News

Collective approach to internet attacks big success in the Netherlands 2014/06/30

Erik Huizer inaugurated in Internet Hall of Fame 2014/04/08

Awards February 2014 2014/04/01

Marc Gauw appointed new General Director of NLnet 2014/01/09

 

GNUnet

[GNUnet -- concluded on 2009/12/31]

GNUnet is GNU's framework for secure peer-to-peer networking. The framework is designed to support a range of applications. The primary application at this point is anonymous and censorship-resistant file-sharing.

The main thrust of the proposed research is the design, implementation, deployment and evaluation of a secure, fully decentralized P2P routing protocol. Centralization increases operational costs, creating prominent targets for attacks and single points of failure as well as raising privacy concerns. The resulting network must be open, allowing new peers to join at any time. Adversaries are assumed to participate in the network, and the protocols must gracefully degrade in the presence of adversaries. Graceful degradation means that adversaries may only reduce the eciency of network operations, and that this reduction in eciency should be at most proportional to the resources available to the adversary.

Our quest for practical protocols also implies that the design must handle real-world constraints. In particular, we want to handle connectivity issues that arise on the Internet (for example, due to firewalls). We use the term restricted-route networks to describe networks with restrictions limiting direct communications between participants. The proposed protocol also addresses the possibility of peers leaving the overlay network abruptly, joining and leaving the network frequently, and the fact that the amount of resources available to peers can differ by a few orders of magnitude.

Our goal is to come up with adaptive protocols which adjust resource allocation based on automatically obtained network performance metrics that characterize the behavior of faulty or malicious nodes. Specifically, if an alternative path without faulty nodes exists, it must be possible for the routing algorithm to eventually discover it. The routing protocol must also be able to address disproportional consumption of resources. In particular, an adversary should not be able to issue a request that consumes more than a small constant factor of resources above the amount consumed by the normal operation of benign nodes. As a result, the proposed new protocol is able to prevent peers from launching asymmetric attacks, which leverage weaknesses in the system and magnify the damage caused.

NLnet's contribution is used to pay a graduate student's salary for a full year (the university will waive tuition) to work on the implementation and evaluation of an improved routing algorithm for GNUnet. The routing algorithm will be implemented as a GNUnet service which means that many (existing and future) applications using the GNUnet framework will be able to take advantage of it. The specific proposed work is about a new routing algorithm that will support scalable and secure routing in a restricted-route topology.

Calls

Send in your ideas. Next deadline Sept 1st, 2014.

   
Last update: 2008/11/09