Darknet design

Aug 2, 2010

Back in 2007 I spent some time playing with a design for a file sharing darknet. It was never implemented, but I recently found my notes from that project and decided to post them here in the hope that someone might find this useful.

network size
    small darknet
        10-50 users
        full trust model
        but how do you prevent it from getting too big?
            it will degenerate into large scale unless you do friend of a friend
    multiple darknets
        5 x 10-50 users
        each user is a member of multiple networks
        no cross network identity or trust
    large scale friend of a friend network
        each user can see only their friends and friends of friends

user identities
    user id
    user SSL certificate

node identities
    IP address
    node SSL certificate
    all the above information is signed by the user SSL certificate

services provided by the darknet
    file sharing - GET requests over HTTPS
    messaging - XML-RPC over HTTPS, either direct or broadast

trust model (chosen by each user)
    everybody - as long as they are part of the network
    friends - only friends on your trust list
    friends of friends - single hop or multiple hops

join algorithm
    Alice invites Bob into the network
        Alice generates an invite key containing:
            SSL certificate for Alice
            temporary client SSL certificate for Bob, signed by Alice
            IP address of Alice's node
            expiration date
        Alice sends the invite key to Bob over an external secure channel
    Bob creates a new identity
        Bob connects to Alice using the temp SSL certificate from the invite key
            Bob authenticates Alice using her SSL certificate from the invite key
            Alice authenticates Bob by verifying his client SSL certificate
            if the invite is expired, Bob needs a new invite key
        Bob picks a user id and sends it to Alice
            if the user id is already taken, Bob has to try again with a new id
        Bob creates a permanent user SSL certificate and sends it to Alice
    Alice broadcasts the new user id and certificate to all other nodes
    Bob reconnects to Alice using his permanent client SSL certificate
    Bob gets the IPs and certificates of neighboring nodes from Alice

limited visibility of IPs
    connect only to servers you trust (need at least one, see join algorithm above)
    send your IP only to servers you trust
    your IP is forwarded to other servers only:
        if your trust model is everybody
            forwarded to everybody
        if your trust model is friend of a friend
            forwarded to their friends
        if your trust model is friends only
            no forwarding

threat model
    privacy
        get IPs that a specific user is communicating with
            attacker: ISP
            defense: random ssl traffic, no defense for high speed traffic
        get full user list
            attacker: rogue/compromised node
            defense: a node can see only friends of friends, not beyond that
        get full server list
            attacker: rogue/compromised node
            defense: a node can see only friends of friends, not beyond that
        get shares/files of user
            attacker: rogue/compromised node
            defense: per share permissions
        get records of transactions
            attacker: ISP
            defense: ssl
    disrupt network
        traffic filtering
            attacker: ISP
            defense: ssl on port 443, dedicated servers
        traffic throttling
            attacker: ISP
            defense: ssl on port 443
        DoS against network
            attacker: rogue/compromised node
            defense: none