The GNUnet System Christian Grothoff To cite this version: Christian Grothoff. The GNUnet System. Networking and Internet Architecture [cs.NI]. Université de Rennes 1, 2017. tel-01654244 HAL Id: tel-01654244 https://hal.inria.fr/tel-01654244 Submitted on 3 Dec 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Distributed under a Creative Commons Attribution| 4.0 International License 1 Th`esed'habilitation `adiriger des recherches Universit´eede Rennes 1 Mention: Informatique The GNUnet System Christian Grothoff Soutenue le 10 octobre 2017 devant le jury compos´ede Messieurs les Professeurs: Anne-Marie Kermarrec (Universit´ede Rennes 1) Tanja Lange (Technische Universiteit Eindhoven) George Danezis (University College London) Joe Cannataci (University of Groningen) Saddek Bensalem (University of Grenoble) Au vu des rapports de Messieurs les Professeurs: Tanja Lange (Technische Universiteit Eindhoven) George Danezis (University College London) Saddek Bensalem (University of Grenoble) Revision 1.0 2 Abstract GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old inse- cure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and ap- plications towards the creation of a GNU internet. This habilitation provides an overview of the GNUnet architecture, including the development process, the network architecture and the software architecture. The goal of Part 1 is to provide an overview of how the various parts of the project work together today, and to then give ideas for future directions. The text is a first attempt to provide this kind of synthesis, and in return does not go into extensive technical depth on any particular topic. Part 2 then gives selected technical details based on eight publications covering many of the core components. This is a harsh selection; on the GNUnet website there are more than 50 published research papers and theses related to GNUnet, providing extensive and in-depth documentation. Finally, Part 3 gives an overview of current plans and future work. 3 Acknowledgements Anne-Marie Kermarrec, Tanja Lange, George Danezis, Joe Cannataci and Sad- dek Bensalem have accepted to participate on the jury for my habilitation. I feel very lucky and honored, and thank them for that. I especially thank Tanja Lange for detailed and constructive comments. I am grateful to and for the GNU project, in particular Richard Stallman and Werner Koch, for their long-standing and loud support for me and my projects. I thank all of the Free Software developers, in particular the hundreds of people that have contributed directly to GNUnet over the years. All parts of this document stem from some type of collaboration and the text is based on the respective papers written with various co-authors, in particu- lar my PhD students Nathan Evans, Matthias Wachs, Sree Harsha Totakura, Bartlomiej Polot, Alvaro Garcia-Recuero and Florian Dold. I thank Hern^ani Marques for proofreading the entire document. I also specifically want to thank developers from other projects sharing our goals and values, in particular I2P and Tor. Our discussions with them have been frequently insightful and I hope we will continue to productively work together in the future. Finally, the GNUnet project would not be where it is today without the support by NLnet, the DFG (ENP GR 3688/1-1) and the Renewable Freedom Foundation. 4 To Torsten Contents I Overview 9 1 Introduction 11 1.1 The need for private communication . 12 1.1.1 Authenticated encryption . 12 1.1.2 Metadata . 13 1.1.3 The client-server architecture . 13 1.2 Decentralized Peer-to-Peer networks . 14 1.3 Objectives for the GNUnet . 15 2 Architecture 17 2.1 Software architecture . 17 2.1.1 Evolution . 23 2.2 Security architecture . 23 2.2.1 Access control . 23 2.2.2 Secure APIs . 25 2.3 Process architecture . 26 2.3.1 Responsible disclosure . 27 2.3.2 Peer review . 27 2.3.3 Verification . 27 2.3.4 Testing . 28 2.3.5 Deployment . 29 2.3.6 Monitoring . 29 2.4 Network architecture . 30 2.4.1 Overlay or underlay? . 30 2.4.2 Structured or unstructured? . 30 2.4.3 Bootstrapping . 32 3 Key contributions 33 3.1 Transport underlay abstraction . 33 3.1.1 Automatic selection and resource allocation . 33 3.1.2 Autonomous NAT traversal . 34 3.2 Byzantine fault-tolerant routing . 34 3.2.1 Secure network size estimation . 35 3.2.2 R5N: A secure distributed hash table . 36 5 6 CONTENTS 3.2.3 CADET: Confidential ad-hoc decentralized E2E transport 37 3.3 The GNU name system . 38 3.3.1 Revocation . 39 3.3.2 Conversation . 39 3.3.3 Protocol translation . 40 II Contributions in depth 41 4 Transport 43 4.1 Introduction . 43 4.2 Semantics of the Transport Abstraction . 44 4.2.1 Security Considerations . 45 4.3 Example: SMTP Implementation (Historic) . 46 4.3.1 Sending Email . 46 4.3.2 Receiving Email . 47 4.3.3 Security considerations for SMTP . 47 4.4 Related Work . 48 4.5 Autonomous NAT Traversal . 49 4.5.1 Technical Approach . 50 4.5.2 Implementations . 54 4.5.3 Experimental Results . 55 4.5.4 Discussion . 56 4.6 Transport selection problem . 56 4.6.1 Objectives for transport selection . 57 4.6.2 Scope . 58 4.7 Transport selection design . 58 4.7.1 The heuristic solver . 58 4.7.2 The linear optimisation solver . 59 4.7.3 The machine learning solver . 59 4.8 Implementation . 60 4.9 Evaluation . 60 4.9.1 Solver scalability evaluation . 61 4.9.2 Solver quality evaluation . 61 4.10 Discussion . 64 4.11 Conclusion . 65 5 Secure routing 67 5.1 Introduction . 67 5.2 Secure network size estimation . 68 5.2.1 Related Work . 69 5.2.2 Our Approach . 71 5.2.3 Security Analysis . 76 5.2.4 Experimental Results . 78 5.2.5 Discussion . 87 5.3 R5N .................................. 88 CONTENTS 7 5.3.1 Related Work . 89 5.3.2 Restricted-Route Topologies . 90 5.3.3 Design of R5N ........................ 92 5.3.4 Experimental Results . 95 5.3.5 Performance Analysis . 103 5.4 CADET . 103 5.4.1 Connectivity . 103 5.4.2 Security . 105 5.4.3 Multiplexing . 106 5.5 Implementation . 109 5.6 Results . 109 5.6.1 Churn Resistance . 109 5.6.2 Latency . 111 5.6.3 Bandwidth . 113 5.7 Related Work . 113 5.7.1 TCP/IP . 113 5.7.2 Tor . 114 5.7.3 net2o . 115 5.8 Conclusion . 115 6 The GNU Name System 117 6.1 Introduction . 117 6.2 Requirements Analysis . 119 6.2.1 Adversary Model . 119 6.2.2 Functional Requirements . 120 6.3 Design Space for Name Systems . 120 6.3.1 Hierarchical Registration . 122 6.3.2 Cryptographic IDs and Mnemonics . 123 6.3.3 Petnames and SDSI . 123 6.3.4 Timeline-based Name Systems . 124 6.4 Practical Considerations . 124 6.4.1 Interoperability with DNS . 125 6.4.2 End-to-End Security and Errors . 126 6.4.3 Petnames and Legacy Applications . 126 6.4.4 Censorship-Resistant Lookup . 126 6.4.5 Case study: Usability . 127 6.5 Design of the GNU Name System . 128 6.5.1 Names, Zones and Delegations . 128 6.5.2 Zone Management with Nicknames and Petnames . 129 6.5.3 Relative Names for Transitivity of Delegations . 130 6.5.4 Absolute Names . 130 6.5.5 Records in GNS . 131 6.6 Query Privacy . 132 6.7 Security of GNS . 133 6.8 Special Features . 134 6.8.1 Automatic Shortening . 134 8 CONTENTS 6.8.2 Relative Names in Record Values . 135 6.8.3 Dealing with Legacy Assumptions: Virtual Hosting and TLS . 135 6.8.4 Handling TLSA and SRV records . ..