Group: GNU Social P2P/OnionRouting

From LibrePlanet
Jump to: navigation, search

Overview

We would like to protect the social graph by preventing traffic analysis. In order to accomplish this, we intend to use Onion Routing to communicate between nodes. Onion Routing is a time-tested conceptual anonymity system, and there are stable implementations available that allow us to avoid re-inventing the wheel, in keeping with our goal of composing existing privacy-enhancing technologies when possible.

Implementations

We plan to initially use Tor as a drop-in onion routing system, tunneling the Agent-to-RemoteCore API over Tor. This satisfies our privacy constraint of not revealing the social graph while minimizing implementation overhead.

From there, we will extend the Agent and Tor to use existing Social-P2P Cores as onion routers. This will enable us to introduce a friend-to-friend aspect to the routing system, and make circuit selection social-aware.

To summarize, the Agent creates Tor paths and uses Tor paths in the forward direction. Cores only use Tor paths in the reverse direction, to respond to requests from Agents.

Tor Drop-In Implementation

Tor is an existing, stable, free onion routing implementation. Our initial onion routing implementation will use Tor as a drop-in solution.

Tor will be bundled with every Agent, and the Agent will use Tor for the Agent-to-RemoteCore API.

Social-Aware Onion Routing

To further enhance privacy and move away from dependence on the Tor network, we plan on replacing Tor onion routers and directory services with Cores. To summarize:

  • Agents will construct paths using both Tor ORs and Cores, with a preference for Cores calculated via a reputation metric (to be determined -- this is an open research question)
  • Agents will become aware of cores by syncing its lists with friend Agents

Scenarios

  • Agent wishes to notify peer of new information: Agent connects to remote Core and performs a 'put' with the notification body. If remote Agent is down, the notification will be processed once it comes online.
  • Agent wishes to retrieve content from peer: Agent connects to remote Core and performs a 'get'.

Notes

Cores never initiate circuits. This would violate our notion of Cores as untrusted.

The Agent is trusted and has circuit keys for all the nodes of a circuit in the forward direction. It also knows the mapping of these keys to the long term identity (public key) of the remote Agent.

Glossary

Onion Proxy

The client program that constructs the onion route and sends data over it for the user. Tor operating in client-only mode is an onion proxy.

Onion Router

A node that forwards data at the request of the onion proxy.

Exit Node

The onion router positioned in the last hop on the onion route, where traffic exits the overlay network.

Circuit

A set of onion routers set up to relay traffic between a source and an arbitrary number of destinations.