized Mobile Services Matouš Skála Technology Stack for Decentralized Mobile Services by Matouš Skála to obtain the degree of Master of Science at the Delft University of Technology, to be defended publicly on Monday August 31, 2020 at 3:00 PM. Student number: 4893964 Project duration: November 15, 2019 – August 31, 2020 Thesis committee: Dr.ir. J.A. Pouwelse, TU Delft, supervisor Dr. J.S. Rellermeyer, TU Delft Dr. N. Yorke-Smith, TU Delft An electronic version of this thesis is available at http://repository.tudelft.nl/. Preface When I was choosing my thesis topic, I originally came up with an idea of designing a decen- tralized social network. After realizing how ambitious that goal was, I later decided to focus on more fundamental issues first and create a library that would allow for building any de- centralized applications, running purely on an overlay network consisting of smartphones. Rather than reinventing the wheel, I took inspiration from an existing networking library de- veloped at TU Delft over the last decade and created its wire-compatible implementation in Kotlin. Interestingly, in the end, I have even implemented a trivial social network to demon- strate the usage of the library, returning back to the original idea. I would like to thank my supervisor Johan Pouwelse for an endless stream of fresh ideas and valuable feedback, and to PhD students of the Delft Blockchain Lab for numerous coffee meetings and for serving me as a walking documentation of the existing codebase. Matouš Skála Prague,
    [Show full text]
  • Technical Report Sce-12-04 Nat Traversal in Peer-To
    TECHNICAL REPORT SCE-12-04 DEPARTMENT OF SYSTEMS AND COMPUTER ENGINEERING CARLETON UNIVERSITY NAT TRAVERSAL IN PEER -TO -PEER ARCHITECTURE Marc-André Poulin¹, Lucas Rioux Maldague¹, Alexandre Daigle¹, François Gagnon² 1 Cégep de Sainte-Foy, Canada [email protected] , [email protected] , [email protected] 2 Carleton University, Canada [email protected] Abstract. Peer-to-peer networks are well known for file sharing between multiple computers. They establish virtual tunnels between computers to transfer data, but NATs makes it harder. A NAT, Network Address Translation , is a process which transforms private IP addresses, such as 192.168.2.1, into public addresses, such as 203.0.113.40. The idea is that multiple private addresses can hide behind a single public address and thus virtually enlarge the number of allocable public IP addresses. When an application in the local network establishes a connection to Internet, the packet passes through the NAT which adjusts the IP header and maps an external port to the computer which sent the request. When packets are received from the Internet by the NAT, they are forwarded to the internal host which is mapped to the port on which the packet was received, or dropped if no mapping exists. In this paper, we will introduce you to NAT and P2P, we will discuss the numerous ways NATs use to translate private IP addresses into public ones, we will discuss known techniques used to fix the problem and we will also present how popular peer-to-peer programs bypass NATs. This paper is written so anybody with a reasonable knowledge of networking would grasp the essentials.
    [Show full text]
  • A Framework for Multi- Channel Telecommunication Applied to Telecare Application
    Master Thesis A Framework for Multi- Channel Telecommunication Applied to TeleCare Application Author: Yifan Ruan Supervisor: Danny Weyns Examiner: Danny Weyns Date: 2015-6-4 Course Code: 5DV00E, 30 credits Subject: Software Technology Level: Master Department of Computer Science Abstract This thesis is deriving from a telemedicine project "TeleCare" of constructing soft- ware for remote medical diagnosis between the doctor and the patient. The software has to fix the problem of managing local and remote media information. This thesis presents a telecommunication framework for synchronizing multiple media chan- nels, following research methodology, from problem description, iterative and incre- mental development to prototype finalization. For the framework, I have described the framework requirements and corresponding architecture design and implemen- tation. From the evaluation result of "TeleCare" software developed above it, I can conclude the framework has reached the problem. Keywords: framework, communication, synchronization, channel Preface Nowadays, the population of elderly people is growing fast around the world. So It is a nice idea to provide better social care with assistive technologies, such as "TeleCare" soft- ware. With "TeleCare", the patient and the doctor can communicate with each other like face-to-face meeting. In addition, with some state-of-the-art device, touchscreen monitor, they can express themselves through drawing on the screen. For example, the doctor can draw an arrow representing the patient should raise his arm to a certain height, and the patient can follow the instruction when seeing it on his screen. Image a scenario that if an elderly person lives far away from the hospital, one day he broke his leg, it was inconve- nient for him to go to hospital for reexamination again and again.
    [Show full text]
  • Project-Team GRAND-LARGE
    IN PARTNERSHIP WITH: CNRS Université Paris-Sud (Paris 11) Université des sciences et technologies de Lille (Lille 1) Activity Report 2011 Project-Team GRAND-LARGE Global parallel and distributed computing IN COLLABORATION WITH: Laboratoire d’informatique fondamentale de Lille (LIFL), Laboratoire de recherche en informatique (LRI) RESEARCH CENTER Saclay - Île-de-France THEME Distributed and High Performance Computing Table of contents 1. Members :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2. Overall Objectives :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2.1. Grand-Large General Objectives1 2.2. Highlights 2 3. Scientific Foundations :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::2 3.1. Large Scale Distributed Systems (LSDS)2 3.1.1. Computing on Large Scale Global Computing systems3 3.1.2. Building a Large Scale Distributed System4 3.1.2.1. The resource discovery engine4 3.1.2.2. Fault Tolerant MPI4 3.2. Volatility and Reliability Processing5 3.3. Parallel Programming on Peer-to-Peer Platforms (P5)6 3.3.1. Large Scale Computational Sciences and Engineering7 3.3.2. Experimentations and Evaluations7 3.3.3. Languages, Tools and Interface8 3.4. Methodology for Large Scale Distributed Systems8 3.4.1. Observation tools8 3.4.2. Tool for scalability evaluations9 3.4.3. Real life testbeds: extreme realism9 3.5. High Performance Scientific Computing9 3.5.1. Communication avoiding algorithms for numerical linear algebra 10 3.5.2. Preconditioning techniques 10 3.5.3. Fast linear algebra solvers based on randomization 10 3.5.4. Sensitivity analysis of linear algebra problems 11 4. Application Domains :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::11 4.1. Building a Large Scale Distributed System for Computing 11 4.2. Security and Reliability of Network Control Protocols 11 4.3.
    [Show full text]
  • CS 3700 Networks and Distributed Systems
    CS 3700 Networks and Distributed Systems Lecture 18: Peer-to-Peer Systems Revised 3/23/13 2 Outline ❑ Peer-to-Peer Overview ❑ Example: Bittorrent ❑ µTP: Micro Transport Protocol ❑ Cheating on BitTorrent Traditional Internet Services Model 3 Client-server ! Many clients, 1 (or more) server(s) ! Web servers, DNS, file downloads, video streaming Problems ! Scalability: how many users can a server support? ■ What happens when user traffic overload servers? ■ Limited resources (bandwidth, CPU, storage) ! Reliability: if # of servers is small, what happens when they break, fail, get disconnected, are mismanaged by humans? ! Efficiency: if your users are spread across the entire globe, how do you make sure you answer their requests quickly? The Alternative: Peer-to-Peer 4 A simple idea ! Users bring their own resources to the table ! A cooperative model: clients = peers = servers The benefits ! Scalability: # of “servers” grows with users ■ BYOR: bring your own resources (storage, CPU, B/W) ! Reliability: load spread across many peers ■ Probability of them all failing is very low… ! Efficiency: peers are distributed ■ Peers can try and get service from nearby peers The Peer-to-Peer Challenge 5 What are the key components for leveraging P2P? ! Communication: how do peers talk to each other ! Service/data location: how do peers know who to talk to New reliability challenges ! Network reachability, i.e. dealing with NATs ! Dealing with churn, i.e. short peer uptimes What about security? ! Malicious peers and cheating ! The Sybil attack Centralized
    [Show full text]
  • Peer-To-Peer Communication Across Network Address Translators
    Peer-to-Peer Communication Across Network Address Translators Bryan Ford Pyda Srisuresh Massachusetts Institute of Technology Caymas Systems, Inc. [email protected] [email protected] Dan Kegel [email protected] J'fais des trous, des petits trous: : : toujours des petits trous - S. Gainsbourg Abstract Network Address Translation (NAT) causes well-known difficulties for peer-to-peer (P2P) communication, since the peers involved may not be reachable at any globally valid IP address. Several NAT traversal techniques are known, but their documentation is slim, and data about their robustness or relative merits is slimmer. This paper documents and analyzes one of the simplest but most ro- bust and practical NAT traversal techniques, commonly known as “hole punching.” Hole punching is moderately well-understood for UDP communication, but we show how it can be reliably used to set up peer-to-peer TCP streams as well. After gathering data on the reliability of this technique on a wide variety of deployed NATs, we find that about 82% of the NATs tested support hole punching for UDP, and about 64% support hole punching for TCP streams. As NAT vendors become increasingly Figure 1: Public and private IP address domains conscious of the needs of important P2P applications such as Voice over IP and online gaming protocols, support for hole punching is likely to increase in the future. can be easily contacted from anywhere in the network, because only they have unique, globally routable IP ad- 1 Introduction dresses. Nodes on private networks can connect to other The combined pressures of tremendous growth and mas- nodes on the same private network, and they can usually sive security challenges have forced the Internet to evolve open TCP or UDP connections to “well-known” nodes in ways that make life difficult for many applications.
    [Show full text]
  • ICMP Hole Punching, TCP Hole Punching, UDP Hole Punching
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP Hole Punching Ms. Pooja Pemare ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract— Hole punching (or in some cases punch-through) two customers shows the culmination of an opening is a strategy in PC organizing for setting up an immediate punching strategy. association between two gatherings in which one or both are behind firewalls or behind switches that utilization of Examples of Hole punching: network address translation (NAT). To punch an opening, every customer associate with an unlimited outsider server VoIP products, online gaming applications, and P2P that incidentally stores outer and inner location and port networking software all use hole punching. data for every customer. The server at that point transfers every customer's data to the next, and utilizing that data Telephony programming Skype utilizes every customer attempt to build up direct association; opening punching to permit clients to because of the associations utilizing legitimate port speak with at least one clients discernibly. numbers, prohibitive firewalls or switches acknowledge and Fast-paced online multi-player games may forward the approaching parcels on each side. utilize an opening punching method or Hole punching does not require any learning of the system or expect clients to make a lasting firewall network topology to work. ICMP hole punching, UDP hole pinhole so as to diminish arrange idleness. punching and TCP hole punching separately use Internet VPN application Hamachi or Zerotier uses Control Message, User Datagram and Transmission Control gap punching to permit clients to associate Protocols.
    [Show full text]
  • Summary of the Bittorrent Protocol
    Summary of the BitTorrent Protocol Guest lecturer: Petri Savolainen Discussion on modelling and BitTorrent BitTorrent BitTorrent is based on the notion of a torrent, which is a smallish file that contains metadata about a host, the tracker, that coordinates the file distribution and files that are shared A peer that wishes to make data available must first find a tracker for the data, create a torrent, and then distribute the torrent file. Other peers can then using information contained in the torrent file assist each other in downloading the file The download is coordinated by the tracker. In BitTorrent terminology, peers that provide a complete file with all of its pieces are called seeders BitTorrent: Downloading Files Torrent server 1. Upload torrent file Search 2. Provide first seed Seeder Tracker engine Torrent file 4. Contact tracker Torrent file points to List of peers tracker 3. Post search request and 5. Contact seeder for pieces retrieve link to torrent file Peer 6. Trade pieces with peers Peer Difference to HTTP A BitTorrent file download differs from an HTTP request in the following ways: – BitTorrent uses multiple parallel connections to improve download rates, whereas Web browsers typically use a single TCP Socket to transfer HTTP requests and responses – BitTorrent is peer-assisted whereas HTTP request is strictly client-server – BitTorrent uses the random or rarest-first mechanisms to ensure data availability, whereas HTTP is incremental Characteristics of the BitTorrent protocol I/II • Peer selection is about selecting peers who are willing to share files back to the current peer – Tit for tat in peer selection based on download-speed.
    [Show full text]
  • Nessuno: a Friend-To-Friend Anonymous Communication Protocol
    TALLINN UNIVERSITY OF TECHNOLOGY School of Information Technologies ITC70LT Stefano Panarese - 165624 NESSUNO: A FRIEND-TO-FRIEND ANONYMOUS COMMUNICATION PROTOCOL Master Thesis Supervisor: Olaf Maennel Ph.D. Tallinn 2018 TALLINNA TEHNIKAÜLIKOOL Infotehnoloogia teaduskond ITC70LT Stefano Panarese - 165624 NESSUNO: SÕBRALT-SÕBRALE ANONÜÜMNE KOMMUNIKATSIOONI PROTOKOLL Magistritöö Juhendaja: Olaf Maennel Ph.D. Tallinn 2018 Author’s declaration of originality I hereby certify that I am the sole author of this thesis. All the used materials, references to the literature and the work of others have been referred to. This thesis has not been presented for examination anywhere else. Author: Stefano Panarese May 6, 2018 3 Abstract This thesis presents Nessuno, a distributed friend-to-friend anonymous communication protocol. This study starts with introducing the privacy and anonymity issues emerging from the contexts of those countries with a heavy employment of surveillance. In these contexts, the weaknesses of existing solutions to achieve anonymity in communications are noticeable. Inspired by some of the approaches used in other solutions such as Freenet, Retroshare, Bitmessage, PGP and mix networks, Nessuno adopts a flooding mechanism to forward the messages to the rest of the network and asymmetric encryption to secure the communication’s integrity and confidentiality. The friend-to- friend policy prevents the user from establishing direct connection with untrusted nodes, hence carefully choosing trustworthy peers to directly connect with becomes vital. This thesis also provides guidelines for the implementation of a client for Nessuno and a basic proof-of-concept is available on GitHub for the community. The results coming from a theoretical performance test highlight the performance trade-off that induced by the adoption of a flooding mechanism, however, small changes in the protocol could lead to considerable improvements in its performance.
    [Show full text]
  • User-Defined P2P Virtual Network Overlays for Ad-Hoc Collaboration
    EAI Endorsed Transactions on Collaborative Computing Research Article TinCan: User-Defined P2P Virtual Network Overlays for Ad-hoc Collaboration 1 1 1 2 1 Pierre St Juste∗ , Kyuho Jeong , Heungsik Eom , Corey Baker , Renato Figueiredo 1Advanced Computing and Information Systems Lab, 2Wireless and Mobile Systems Lab Electrical and Computer Engineering, University of Florida, Gainesville, FL, 32611, USA Abstract Virtual private networking (VPN) has become an increasingly important component of a collaboration environment because it ensures private, authenticated communication among participants, using existing collaboration tools, where users are distributed across multiple institutions and can be mobile. The majority of current VPN solutions are based on a centralized VPN model, where all IP traffic is tunneled through a VPN gateway. Nonetheless, there are several use case scenarios that require a model where end-to-end VPN links are tunneled upon existing Internet infrastructure in a peer-to-peer (P2P) fashion, removing the bottleneck of a centralized VPN gateway. We propose a novel virtual network — TinCan — based on peer- to-peer private network tunnels. It reuses existing standards and implementations of services for discovery notification (XMPP), reflection (STUN) and relaying (TURN), facilitating configuration. In this approach, trust relationships maintained by centralized (or federated) services are automatically mapped to TinCan links. In one use scenario, TinCan allows unstructured P2P overlays connecting trusted end-user devices — while only requiring VPN software on user devices and leveraging online social network (OSN) infrastructure already widely deployed. This paper describes the architecture and design of TinCan and presents an experimental evaluation of a prototype supporting Windows, Linux, and Android mobile devices.
    [Show full text]