We describe Freenet, an adaptive peer-to-peer network ap plication that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet op erates as a network of identical nodes that collectively pool their storage space to store data files and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized loca tion index is employed. Files are referred to in a location-independent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest. It is infeasible to dis cover the true origin or destination of a file passing through the network, and difficult for a node operator to determine or be held responsible for the actual physical contents of her own node.
|Published (Last):||16 November 2007|
|PDF File Size:||8.32 Mb|
|ePub File Size:||16.59 Mb|
|Price:||Free* [*Free Regsitration Required]|
We describe Freenet, an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers.
Freenet operates as a network of identical nodes that collectively pool their storage space to store data les and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized location index is employed.
Files are referred to in a location-independent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest. It is infeasible to discover the true origin or destination of a le passing through the network, and di cult for a node operator to determine or be held responsible for the actual physical contents of her own node.
We describe Freenet, an adaptive peer-to-peer network ap- 1 Introduction Networked computer systems are rapidly growing in importance as the medium of choice for the storage and exchange of information. However, current systems a ord little privacy to their users, and typically store any given data item in only one or a few xed places, creating a central point of failure.
Because of a continued desire among individuals to protect the privacy of their authorship or readership of various types of sensitive information 28], and the undesirability of central points of failure which can be attacked by opponents wishing to remove data from the system 11, 27] or simply overloaded by too much interest 1], systems o ering greater security and reliability are needed.
We are developing Freenet, a distributed information storage and retrieval system designed to address these concerns of privacy and availability. The system? Work of Theodore W. Hong operates as a location-independent distributed le system across many individual computers that allows les to be inserted, stored, and requested anonymously.
There are ve main design goals: Anonymity for both producers and consumers of information Deniability for storers of information Resistance to attempts by third parties to deny access to information E cient dynamic storage and routing of information Decentralization of all network functions The system is designed to respond adaptively to usage patterns, transparently moving, replicating, and deleting les as necessary to provide e cient service without resorting to broadcast searches or centralized location indexes.
It is not intended to guarantee permanent le storage, although it is hoped that a su cient number of nodes will join with enough storage capacity that most les will be able to remain inde nitely. In addition, the system operates at the application layer and assumes the existence of a secure transport layer, although it is transport-independent. It does not seek to provide anonymity for general network usage, only for Freenet le transactions.
It grew out of work originally done by the rst author at the University of Edinburgh 12]. Such channels are not in themselves easily suited to one-to-many publication, however, and are best viewed as a complement to Freenet since they do not provide le access and storage. Anonymity for consumers of information in the web context is provided by browser proxy services such as the Anonymizer 6], although they provide no protection for producers of information and do not protect consumers against logs kept by the services themselves.
Private information retrieval schemes 10] provide much stronger guarantees for information consumers, but only to the extent of hiding which piece of information was retrieved from a particular server.
In many cases, the fact of contacting a particular server in itself can reveal much about the information retrieved, which can only be counteracted by having every server hold all information naturally this scales poorly.
Berthold et al. The Rewebber 26] provides a measure of anonymity for producers of web information by means of an encrypted URL service that is essentially the inverse of an anonymizing browser proxy, but has the same di culty of providing no protection against the operator of the service itself. TAZ 18] extends this idea by using chains of nested encrypted URLs that successively point to di erent rewebber servers to be contacted, although this is vulnerable to tra c analysis using replay.
Both rely on a single server as the ultimate source of information. The Eternity proposal 5] seeks to archive information permanently and anonymously, although it lacks speci cs on how to e ciently locate stored les, making it more akin to an anonymous backup service. Free Haven 14] is an interesting anonymous publication system that uses a trust network and le trading mechanism to provide greater server accountability while maintaining anonymity.
Neither one replicates les. Intermemory 9] and India 16] are cooperative distributed leserver systems intended for long-term archival storage along the lines of Eternity, in which les are split into redundant shares and distributed among many participants. Akamai 2] provides a service that replicates les at locations near information consumers, but is not suitable for producers who are individuals as opposed to corporations.
None of these systems attempt to provide anonymity. Each node maintains its own local datastore which it makes available to the network for reading and writing, as well as a dynamic routing table containing addresses of other nodes and the keys that they are thought to hold.
It is intended that most users of the system will run nodes, both to provide security guarantees against inadvertently using a hostile foreign node and to increase the storage capacity available to the network as a whole.
The system can be regarded as a cooperative distributed lesystem incorporating location independence and transparent lazy replication. Just as systems such as distributed. However, where distributed. Hong is directly useful to users themselves, acting as an extension to their own hard drives.
The basic model is that requests for keys are passed along from node to node through a chain of proxy requests in which each node makes a local decision about where to send the request next, in the style of IP Internet Protocol routing. Depending on the key requested, routes will vary. The routing algorithms for storing and retrieving data described in the following sections are designed to adaptively adjust routes over time to provide e cient performance while using only local, rather than global, knowledge.
This is necessary since nodes only have knowledge of their immediate upstream and downstream neighbors in the proxy chain, to maintain privacy. Each request is also assigned a pseudo-unique random identi er, so that nodes can prevent loops by rejecting requests they have seen before.
When this happens, the immediatelypreceding node simply chooses a di erent node to forward to. This process continues until the request is either satis ed or exceeds its hops-to-live limit. Then the success or failure result is passed back up the chain to the sending node. No node is privileged over any other node, so no hierarchy or central point of failure exists.
Joining the network is simply a matter of rst discovering the address of one or more existing nodes through out-of-band means, then starting to send messages. Files in Freenet are identi ed by binary le keys obtained by applying a hash function. Currently we use the bit SHA-1 4] function as our hash. Three di erent types of le keys are used, which vary in purpose and in the speci cs of how they are constructed. The simplest type of le key is the keyword-signed key KSK , which is derived from a short descriptive text string chosen by the user when storing a le in the network.
The public half is then hashed to yield the le key. The private half of the asymmetric key pair is used to sign the le, providing a minimal integrity check that a retrieved le matches its le key.
Note however that an attacker can use a dictionary attack against this signature by compiling a list of descriptive strings. The le is also encrypted using the descriptive string itself as a key, for reasons to be explained in section 3. To allow others to retrieve the le, the user need only publish the descriptive string. This makes keyword-signed keys easy to remember and communicate to others. However, they form a at global namespace, which is problematic.
Nothing prevents two users from independently choosing the same descriptive string for di erent les, for example, or from engaging in key-squatting inserting junk les under popular descriptions. To insert a le, she chooses a short descriptive text string as before. As with the keyword-signed key, the private half of the asymmetric key pair is used to sign the le.
This signature, generated from a random key pair, is more secure than the signatures used for keyword-signed keys. The le is also encrypted by the descriptive string as before. Storing data requires the private key, however, so only the owner of a subspace can add les to it.
The owner now has the ability to manage her own namespace. For example, she could simulate a hierarchical structure by creating directory-like les containing hypertext pointers to other les. Directories can also recursively point to other directories. The third type of key is the content-hash key CHK , which is useful for implementing updating and splitting. A content-hash key is simply derived by directly hashing the contents of the corresponding le. This gives every le a pseudo-unique le key.
Files are also encrypted by a randomly-generated encryption key. To allow others to retrieve the le, the user publishes the contenthash key itself together with the decryption key. Note that the decryption key is never stored with the le but is only published with the le key, for reasons to be explained in section 3. Content-hash keys are most useful in conjunction with signed-subspace keys using an indirection mechanism.
To store an updatable le, a user rst inserts it under its content-hash key. She then inserts an indirect le under a signedsubspace key whose contents are the content-hash key. This enables others to retrieve the le in two steps, given the signed-subspace key.
She then inserts a new indirect le under the original signed-subspace key pointing to the updated version. When the insert reaches a node which possesses the old version, a key collision will occur. The node will check the signature on the new version, verify that it is both valid and more recent, and replace the old version. Thus the signed-subspace key will lead to the most recent version of the le, while old versions can continue to be accessed directly by content-hash key if desired.
If not requested, however, these old versions will eventually be removed from the network see section 3. This mechanism can be used to manage directories as well as regular les. Hong Content-hash keys can also be used for splitting les into multiple parts. For large les, splitting can be desirable because of storage and bandwidth limitations. Splitting even medium-sized les into standard-sized parts e. This is easily accomplished by inserting each part separately under a content-hash key, and creating an indirect le or multiple levels of indirect les to point to the individual parts.
All of this still leaves the problem of nding keys in the rst place. The most straightforward way to add a search capability to Freenet is to run a hypertext spider such as those used to search the web.
While an attractive solution in many ways, this con icts with the design goal of avoiding centralization. A possible alternative is to create a special class of lightweight indirect les. When a real le is inserted, the author could also insert a number of indirect les each containing a pointer to the real le, named according to search keywords chosen by her.
These indirect les would di er from normal les in that multiple les with the same key i. Managing the likely large volume of such indirect les is an open problem. An alternative mechanism is to encourage individuals to create their own compilations of favorite keys and publicize the keys of these compilations. This is an approach also in common use on the world-wide web.
To retrieve a le, a user must rst obtain or calculate its binary le key. She then sends a request message to her own node specifying that key and a hops-to-live value.
When a node receives a request, it rst checks its own store for the data and returns it if found, together with a note saying it was the source of the data.
FREENET- A Distributed and Anonymous Information Storage and Retrieval System
We describe Freenet, an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet operates as a network of identical nodes that collectively pool their storage space to store data les and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized location index is employed. Files are referred to in a location-independent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest.
Freenet: A Distributed Anonymous Information Storage and Retrieval System
Freenet has been under continuous development since Freenet 0. The most fundamental change is support for darknet operation. Version 0. Both modes can be run simultaneously. When a user switches to pure darknet operation, Freenet becomes very difficult to detect from the outside. The transport layer created for the darknet mode allows communication over restricted routes as commonly found in mesh networks , as long as these connections follow a small-world structure.
Part of the Lecture Notes in Computer Science book series LNCS, volume Abstract We describe Freenet, an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet operates as a network of identical nodes that collectively pool their storage space to store data files and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized location index is employed. Files are referred to in a location-independent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest.