More and more individuals are becoming concerned about protecting their privacy and remaining totally anonymous while surfing the internet. Accordingly, the popularity of anonymous communication protocols, such as Tor, Freenet, and I2P, has been skyrocketing during the past few years. Moreover, researchers and developers are continuously working on innovating novel anonymous communication systems that can overcome the flaws of existing systems. GNUnet is a P2P anonymous networking protocol that we will overview throughout this article.
What is GNUnet?
GNUnet is a communication system for decentralized, P2P, anonymous networking. Developers of GNUnet are aiming at replacing the traditional internet protocol with a secure, privacy preserving, networking framework. Initially, GNUnet was developed to offer secure means for publishing files online, and then grew to involve all forms of networking protocol components aiming at building the “GNU internet”.
Currently, GNUnet offers peer discovery, link encryption, resource allocation, and communication over multiple networking protocols including UDP, TCP, HTTP, HTTPS, Bluetooth, and WLAN. Also, GNUnet offers multiple P2P algorithms for multicast, routing, and estimation of network sizes.
GNUnet is based on a mesh network framework that involves a distributed hash table (DHT) which represents a randomized clone of Kademlia that routes data packets in small world networks. GNUnet boasts a “F2F topology” feature that enables users to restrict connections only to trusted friends. A user’s trusted friends’ friends can exchange files indirectly via the user’s computer, without having to reveal their IP addresses.
GNUnet relies on uniform resource identifiers (URIs). GNUnet’s URIs are comprised of two main parts: the module and its matching module specific identifier. GNUnet’s main code is written in C, yet the project’s developers are working on creating an API for programming extensions in Java via “GNUnet-Java”.
GNUnet is comprised of multiple subsystems, the most important of which are the Transport subsystem and the Core subsystem. The Transport subsystem offers link-layer communications. The Core subsystem offers encryption and peer discovery. Various applications can be developed on top of the Core subsystem.
GNUnet features different P2P applications in the framework’s main distribution including chat, file sharing, and VPN. On the other hand, a number of external projects, e.g. Secureshare, are working on extending the infrastructure of GNUnet.
GNUnet has recently gained much attention in hackers’ communities, following the PRISM revelations.
GNUnet’s trust system:
GNUnet’s trust system relies on an excess based economic framework. The idea of implementing an economic system was inspired by the MojoNation network.
There are no trusted entities whatsoever on GNUnet’s network; thus, global reputation cannot be maintained, as every peer builds their own trust level for each of their local links. Whenever resources, including bandwidth and processing power, are in excess, a peer can offer them to neighbors in need without compromising trust or charging them for using the resources. When a node is subjected to stress, it drops requests received from neighboring nodes with low trust scores. Nevertheless, when a peer possesses less resources than the sufficient amount needed to meet all requests, it ignores requests received from neighbors with low trust levels and charges other neighbors via reduction of their trust levels.
GNUnet’s name system:
GNUnet features implementation of the innovative GNU Name System (GNS), which is a distributed censorship resistant alternative to the DNS. Within the GNS, each peer controls their very own master zone, which is mapped with the DNS name system under the top level domain of GNU. Peers can entrust subdomains to master zones controlled by other peers. Lookup of records, which are defined by other peers, are performed via means of GNUnet’s DHT.
GNUnet is capable of tunneling IP traffic over the P2P network. Whenever needed, GNUnet can undergo IPv4-IPv6 protocol translation throughout the process. GNUnet boasts a DNS level gateway which can proxy DNS connection requests and map addresses to the chosen address family whenever needed. Moreover, GNUnet’s translation system can be used in combination with GNS in order to access Tor hidden services.
GNUnet’s file sharing system:
The main application of GNUnet’s framework is an anonymous file sharing system that is highly resistant to censorship. The system enables users to publish or download data in a fully anonymous manner. Anonymity is possible via the GNUnet anonymity protocol (GAP). GNU libextractor is used for automatic annotation of shared files and data with metadata.
Files shared via GNUnet are coded with ECRS (An Encoding for Censorship Resistant Sharing). All shared content is represented in the form of GBlocks. Each GBlock is composed of 1,024 bytes of data. There are multiple forms of GBlocks, and each form serves a special purpose. DBlocks are used to store the actual content of shared files. Files are divided into 1,024 byte segments and the resulting parts are stored in the form of DBlocks. A Merkle tree is used to link together DBlocks via means of IBlocks which are used to record the identifiers of DBlocks. Blocks are then encrypted via the GBlock’s symmetric key and stored onto the network.
Users can select an anonymity level for each search, publish, and download operation over the GNUnet file sharing system. A zero anonymity level can be used to share files non-anonymously.
GNUnet’s social API:
Gabor X toth was first introduced in a thesis published in 2013 to offer the infrastructure of a GNUnet based social messaging client that features extensibility, scalability, and end-to-end encryption of all communications. Scalability is possible via multicast delivery of messages, while the extensibility feature is achieved via means of Protocol for Synchronous Conferencing (PSYC), which is based on an extensible Remote Procedure Call (RPC) syntax that can evolve automatically over time without having to install an upgraded software version on all of the network’s nodes.
The PSYC layer offers another key feature which consists of multicast channels that can be used to record important data, such as user profiles. End-to-end encryption of communications is possible via GNUnet’s mesh service, on which the network’s multicast channels are implemented. The system’s pseudonymous users and social destinations are identified by public key based cryptographic identities, which are associated with human memorable identities via the GNS, where every pseudonym is associated with a zone that links it to its places.
This represents the needed building block in order to transform GNUnet’s basic framework into a fully P2P social network.
Final thoughts:
GNUnet is a promising P2P anonymous communication network protocol. Even though the project is still in its infancy, it has massive potential to evolve as an alternative to Tor, Freenet, and I2P anonymous networking protocols.
POSTED BY: TAMER SAMEEH
Comments
Post a Comment
thank you for comment on our blog