Protecting Free Expression Online with Freenet

Presented by Ho Tsz Kin

I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley

14/08/2003

AgendaWhat is Freenet?Freenet Architecture GUID key Routing Network Evolution Managing Storage

Performance AnalysisConclusion and Discussion

What is Freenet?Peer-to-peer file storage applicationAllow publication, and retrieval of information without censorshipEach node Contribute storage Cooperate in routing

Computer Node

Routing Traffic

Storing Files

What is Freenet?Five design goals: Anonymity for both readers and authors Deniability for storers Resistance to attempts by third parties to

deny access Efficient dynamic storage and routing Decentralization

Emphasize on privacy, availability, true freedom of speechRespond adaptively to usage patternsNo guarantee on permanent file storage

GUID KeysEach file is assigned with a location-independent globally unique identifier (GUID), i.e. file keyContent-hash keys (CHK) Analogous to inodes File key generated by

hashing the content Files are encrypted by

a randomly-generated key Required in retrieving

GUID KeysSigned-subspace keys (SSK) Analogous to filenames A public-private key pair is randomly-

generated A short descriptive string,

e.g.“mcl/research/paper” Sets up a personal namespace Sign the file to provide integrity check

Required in retrieving

RoutingMessages travel via node-to-node paths, NOT directly from sender to recipientEach node Knows only about its

immediate neighbors Maintains a routing table

that lists the addresses of other nodes and the GUID it think they hold

f

ba

e

c

d

b A F5EC1

f A BC1T2

d HY T32U

Node e’s routing table

Retrieval RoutingDepth-first Search with backtracking Forward requests according to routing

table

Request message contains File key Time-to-live (TTL) limit

When receive request Check itself Otherwise, forwards to

the node with the closest key

123450

Expand c first

f

ba

e

c

d

a A BCIJK

c 123456

e 123000

f 100000

Retrieval Routing If fail, try using next-closest key If reach a node that is already in the path,

bounced back Until TTL expires, or find the file

a A BCIJK

c 123456

e 123000

f 100000

Expand e then

Request 123450

Bouncedback

Find thefile

Retrieval RoutingIf success, file together with a note specifying the holder will be passed backTo conceal data holder Any node in the reply path can change holder

to itself or any arbitrary node Requests will still locate the data, as this node

retains the true holder’s identity

Update routing tableFile might be cached at all nodes along the reply path Improved availability,

fault-tolerance

ba

e d

Insertion RoutingInserting File Route similarly with requesting file Forward message according to the

closeness in key if no key collision Fail if key collision occurs Success if TTL expires without collision Insert file along the path Update routing table

Any Node along the path can change holder to itself or any arbitrary node

Anonymity in Routing

a b

... ...Requesting file

Don’t know who are requesting

Send the file,holder is x

Update routing table, but the true holder may or may not be x

a b

... ...

Inserting file, holder (inserter) is x

Store the file, update routing table, but the true holder may or may not be x

Retrieval:

Insertion:

Training routesNodes’ routing tables should specialize in handling clusters of similar keysNode should specialize in storing clusters of files with similar keysThe twin effects of clustering should improve the effectiveness of future queriesKey clustering GUID keys are derived from hashes Closeness of keys in storing is unrelated to

corresponding files’ content

Adding NodesNew node first generates a public-private key pair

Identify the node Use for future trust mechanism Sends an announcement message including the public key

and physical address to an existing node, located through some out-of-band means

4

3

2

1

4

3

2

1

New node

Chosenrandomly

Propagate until TTL expires

Assign random GUID in the key-space using shared random number generation

Managing StorageIn each node Storage is managed by LRU (Least

Recently Used) Cache Frequency of requests per file

Routing mechanism Creates more copies in an area of

network where a file is requested Files that go un-requested in another

part of the network will be deleted Number and location adjust to

demand

Degree Distribution Simulation of 10,000 nodes

Degree distribution among Freenet nodes Close fit to a power-law distribution

Max routing table size

Fault-tolerance 10,000 nodes trained network

Remove nodes randomly TTL = 500 10 trials

Median path length below 20 even 30%of nodes fail

Robust against quitelarge failures

Power-law gives highdegree of fault tolerance

Fault-tolerance 10,000 nodes trained network

Remove randomly nodes Remove well-connected nodes first

Transition to disconnected fragments

Scalability 20 nodes initially connected in ring

topology Insert & request files to random nodes (TTL =

20) Create a new node after

every 5 inserts and requests,announce randomly to a existing node

Measure after every 100inserts and requests

End till 200,000 nodes 10 trials

Median path length in network scales as N0.28

ConclusionFreenet is P2P application that designed from a different perspective – free flow of informationUsing Freenet Can’t identify who is requesting a

document Can’t identify who is inserting a

document Can’t identify where a document resides

DiscussionReplicated File is stored as a whole Fragmentation and erasure correction coding

No in-build searching function How to search content in Freenet

Cost is high, as message need to travel along the whole path How to provide anonymity efficiently

Pornographic/offensive content, terrorism humanity should not be deprived of their

freedom to communicate Use for good or bad

References

I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley, “Protecting Freedom of Information Online with Freenet,” IEEE Internet Computing, vol6(1), Jan-Feb, 2002, pp40-49.I. Clarke, T. W. Hong, O. Sandberg, and B. Wiley, “Freenet: A distributed anonymous information storage and retrieval system,” Proc. of the ICSI Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, 2000.http://www.freenetproject.org