200 likes | 246 Views
Freenet. UDAYA S PISIPATI 02/26/08. Contents. Introduction Design goals Architecture Basic model Keys in searching Retrieving data Storing data Managing data Adding nodes Protocol details Performance Analysis Small world model Security Conclusion. Introduction.
E N D
Freenet UDAYA S PISIPATI 02/26/08
Contents • Introduction • Design goals • Architecture • Basic model • Keys in searching • Retrieving data • Storing data • Managing data • Adding nodes • Protocol details • Performance Analysis • Small world model • Security • Conclusion
Introduction • Drawbacks of current networked systems: Privacy Availability • Systems offering greater security and reliability are needed • Freenet -distributed information storage and retrieval system designed to address these concerns • Preliminary implementation can be downloaded from http://www.freenetproject.org/
Design goals • Anonymity for both producers and consumers of information • Deniability for stores of information • Resistance to attempts by third parties to deny access to information • Efficient dynamic storage and routing of information • Decentralization of all network functions
Architecture • Data files are named by location independent keys • Nodes in the network query one another to store and retrieve these files • Each node maintains its own local datastore, available to the network for reading and writing • Dynamic routing table contains addresses of other nodes and the keys that they are thought to hold • Users are provided hard drive extensions • Requests for keys are passed from node to node • Local decisions are made by each node • Nodes only have knowledge of their immediate upstream and downstream neighbors in the chain • Hops-to-live limit and pseudo-unique random identifiers are assigned to each node • No node is privileged over any other node
Key Based Searching • Keyword signed key(KSK) • Easy for retrieval – only need ‘Desc’ • Minimal protection against tampering- Dictionary attacks, same Descriptive string for two files Desc ‘Desc’– key generation Pb + Pr ; SHA(Pb) FILE + Pr E(FILE, Desc) Encrypted FILE Signature KSK
Keys and Searching….. • Problems with KSK – flat namespace (collisions), key squatting, dictionary attacks • Signed Subspace Key (SSK) • Randomly generated key pair namespace ID • SSK = SHA( SHA(‘D’) XOR SHA(Pb) ) • Pr used to sign the file, file encrypted by using D • (-)Publish – subspace Pb + ‘D’ • (+)Owner can construct hierarchical space of arbitrary depth - using indirect files
KEYS AND SEARCHING… • Content Hash Keys (CHK) = SHA (file contents) • Files encrypted by a random encryption key • Publish CHK + decryption key • CHK + SSK easily updateable files • 2 step process – publish file, publish pointer • Results in pointers to newer version • Older versions accessed thru CHK • Can be used for splitting files
Keys and searching: Insert, Update and Split • Insert a file under its CHK • An indirect file (whose contents are the CHK) is inserted under the SSK • Retrieval possible in two steps when SSK is known • For updating the file, insert a new version under its CHK (different from the CHK of the old version) • Insert a new indirect file under the original SSK pointing to the updated version • Key collision occurs when the insert reaches the node which possesses the old version • Check the signature on the new version and replace the old version if the signature is valid and most recent • Split the file into a number of parts and insert each part under a CHK, also create an indirect file to point to the individual parts
Storing data • User calculates the binary file key for the file and sends a message to the his/her own node specifying the proposed key and a hops to live value • The node checks to see if the key is already taken, if the key is found, the node returns the file like the result of a search, the user now chooses a different key and repeats the procedure • If key is not found, the user node looks up the nearest key in its routing table and forwards the insert to the corresponding node • If the hops-to-live limit has been reached without a key collision being detected, an “all clear” result will be propagated to the original inserter
Managing data • Node storage is managed as an LRU cache • When a new file arrives which would cause the datastore to exceed the designated size, LRU files are evicted in order until there is room • Advantage: This method allows outdated documents to fade away naturally
Protocol details • Packet oriented protocol • Request.Handshake • Reply.Handshake • Request.Data • Reply.Restart • Send.Data • Reply.NotFound • Request.Insert
Ring Topology • 1000 nodes in ring topology • Datastore = 50 items • RT = 250 items • Keys associated with links are hash of destn IPs
PERFORMANCE ANALYSIS: SMALL WORLD MODEL Identification of a small-world network: Existence of a scale-free power-law distribution of links within the network The tail of the distribution provides the highly connected nodes needed to create short paths Result: The distribution closely approximates a power law except for the anomalous point representing nodes with filled 250-entry routing tables Loss of poorly connected nodes will not greatly affect routing in the network
Conclusion • Freenet provides an effective means of anonymous information storage and retrieval • It keeps information anonymous and available while remaining highly scalable • WIP: Implementing of a simulation and visualization suite which will enable more rigorous tests of the protocol and routing algorithm • WIP: Implementation of a public-key infrastructure to authenticate nodes and create a searching mechanism
REFERENCES • "Freenet: A Distributed Anonymous Information Storage and Retrieval System” http://www.doc.ic.ac.uk/~twh1/academic/papers/icsi-revised.pdf