by Alexander Sotirov
Aug 2, 2010
Back in 2007 I spent some time playing with a design for a file sharing darknet. It was never implemented, but I recently found my notes from that project and decided to post them here in the hope that someone might find this useful.
network size small darknet 10-50 users full trust model but how do you prevent it from getting too big? it will degenerate into large scale unless you do friend of a friend multiple darknets 5 x 10-50 users each user is a member of multiple networks no cross network identity or trust large scale friend of a friend network each user can see only their friends and friends of friends user identities user id user SSL certificate node identities IP address node SSL certificate all the above information is signed by the user SSL certificate services provided by the darknet file sharing - GET requests over HTTPS messaging - XML-RPC over HTTPS, either direct or broadast trust model (chosen by each user) everybody - as long as they are part of the network friends - only friends on your trust list friends of friends - single hop or multiple hops join algorithm Alice invites Bob into the network Alice generates an invite key containing: SSL certificate for Alice temporary client SSL certificate for Bob, signed by Alice IP address of Alice's node expiration date Alice sends the invite key to Bob over an external secure channel Bob creates a new identity Bob connects to Alice using the temp SSL certificate from the invite key Bob authenticates Alice using her SSL certificate from the invite key Alice authenticates Bob by verifying his client SSL certificate if the invite is expired, Bob needs a new invite key Bob picks a user id and sends it to Alice if the user id is already taken, Bob has to try again with a new id Bob creates a permanent user SSL certificate and sends it to Alice Alice broadcasts the new user id and certificate to all other nodes Bob reconnects to Alice using his permanent client SSL certificate Bob gets the IPs and certificates of neighboring nodes from Alice limited visibility of IPs connect only to servers you trust (need at least one, see join algorithm above) send your IP only to servers you trust your IP is forwarded to other servers only: if your trust model is everybody forwarded to everybody if your trust model is friend of a friend forwarded to their friends if your trust model is friends only no forwarding threat model privacy get IPs that a specific user is communicating with attacker: ISP defense: random ssl traffic, no defense for high speed traffic get full user list attacker: rogue/compromised node defense: a node can see only friends of friends, not beyond that get full server list attacker: rogue/compromised node defense: a node can see only friends of friends, not beyond that get shares/files of user attacker: rogue/compromised node defense: per share permissions get records of transactions attacker: ISP defense: ssl disrupt network traffic filtering attacker: ISP defense: ssl on port 443, dedicated servers traffic throttling attacker: ISP defense: ssl on port 443 DoS against network attacker: rogue/compromised node defense: none