Freenet Project

Practical overlay network for

security, anonymity and freedom
of speech

by Ilya Margolin,
AI Seminar, HAW Hamburg, 2010
Overview
● What is Freenet? ● Network stability in P2P
● Why Freenet? ● Location
● Goals ● Routing
● What is Freenet, really? ● Opennet mode
● Freenet as DHT ● Darknet mode
● CHK - Content Hash Key ● Data availability
● SSK - Signed Subspace Key ● Summary
● KSK - Keyword Signed Key ● Thank you!
What is Freenet?
Freenet is a distributed data storage in an overlay network of
darknet nodes aiming to provide security and freedom of press for
the publisher as well as the consumer of information.
Freenet is...
● open source P2P program
● a platform for secure anonymous communication
● an overlay network
● a distributed hash table
● a network of caching proxies
● "best effort" storage and retrieval
● a darknet (?!)
03.11.10 3
 Why Freenet?
● Universal Declaration of Human Rights, Article 19:
Everyone has the right to freedom of opinion and expression; this
right includes freedom to hold opinions without interference and to
seek, receive and impart information and ideas through any media
and regardless of frontiers.
● Democracy can only be established by informed people
● Censorship cannot be controlled by democratic means
● Anonymous publishing is efficient against censorship
● Internet is meant to be free
I worry that ten or fifteen or twenty years from now, [my daugther]
will come to me and say, "Daddy, where were you when they took
freedom of the press away from the Internet?"
-- Mike Godwin, Electronic Frontier Foundation [1]
Image: Wikipedia, Reporters Without Borders 2009 Press Freedom Rankings, in Public Domain

03.11.10 4
Goals
● Private communication
● Censorship resistance
● DoS resistance
● Network stability
● Plausible deniability
● Performance is least concern

03.11.10 5
What is Freenet, really?
● The node - Java program, implements DHT
● The network, routing requests and inserts
● FProxy, local web interface to the node
● Plugins and applications connect to node
● Content: freesites, flogs, forum posts etc.
● Bugs :)

03.11.10 6
03.11.10 7
Freenet as DHT

● Documents are retrieved from Freenet by their known

keys
● Documents are stored encrypted (256-bit Rijndael)
● The (Freenet) key consists of DHT key, decryption key
and some metadata
● Encryption keys only in client layer
● Permanent datastore and cache
● Datastore drops least recent used records when full

03.11.10 8
CHK - Content Hash Key
● basic type of key
● looks like:
CHK@Ko3vs4QBd1JCxUudvIjjGxQY87LoaUHYZBnoBnKCPW0,7B3W6bAs
RFkLnwFYuIJZ52uAjXQA8TEc-CzrPCrVNaQ,AAIA--8
● All non-human-readable parts are (modified) BASE64 encoded
●
Ko3...PW0 is the hash of the encrypted document
●
7B3...NaQ is the decryption key
●
AAIA--8 are encryption/compression/other options
● generated from content, so not updatable

03.11.10 9
SSK - Signed Subspace Key
● Based on asymmetric cryptography
● Provides an updatable namespace, controlled by the
private key owner
● Looks like:
SSK@2X9k65z84Hz1TE4Wz8H60sySUpp~AR~zGfA4R-
R8~nM,3KfZIhZaATR1pZS74GcNPiJQ1v3St-
MlUexdHNqu87g,AQACAAE/xfilesepguide/
● 2X9k...8~nM is SHA256 hash of public key
● 3KfZ...u87g is symmetric descyption key
● xfilesepguide is document name relative to subspace

03.11.10 10
KSK - Keyword Signed Key
● Looks like: [email protected]
● Not secure against spamming or name
hijacking
● Can redirect to other key
● There is (local) collision detection

03.11.10 11
Network stability in P2P

1. Central server, knowing all peers or managing

searches
eMule, Napster, Soulseek, to some extent BitTorrent
No server → no network
2. Seednodes, peer exchange
BitTorrent DHT tracker, Freenet in Opennet mode
No seednodes → no new users
3. Darknet (friend to friend) network, connections only to
trusted friends
W.A.S.T.E., Freenet in darknet mode
No friends → no network :(
Not harvestable :)
03.11.10 12
Location
● Location is randomly
assigned to the node
upon install
● Location is a float from 0
to 1
● Keys also translate to
locations
● Documents should be
stored on nodes close to
their key
● But it is not easy to
achieve
03.11.10 13
Routing
● Hill climbing with
backtracking
● Hops-To-Live=18
● Works quite good
● Measures against
revealing request
originators' identity

03.11.10 14
Opennet mode
● Node location is fixed
● Optimal number of connections dependent on
donated bandwidth
● Connections are as stable as possible, IP
change will still get you connected to the same
nodes
● Node attempts to form connections to other
nodes appropriate to its location
● Many short links, a few long links

03.11.10 15
Darknet mode
● Connections only to
trusted nodes
● Fixed network
topology
● Location swapping:
attempt to select
location matching the
topology

03.11.10 16
Data availability
● Documents are split and padded, so all DHT
entries are same size (for CHK keys — 32k)
● Documents are cached all the way back to
request originator
● Forward error correction using Vandermonde
matrices in galois field GF(2p)
● Linear operation
● Given m>k, encoding produces m pieces, of which
only k are needed to decode.
● In case of Freenet, m/k = 2, 100% redundancy
03.11.10 17
Summary
● Freenet Project is politically important, actively
developed, complex and fun
● You should try it!

03.11.10 18
Thank you!

Questions?
«I do not agree with what you have to say, but I'll
defend to the death your right to say it.»
-- Voltaire
«I worry that ten or fifteen or twenty years from now,
[my daugther] will come to me and say, "Daddy, where
were you when they took freedom of the press away
from the Internet?"»
-- Mike Godwin, Electronic Frontier Foundation¹

03.11.10 19
Sources
1. Universal Declaration of Human Rights
2. «Cyber rights: defending free speech in the digital age» by
Mike Godwin, p. 76
3. «Private Communication Through a Network of Trusted
Connections: The Dark Freenet» by Ian Clarke, Oskar
Sandberg, Matthew Toseland, Vilhelm Verendel
4. «Routing in the Dark: Pitch Black» by Nathan S. Evans, Chris
GauthierDickey, Christian Grothoff
5. Freenet Project Website: http://freenetproject.org
6. Freenet wiki: http://wiki.freenetproject.org
7. IRC channel #freenet on irc.freenode.net

03.11.10 20