Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
How to Disappear Completely:A Survey of Private Peer-to-Peer Networks
Michael Rogers1 Saleem Bhatti2
1University College London, UK
2University of St Andrews, UK
Sustaining Privacy in AutonomousCollaborative Environments, 2007
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
DefinitionsTechnical Challenges
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
DefinitionsTechnical Challenges
Private Peer-to-Peer Networks
◮ Definition of a private peer-to-peer network:◮ Internet overlay◮ Resources and infrastructure provided by the users◮ New users must be invited to join the network
◮ Not necessarily anonymous◮ Not necessarily decentralised
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
DefinitionsTechnical Challenges
Group-Based and Friend-to-Friend Networks
Group-based: any membercan connect to any other
Friend-to-friend (F2F): usersonly connect to their friends
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
DefinitionsTechnical Challenges
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
DefinitionsTechnical Challenges
Firewalls and NATs
◮ Firewalls may block incoming connections◮ Network address translators (NATs) also cause problems:
◮ Users may not know their own addresses or port numbers◮ Many workarounds exist (hole punching, UPnP, STUN)◮ IETF is trying to standardise NAT behaviour
◮ These problems also affect public P2P networks
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
DefinitionsTechnical Challenges
Confidentiality and Authentication
◮ No shortage of encryption and authentication protocols◮ Central problem: key exchange◮ Private P2P users already know each other◮ Keys can be exchanged out-of-band◮ Existing keys can be reused (e.g. PGP web of trust)◮ No public key infrastructure required
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
DefinitionsTechnical Challenges
Resource Contribution
◮ Free riding is widespread in public P2P networks◮ Might not be a problem in small private networks
◮ Users know each other◮ Altruism, social norms
◮ Could be an issue for larger private networks
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Shared Spaces
◮ Many group-based networks create shared spaces◮ Shared folders, chatrooms, whiteboards◮ Changes made by any user are visible to all other users◮ Examples: Groove, Shinkuro, PowerFolder, Octopod
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Centralised Groups
◮ One user runs a hub, the other users run clients◮ The hub handles authentication and address discovery◮ All users must trust the owner of the hub◮ The hub is a single point of failure◮ Example: Direct Connect
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Decentralised Groups
◮ Nodes form an unstructured overlay (“partial mesh”)◮ Topology depends on NATs, firewalls, available bandwidth◮ Queries are flooded through the overlay◮ Responses are forwarded back along the query path◮ Example: WASTE
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Friend-to-Friend Networks
◮ Friend-to-friend connections form a web of trust◮ How can we communicate across the web of trust?
1. Treat it as an unstructured P2P overlay2. Treat it as a structured P2P overlay3. Treat it as an ordinary IP network4. Only communicate locally
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Turtle and GNUnet
◮ Treat the web of trust as an unstructured overlay◮ Queries are flooded◮ Responses are forwarded back along the query path◮ Turtle: establish virtual circuits◮ GNUnet: publish and retrieve blocks of data
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Freenet
◮ Treat the web of trust as a structured overlay◮ Use F2F links to create a distributed hash table (DHT)
◮ Standard DHTs use fixed node identifiers, vary the topology◮ Freenet uses a fixed topology, varies the identifiers
◮ Use the DHT to publish and retrieve blocks of data
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
anoNet
◮ Treat the web of trust as an ordinary IP network◮ Reuse standard Internet protocols: DNS, BGP◮ Caveats:
◮ DNS is centralised – someone must control the root◮ Standard protocols were not designed for privacy
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Group-Based NetworksFriend-to-Friend Networks
Friends of Friends
◮ The web of trust is a social network◮ Many of the people you want to talk to are nearby◮ Only communicate locally◮ Indirect communication between friends of friends◮ Examples: Galet, Alliance, Retroshare, Cryptic6
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Local vs. Global
Many local networks
◮ Easy to set up◮ Hard to detect◮ Free riding is unlikely
One global network
◮ More users, more content◮ Protocols must be scalable◮ Hard to bootstrap
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Local vs. Global
Many local networks
◮ Easy to set up◮ Hard to detect◮ Free riding is unlikely
One global network
◮ More users, more content◮ Protocols must be scalable◮ Hard to bootstrap
Bootstrapping the “global darknet”Freenet has recently given users the option of connecting tostrangers, because most potential users do not know a memberof the existing network.
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Intermediate Approaches
1. Build local networks, merge them later◮ Not all protocols support merging◮ Protocols for local networks may not scale
2. Indirect communication between friends of friends3. Users may belong to more than one network
◮ “The darknet” is a patchwork of many “darknets”
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Visibility and Privacy
◮ In group-based networks, anyone can invite a new member◮ The new user can see everyone
◮ Not just the user who invited them◮ Different users may have different privacy requirements◮ Privacy decreases as the network grows
◮ Attackers can use invitations to create multiple identities◮ Sybil attacks: many identities in parallel◮ Whitewashing: many identities in series
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Address Discovery
◮ P2P nodes typically have dynamic IP addresses◮ Nodes behind NATs may not know their own addresses◮ Some networks use external discovery services
◮ STUN servers, distributed hash tables◮ External services could compromise privacy
◮ Other networks rely on the existence of long-lived nodes◮ Group-based networks: every group needs a stable node◮ F2F networks: every node needs a stable friend◮ If no nodes can be found, repeat the invitation process
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Outline
BackgroundDefinitionsTechnical Challenges
Survey of Private P2P NetworksGroup-Based NetworksFriend-to-Friend Networks
ArchitectureScaleVisibilityCentralisation
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Centralisation
Centralised
◮ Easier access control◮ Easier address discovery◮ Single point of failure
Decentralised
◮ Non-hierarchical◮ Potentially more scalable◮ Potentially more resilient
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
ScaleVisibilityCentralisation
Centralisation
Centralised
◮ Easier access control◮ Easier address discovery◮ Single point of failure
Decentralised
◮ Non-hierarchical◮ Potentially more scalable◮ Potentially more resilient
Intermediate approaches
◮ Non-firewalled nodes can act as relays for firewalled nodes◮ Networks can implement discovery services internally◮ Goal: improve connectivity without harming privacy
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Summary
◮ Private P2P networks are already in widespread use◮ They exhibit a wide range of architectures◮ Tradeoffs between privacy, scalability and ease of use
Michael Rogers, Saleem Bhatti How to Disappear Completely
BackgroundSurvey of Private P2P Networks
ArchitectureSummary
Questions?
Michael Rogers, Saleem Bhatti How to Disappear Completely