83 lines
7.8 KiB
Markdown
83 lines
7.8 KiB
Markdown
|
*** Note: this talk was held in Berlin, December 2005, at the very beginning of the implementation of Darknet. It describes the algorithm behind the small-network approach which is used in the Friend-To-Friend part of the network. Currently Freenet is divided in Opennet and Darknet, the former in which one connects to peers chosen by the network, the latter in which a peer is allowed to connect only to the peers that are considered as trusted. Trust is usually established by exchanging cryptographical information between two nodes on a secure channel, whithout involving a TTP since centralization is unwanted.**
|
||
|
|
||
|
[more info](https://freenetproject.org/pages/documentation.html#understand)
|
||
|
|
||
|
# Freenet P2P network, Darknet implementation
|
||
|
|
||
|
Light P2P network: freenet, gnutella, DHT. Ability to communicate with anybody.
|
||
|
|
||
|
Dark P2P network: Waste. Only trusted connection are allowed to communicate with each other (*friend to friend network*)
|
||
|
|
||
|
## The small world phenomenon
|
||
|
|
||
|
How does a p2p network (freenet, dht) find information in a scalable, decentralized way? The small world phenomenon. Similar to the *six degree of separations* between humans, because human acquaintances form a **small world network**. Basically, information is shared (or sent, requested) only through **acquaintances**, trusted relationships.
|
||
|
|
||
|
This is a **routing algorithm in every way**: in fact, it is extremely robust since it resists to malicious attempt to *break* the routing (i.e. sending information to someone that is not known / trusted). If this happens, the routing algorithm simply **restarts**.
|
||
|
|
||
|
Problem: even though short paths exists, that does not mean that it is easy / immediate to **find** them. In the case of people, any person wanting to route a letter uses the additional information about its acquaintances to send the letter to the proper peer. In a network, this can be translated to a concept of **similarity** between the nodes / peers (**closeness**).
|
||
|
|
||
|
Similar peers are **more likely to be connected to each other**. The routing algorithm translates to:
|
||
|
|
||
|
* **Which peer do I know that is closer **(more similar)** to the peer I'm trying to reach?** [**Greedy routing**]
|
||
|
|
||
|
## The Dark Network
|
||
|
|
||
|
A dark network such as freenet's **DarkNet** *(note that freenet is divided between Opennet and Darknet)* requires a routiing algorithm similar to the small world network one described above.
|
||
|
To do that, there must be a way of accessing information on the network. In the old freenet, every address is accessible to anybody. Just like for the Internet, there must be a routing way. In the Internet, there's the hyerarchical system of IP addresses, planned, assinged properly, but in freenet every address and information is not organized but chaotically distributed, not existing an entity that manages the assignment of addresses (that would mean centralization).
|
||
|
The ability to send a message on a network from two arbitrarely distant nodes is essential.
|
||
|
|
||
|
Jon Kleinberg in 2000 explained how small world networks can be navigable. He explained that, in order for the small world phenomenon to occour, there must be an essential property:
|
||
|
|
||
|
* **The effectiveness of routing in small world network depends on the proportion of connections that have different length with respect to the position of the nodes.** In small worlds, this means that there are connections of different lengths that can be seen as nodes **closer or further**. We could take long steps, but usually short steps are preferred, since **once we get close to somebody, there's a higher chance of them knowing the person that they are near.** Kleinberg stated that, for this to be working properly:
|
||
|
|
||
|
* **The proportions of connections with a certain length should be inverse to its length.**. In this case, a simple *greedy* routing algorithm performs in O((log(n))^2) steps.
|
||
|
|
||
|
This means: few long connections, and many short ones, and the longer the connection the less likely to occour.
|
||
|
|
||
|
## Application of greedy routing
|
||
|
|
||
|
How to respond to the question: **which node is closer to the one I need to send the message to?**
|
||
|
This question cannot usually be answered algorithmically, and in real life people usually process a lot of information to decide the optimal solution. With nodes in a network, especially if the anonimity of the users must be preserved, one cannot decide which node is best on the base of the position and the *acquaintances* of any node.
|
||
|
Instead, the network is used to decide, based on the Kleinberg's model.
|
||
|
|
||
|
* Each node is assigned a **numerical identity** and is then placed in a grid, by respecting the principle of Kleinberg that states that there should be as fewer long connections as possible. This is a form of **reverse engineering** of the nodes' positions based on the connections in the network.
|
||
|
|
||
|
This must happen in a distributed, decentralized way (otherwise someone would obtain info on all the nodes, and that is unwanted). The algorithm is explained below.
|
||
|
|
||
|
### The algorithm (method)
|
||
|
|
||
|
1. A new node joins the network and chooses a position randomly.
|
||
|
2. Then it switches position with other nodes, so as to minimize the **product of the edge distances**. Note that this product represtent the **closeness** of the peers in the social space, which is embedded in their numerical identity.
|
||
|
|
||
|
In the network that is generated this way, the greedy routing algorithm works very well, allowing a peer to connect to any other in a (relatively small), finite number of steps. This unfortunately does not confirm anything regarding the **position** of the nodes with respect to each other. In fact, the nodes know who is connected to who, but there's no information regarding the closeness of a node to each other.
|
||
|
|
||
|
*(see graphical demonstration)*
|
||
|
|
||
|
The graphical demonstration shows that a greedy routing algorithm works **if and only if the nodes which are closer are likely (mean: have more probability) to know each other.** To achieve this result, the process of rearranging the nodes is compulsory.
|
||
|
|
||
|
The algorithm for node rearrangement is **fully decentralized** and implemented inside freenet. The algorithm takes a network of randomly connected nodes and gives as a result the small-world network in which the length between the nodes is inversely proportional to the number of nodes of that lenght. (that is, there are more short paths than long paths).
|
||
|
|
||
|
*(simulazione)*
|
||
|
|
||
|
## Practical concern
|
||
|
|
||
|
The algorithm described is implemented in freenet and the difficulties of getting the theory to work practically is a great deal of trouble. Problems are:
|
||
|
|
||
|
* Prevent malicious behavior (peers trying to abuse / destroy the network)
|
||
|
* Ensuring ease of use (especially since freenet works best if there are more people using it).
|
||
|
* Storing data (which is actually done on the user's hard drive).
|
||
|
|
||
|
### Prevent malicious behavior
|
||
|
|
||
|
If one could choose his identity, he could influence which data is sent / received from his node. This poses the treat of **centralization** of some nodes regarding some pieces of information. Defense against this kind of attack is not 100% ensured *(CHECK)*
|
||
|
|
||
|
Other treats are manipulation of other peers' nodes and of the routing algorithm itself. *(CHECK)*
|
||
|
|
||
|
### Ensure ease of use
|
||
|
|
||
|
* One of the best ways is to leave the program running in background, to mantain a connection. This is not always feasible *(CHECK)*.
|
||
|
* Peer introduction is one of the most difficult aspects: exchanging cryptographic information between nodes to ensure trust is a complicate and delicate process. To ease this aspect, a copy-paste approach can be used, or email messages, or whatever communication channel one sees as secure. The easier way would be a TTP, but again **centralization is unwanted**. *(CHECK)*
|
||
|
* NAT/Firewalls are complex enemies of P2P networks, but that could be circumvented (expecially with UDP hole-punching (same as for Skype, Dijjer). Note that this technique requires a third party, but that could be represented by **any node in the network that's not behind firewalls or NAT.**
|
||
|
|
||
|
|