|
| |
GNUnet-Netzwerk
www.gnu.org/software/GNUnet,
www.gnu.org/software/GNUnet/gnunet.de.html;
gecko.cs.purdue.edu/gnunet [nicht erreichbar am 03-Jun-2002].
Infrastruktur :
Netzwerke : Virtuell
: GNUnet Network : Übersicht
25-Feb-2001/14-Jan-07
Übersicht
Aus der Selbstdarstellung:
"GNUnet ist ein anonymes, dezentralisiertes Netzwerk, das
Benutzern eine Reputation zuordnet, um sich gegen schwarze Schafe zu
schützen. Im Moment ist als einziger Dienst der unzensierte
Austausch von Dateien (file-sharing) implementiert.
Unser Ziel ist der Aufbau einer Infrastruktur für sicheres
Netzwerkeln. Jeder Datenaustausch in GNUnet ist authentifiziert und
verschlüsselt. Die Zuordnung von Reputationsinformationen zu
Rechnern erschwert Angriffe auf das Netzwerk, da Mißbrauch entdeckt
und mit verschlechtertem Zugriff bestraft wird. GNUnet ist komplett
dezentralisiert und kann von niemandem kontrolliert werden (und es
gibt auch keine automatischen Updates).
Während unsere Ziele ähnlich zu Projekten wie Freenet, Gnutella oder
MojoNation sind, hoffen wir, für Benutzer bei denen Sicherheit vor
Effizienz kommt, eine überlegene Kombination von Eigenschaften
zusammenzustellen".
Hintergrund
Das GNUnet- (GNet)-Projekt wurde von Studenten der Purdue-Universität
initiiert; es ging aus dem Kryptografie-Projekt CS555 hervor.
Konzepte
Das GNUnet-Kozept hebt einige konzeptionelle Merkmale besonders
hervor:
Anonymität (Anonymity)
GNUNet verspricht eine anonyme Kommunikation, deren Teilnehmer nicht
von Dritten identifiziert oder eine Verbindung zwischen Sender und
Empfänger hergestellt werden kann, da diese über verschiedene
Zwischenstationen führen kann. Zudem versprechen die Entwickler eine
geheime Kommunikation, d.h. nur der Empfänger kennt den empfangenen
Inhalt, Zwischenstationen oder Sender hingegen nicht. Sie soll vor allem
die Risiken für Anbieter von Inhalten verringern. Diese Sicherheit soll
auch dann gewährleistet bleiben, wenn einige oder alle an der
Kommunikation teilnehmenden Systeme bösartig sind und beispielsweise die
Verbindungen aufzeichnen.
"Anonymous communication is commonly perceived as communication for
which it is impossible for third parties to identify the participants
involved. For us, anonymous communication is supposed to guarantee that
a data transfer cannot be connected with the real sender or receiver but
only with the immediate hosts participating (which might just be
intermediaries).
Furthermore, GNUnet provides deniability. For us, deniability means that
the communication should be secret in the sense that only the receiver
knows the content of the message. The sender and the intermediaries
should not be able to determine the actual content. Also, the original
submitter of the content should be able to plausibly deny that the
content originated from him or her, even if all nodes (except for the
node of the submitter who can obviously always tell) that the content
was going through were malicious and kept records of all their
transactions".
Quelle:
www.ovmj.org/GNUnet/documentation.php3#concepts; Zugriff:
03-Jun-2002.
Reputations-Metrik
GNUNet basiert auf einem sozio-ökonomischen Modell. Jeder Netzknoten
bildet sich dabei eine "Meinung" über alle anderen Knoten, mit denen er
Kontakt hat. Auf Basis dieser Einschätzung entscheiden die Knoten dann,
welche Anfragen sie (bevorzugt) bearbeiten, sofern die Kapazitäten knapp
werden.
Accounting
Im Gegensatz zu anderen anonymen Systemen bietet das GNUnet eine Form
des Accounting, durch das die Betreiber von Netzknoten belohnt werden,
insbesondere durch eine priorisierte Anbindung. Teilnehmer können sich
zwar auf das Konsumieren (Freeloading) beschränken, müssen sich
dann jedoch u.U. mit einer begrenzten Bandbreite begnügen.
"GNUnet is based on a social economic model. Each node is forming an
opinion on all the other nodes it is in contact with. Depending on that
opinion, the node will decide which requests it will perform.
As long as a node is not busy, it will serve all requests. If it gets
busy, it will drop requests from nodes that the local node dislikes. The
node gives credit for nodes that send replies to queries and takes
credit for nodes asking for content.
The model is designed in a way that the damage that a malicious node
can do is bounded by the formula
damge - contribution < capacity + epsilon
where contribution is the amount of resources the node has given to
GNUnet, capacity is the network capacity of the malicious node (it is
impossible to keep a node from causing as much traffic as its own
connection can support; yet, unlike other networks, that traffic is not
multiplied by other nodes). Epsilon is a number smaller than the excess
capacity of the network, whereas the excess capacity of the network are
wasted resources (idle CPUs, idle network connections)".
Quelle:
www.ovmj.org/GNUnet/documentation.php3#concepts; Zugriff:
03-Jun-2002.
Authentifizierung (Authentication)
"As GNUnet requires accounting (see next section), we need to
authenticate all communications. This is achieved using an RSA-based
exchange of a secret session-key. That session-key is then used to
encrypt the communication between the two hosts using blowfish. As only
the two participating hosts know the session-key, this authenticates
each packet without requireing signatures. Furthermore, encrypted
traffic makes any kind of traffic analysis much harder.
In GNUnet, the identity of a host is the hash of its public key. For
that reason, man-in-the-middle attacks will not break the authentication
or accounting goals. Essentially, for GNUnet, the IP of the host does
not matter. As the public key is the only thing that truely matters,
faking an IP, a port or any other property of the underlying transport
protocol is irrelevant.
GNUnet uses a special type of packet to bind public keys to their
current address. Currently, an address is always an IP and a UDP port.
In the future, other transport mechanisms (TCP, SMTP, etc.) could be
used."
Quelle:
www.ovmj.org/GNUnet/documentation.php3#concepts; Zugriff:
03-Jun-2002.
Confidentiality
"Adversaries outside of GNUnet are not supposed to know what kind of
action node is performing, and even participating nodes can never tell
what the action is about (which data is transferred or what the query is
for) nor who initiated the action. This helps GNUnet to be hard even for
attacks that use traffic analysis and malicious nodes in combination. Of
course, that a node is performing a request will still be reveiled if
all other nodes in the network collaborate aganist it. In this
situation, the only resort the node has is that the other nodes may not
be able to determine the contents of the action. As far as we know, this
is only possible if the adversary can guess the contents or break
cryptographic primitives".
Quelle:
www.ovmj.org/GNUnet/documentation.php3#concepts; Zugriff:
03-Jun-2002.
Deniability
"Even if the user that downloads data and the server that provides
data are annonymous, the intermediaries may still be a target. In
particular, if the intermediaries could find out which queries or which
content they are processing a strong adversary could try to force them
to censor certain materials. In GNUnet, this problem does not arise
because queries and content are transmitted in an encrypted form, such
that intermediaries can not tell what the query is for or what the
content is about. Mind that this is not the same encryption as the
link-encryption between the nodes. In GNUnet, the traffic between the
nodes is encrypted on each link to provide authentication and
confidentiality (see below). But also the queries and the content that
the nodes transport over these links are encrypted. GNUnet has
encryption on the network layer (link encryption, confidentiality,
authentication) and again on the application layer (provided by
gnunet-insert, gnunet-download, gnunet-search and gnunet-gtk)".
Quelle:
www.ovmj.org/GNUnet/documentation.php3#concepts; Zugriff:
03-Jun-2002.
Architektur (System Design)
GNUnet has a layered design. While some layers may still be a bit
clobbered, we're always striving to improve this. The basic goal for the
layering is this:
| Layer |
Example |
source in |
| User Interface |
gnunet-gtk |
gtkui/, textui/ |
| Application Logic |
libgnunetfilesharing |
textui/, common/ |
| Routing |
gnunetd |
server/, common/ |
| Transport |
UDP |
server/, OS |
The util/ directory contains utility methods that could even
be useful without GNUnet (io, cron, semahpores, etc.). util/ is
thus used throughout the system.
In GNUnet, the server gnunetd is responsible for accounting,
routing and link-encryption. Currently it it also knows the encryption
scheme used by the application layer (for on-demand encryption), but it
would probably be better if that code (and the lookup code) were added
as a module such that the core code does not have to be concerned with
these details. The networking layer has, like the internet protocol
(IP), best-effort semantics. There is no guarantee that a query is
delivered.
The applications are responsible for adding reliability (through
retransmission) to the networking layer. The application is also
responsible for avoiding congestion (see TCP). The application talks to
gnunetd via a very simple protocol (that will probably be
extended in the future). gnunetd trusts the TCP connection to
the applications. Typically, this is ok as the connection is estabished
via loopback and not over the network. As gnunetd does not
attempt any authentication on the TCP port, firewalling that port is
advised. We may add a list of hosts that are allowed to connect to that
port later.
Quelle:
www.ovmj.org/GNUnet/documentation.php3#design; Zugriff: 03-Jun-2002.
Vergleich mit anderen P2P-Netzwerken
"While our goals are similar to projects like Freenet, Gnutella,
MojoNation and others, we hope to provide a superior combination of
features for users that value security more than efficiency".
"As opposed to Napster and Gnutella, GNUnet was designed with
security in mind as the highest priority. We intend on producing a
network with extremely high security guarantees. Napster and Gnutella
are open to a wide variety of attacks, and users are exposed entirely.
GNUnet is also open source, so you do not have to worry about being
spied upon by the software".
The following table summarizes the main differences between GNUnet
and other systems:
| Network |
GNUnet |
Napster |
Gnutella |
Freenet |
| Distributed Queries |
+ |
- |
+ |
+ |
| Accounting |
+ |
- |
- |
- |
| Anonymity |
+ |
- |
- |
+ |
| Transport Protocol |
UDP |
TCP |
TCP |
TCP |
| Query Format (UI) |
keywords |
keywords |
filename |
secret key |
| Routing |
dynamic (indirect, direct) |
always direct |
queries indirect, content direct |
always indirect |
Quelle: "What is the difference between Napster, Gnutella, and
GNUnet?"
www.ovmj.org/GNUnet/faq.php3 (Zugriff: 03-Jun-2002) und gecko.cs.purdue.edu/gnunet/faq.php3.
Weiterführende Informationen
Siehe auch
Netmarks
Golem.de: "GNUNet: Filesharing der nächsten Generation?
Anonymes Filesharing mit GNUNet" (Software), 02.04.2002, 09:53,
www.golem.de/0204/19103.html.
Slashdot: What about Gnunet?,
slashdot.org/comments.pl?sid=29741&cid=3192036.
Anmerkungen
| |
|
