FreeNet: A Distributed Anonymous Information Storage and Retrieval System
description
Transcript of FreeNet: A Distributed Anonymous Information Storage and Retrieval System
![Page 1: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/1.jpg)
FreeNet: A Distributed Anonymous Information Storage and Retrieval System
Ian Clark, Oskar Sandberg, Brandon Wiley and Theodore Hong
![Page 2: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/2.jpg)
FreeNet
• P2P network for anonymous publishing and retrieval of data– Decentralized
– Nodes collaborate in storage and routing
– Data centric routing
– Adapts to demands
– Addresses privacy & availability concerns
![Page 3: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/3.jpg)
Motivation
• Problem - Querying the network– Source - Requestor– Destination – Provider
• It’s a distributed search problem – Approximating global knowledge with local
knowledge– Other systems – Chord, Tapestry, Pastry
• Privacy and availability– Protect authorship, prevent denial attacks
![Page 4: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/4.jpg)
Goals of Freenet
• Anonymity for producers and consumers• Deniability for information storers• Resistance to denial attacks• Efficient storing and routing• Does NOT provide
– Permanent file storage– Load balancing – Anonymity for general n/w usage
![Page 5: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/5.jpg)
Architecture
• Each node – local data store + routing table• Request file through location independent keys• Routing - chain of proxy requests - decision is local• Graph structure actively evolves over time
Request:
1. key
2. Hops to live
3. ID
4. Depth
![Page 6: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/6.jpg)
Key Based Searching
FILE‘D’– key generation Pb + Pr ; SHA(Pb) D
+ Pr
KSKEncrypted FILE Signature
E(FILE, D)
•Keyword signed key(KSK)
•Easy for retrieval – only need ‘D’
•Minimal protection against tampering
![Page 7: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/7.jpg)
Keys and Searching…..
• Problems with KSK – flat namespace (collisions), key squatting, dictionary attacks
• Signed Subspace Key (SSK)– Randomly generated key pair namespace ID– SSK = SHA(‘D’) ^ SHA(Pb) – (-)Advertisement – subspace Pb + ‘D’– (+)Owner can construct hierarchical space of arbitrary
depth - using indirect files– (+)Reduces collision greatly
![Page 8: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/8.jpg)
Keys and Searching…
• Problems with SSK - updating, versioning• Content Hash Keys (CHK)
– Encrypted by a random encryption key– Publish CHK + decryption key– CHK + SSK easily updateable files
• 2 step process – publish file, publish pointer• Results in pointers to newer version• Older versions accessed thru CHK
– Can be used for splitting files
![Page 9: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/9.jpg)
Retrieving Files
• How do u locate the keys?– Hypertext spider – Indirect files – published with KSK of search words– Publish bookmarks
• File retrieval– Request forwarded to node in RT with closest
lexicographic match for the binary key– Request routing follows steepest-ascent hill
climbing: first choice failure backtrack second choice
![Page 10: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/10.jpg)
Still Retrieving….
• Timers, hops - curtail request threads
• Files cached all along the retrieval path
• Self-reinforcing cycle – results in key expertise
c
a
d
b
e
f
![Page 11: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/11.jpg)
Ring Topology
•1000 nodes in ring topology
•Datastore = 50 items
•RT = 250 items
•Keys associated with links are hash of destn IPs
![Page 12: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/12.jpg)
Self Reinforced Routing • Snapshots using 300 requests with hops = 500
• As network converges it drops to 6 - “six degrees of separation”
![Page 13: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/13.jpg)
Retrieval Discussion
• No controlled replication no persistence
• No correlation between keys and content– (+) Documents related to a subject are scattered
• Geographical fault resilience
– (-) No spatial locality – search latencies can suffer• Building indexes by other means
![Page 14: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/14.jpg)
Publishing
• Similar to retrieval but, 2 step process – Detect collisions – ‘all clear’ if no collision
– Publish to node in RT with closest key match
• Are CD and publish paths same?– Can result in collision during publish step
• Inserts allow new nodes to advertise themselves
• (+) Key-squatting is not effective
![Page 15: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/15.jpg)
Data Management
• Finite data stores - nodes resort to LRU
• Routing table entries linger after data eviction
• Outdated (or unpopular) docs disappear automatically
• Bipartite eviction – short term policy– New files replace most recent files
– Prevents established files being evicted by attacks
![Page 16: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/16.jpg)
Network Growth
• New nodes have to know one or more guys
• Problem: How to consistently decide on what key the new node specializes in?– Needs to be consensus decision – else denial attacks
• Advertisement IP + H(random seed s0)– Commitment - H(H(H(s0) ^ H(s1)) ^ H(s2))…….
– Key for new node = XOR of all seeds
• Each node adds a RT entry for the new node
![Page 17: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/17.jpg)
Network Growth
• Key assigned to new nodes = H(IP)
• Scales as log(n) until n ~ 40000
• At 40000, RTs are full
![Page 18: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/18.jpg)
Protocol
• Nodes with frequently changing IPs use ARKs• Return address specified in requests – threat?• Messages do not always terminate when hops-
to-live reaches 1• Depth is initialized by original requestor to
arbitrarily small value• Request state maintained at each node – timers
- LRU
![Page 19: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/19.jpg)
Fault Resilience
• Median path length < 20 at 30% node failures?
• N/w becomes ineffective at 40% failures ???
![Page 20: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/20.jpg)
Small World• Most nodes form local
clusters
• Few high link connecting nodes
• Power law distribution provides high degree of fault tolerance
![Page 21: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/21.jpg)
Security Concerns
• Pre- routing – mesg. encrypted by public keys which determine path of pre-routing
• Protecting data source – using random and probabilistic methods
![Page 22: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/22.jpg)
Security
• File integrity - KSK vulnerable to dictionary attacks
• DOS attacks – Hash Cash to slow down
• Attempts to displace valid files are constrained by the insert procedure
![Page 23: FreeNet: A Distributed Anonymous Information Storage and Retrieval System](https://reader036.fdocuments.us/reader036/viewer/2022062520/56815881550346895dc5e39a/html5/thumbnails/23.jpg)
Conclusion
• Provides a n/w to anonymously store and request files
• Adaptive routing who’s efficiency increases with experience
• Deals with privacy and data integrity in various scenarios
• Applications?– Freedom of speech
– Unaccountable, decentralized Napster