Turtle
P2P infrastructure for safe sharing of sensitive data
Introduction
Turtle aims at the creation of a peer-to-peer (P2P) infrastructure for safe sharing of sensitive data. The truly revolutionary aspect of Turtle rests in its novel way of dealing with trust issues. Where other P2P architectures attempt to build trust relationships on top of a trust-agnostic P2P overlay, Turtle builds its overlay on top of pre-existent trust relationships among its users. This allows both data sender and receiver anonymity. At the same time, it protects each intermediate relay in the data query path. Furthermore, its trust model should allow Turtle to withstand most of the denial of service attacks that plague other peer-to-peer data sharing networks.
A high-level description of the Turtle protocol can be found in a paper (PDF) presented at the Cambridge Security Protocols Workshop in 2004. Each user acts as node in the overlay by running a copy of the Turtle client software on his computer. In contrast to other P2P systems, Turtle does not allow anytwo arbitrary nodes to connect and exchange information. Instead, each user will only connect her node to a limited number of other nodes, which are run by people she trusts (her friends). Before establishing a connection, there is an authentication phase, in order to prevent masquerading. The data is exchanged among friend nodes over secure encrypted links in order to guarantee confidentiality.
When a Turtle user looks for an item in the network, the query is initially sent only to her friends' Turtle nodes. The friends forward the query to their friends, and so on, up to a given query depth. Query results follow the reverse path, travelling across friendship connections back to the query originator. This way data is only exchanged between people that trust each other. As the data is always encrypted, the adversary has no way to determine who is requesting or providing information, and what that information is about.
Social science research (like the famous "six degrees of separation" experiment) and existing internet systems (like the PGP public key infrastructure and the Orkut online community) have shown that the social graphs are extremely scalable. These graphs, on which also Turtle relies, have the ability to connect very large communities through a small number of hops (usually less than 6).
Finally, one important property resulting from the way the Turtle overlay is constructed is confined damage; a security break in one Turtle node only affects a small subset of the system: only the node itself and its friends.
The goal of this NLnet project is to develop the Turtle P2P client software, and to offer it to the general public under the GPL public license.