 This is basically a talk that's also part appeal. PuzzleNet is basically a new creation of mine. I saw a lot of things in the news and read a lot of stuff. I was on the free net mailing list for a while. I got off that a while ago because I didn't really have time to read it all. And it was difficult to follow. The guy that was up here last was talking about free net, and he basically described that there's a lot of difficult problems involved in the way the free net system works on how to do searches and stuff. So I observed all this stuff and basically decided that I liked certain features of Napster, Nutella, FreeNet, some of the other ones like Publius, which is fairly recent. And I basically decided that there had to be a better way. And PuzzleNet is kind of my attempt. So far I haven't had a whole lot of feedback on the PuzzleNet concept. It's fairly new. I'm kind of outing it here. You guys are supposed to be the best programmers in the world, right? So I'd basically like people to look into PuzzleNet, read about it, sign up for the mailing list, give me some feedback, tell me what you think stinks about it, whether or not you think it'll ever work, and maybe even contribute some code to the effort. So far it's basically still in the design stage. FreeNet has a major advantage in that FreeNet is over a year old. Ian Clark wrote his paper sometime last year, I think it was. And the people that have been working on it, FreeNet Project have been working on it for months and months. So they have a major advantage as far as how far they've gotten along. But because of the difficulty of the protocol and the difficulty of the concept, they still aren't to a stage yet where you can really use it and do anything really useful with it. So this is PuzzleNet. Let me see a show of hands. I'm going to do my demographic here like the last guy. How many of you have an internet connection at home? Okay, I think I saw one guy back there. Everybody said hello to Mr. Mitnick. Now let's see another show of hands for people that have AOL at home. Okay, that's encouraging that I saw very few hands because basically the idea for PuzzleNet was spawned by the fact that I have a cable modem at home. I have a permanent internet connection. I'm sure a lot of you are the same. A dial-up connection just doesn't do it for you. So I kind of planned it around people that have a constant connection, that have a decent upload bandwidth like maybe 30 kilobytes a second, that have a good download bandwidth. People that can download stuff really fast and don't really like to wait for things to download. So let me just move on here. Of course we're sponsored by Microsoft. This is a little different than I'm used to. This was my last presentation that I did. This was at Linux Fest in Kansas City if you heard about that. So I'm a little bit more nervous up here than I was there. This was the main floor of Linux Fest at the busiest time of the day. So anyway, an introduction to PuzzleNet. Well, I've already kind of described a little bit of what it is. It's basically very similar to a lot of other things like FreeNet and Genutella where it's basically intended to be an anonymous way to share information, a way to stand up for free speech. It's a noble cause. But it's also a way for people to distribute large binary images. The classic examples are ISO images for CDs, MP3s, movie files, anything that's really big. If I want to put files on my web server at home and somebody wants to download them, that's great. But they only get the file at, like, 30k a second. And if there's two people downloading, they get it at, like, 15k a second. So, you know, that's what PuzzleNet is. But what it's good for hopefully, if it works right, is to allow people to share really large files and people who are getting those files to get them fairly quickly. If you're downloading an ISO image of, say, Rock Linux, which I'd like to promote, that ISO image is probably, you know, 500 meg. And you don't want to wait while you're downloading that to come through a 28.8 modem that's, like, a couple hops over on FreeNet. You don't want to wait for that to come down from a site that only has an upload capability of 30k a second. It would be really nice if you could download that file at a meg a second. And it took, you know, approximately an hour and a half to download. An hour and a half is a long time, but it's a heck of a lot less time than six days. So hopefully that's what PuzzleNet will be good for. That's basically one of the design goals. I actually had some notes that I meant to bring out, so I might do that now. In the process of designing PuzzleNet, it's, you know, one of the design goals that I mentioned was anonymity. And when you're sharing information of a political nature, maybe of a copyrighted nature, you don't really want people to know who you are putting this stuff out there. You don't really want people to know who you are downloading this stuff. So one of the ways that you can try to obtain that goal is by using cryptography and cryptographic methods. I don't know how many of you are into cryptography familiar with it. The Bible for working on cryptographic stuff is Bruce Schneider's book. If you're not familiar with it, wait a minute, wrong book. This is the book. This is the new edition. I don't know if he's planning on a third edition, but maybe sometime he's got a new book coming out that he was promoting yesterday. And I hardly recommend his books. Sometimes they're difficult to read, but most of the time they're really well written and they describe the stuff extremely well, and the information is really useful. So essentially cryptography has a lot of capabilities. It also has a lot of limitations. When you do a Diffie helmet and key exchange, as long as nobody intercepts your key exchange and replaces what you're exchanging with something of their own choosing, then after that key exchange, you can use that key to encrypt the data that you're passing between yourself and the other person. And as long as the encryption is good, which Toofish or Rindall are probably pretty good. If you're using at least 128-bit key, then nobody can tell what you're transferring. On the other hand, if you have that man in the middle who replaces the information that you're exchanging with something of their own choosing, then whatever information you pass between you is not very secure, and you don't necessarily know that. In fact, you probably don't know that. So there's a lot of things to consider. There's a lot of pitfalls with cryptography and just to reinforce some of the things that Bruce says in his talks. Cryptography, the math behind cryptography is fine. The weak part is how you use it. So an anonymous network doesn't sound all that difficult, but it is. When you're hiding behind several hops, that's good. When you're using cryptography properly, that's good too. When you use a combination of both, that's probably better. But there are a lot of things to keep in mind. There are a lot of difficulties. So essentially, I'm going through all this design work, figuring out how to get things to work. Things are still a little dynamic. I changed my mind on things. I decided something's not quite as good as it could be. I changed something. So basically, I encourage you, if you're interested, to read through the information on the webpage. I'll get to some webpage links a little later on. I'm looking for feedback on whether you think there's a problem, whether you think this is good, how you think this compares with other things, whether you're interested. Anyway, I'll get on to definition turns so I can start on the next slide. My presentation is a little bit last minute. I was nearly killed by an office mate of mine about a week ago, and so I'm still on the short road or maybe long road to recovery. I haven't had time to work on this stuff as much as I would like. So the presentation is approximately three GIF files and one MP3. But anyway, definition of terms. There aren't really that many terms, so hopefully you can remember them. Basically there's, hopefully I can remember them. Basically there's puzzle pieces. And the reason for the name puzzle that may be obvious as soon as I start explaining it, basically in order to get fast downloads, if you have a limited upload capability as far as bandwidth is concerned, but you have a high bandwidth download capability, and there are other people like you, maybe you can download things, piecemeal from other sites, and maybe get 30K a second from a thousand different sites. Well, that would give you like 30 mega second, but as long as you don't exceed your download bandwidth, if you download from a thousand different places, and you get 1K a second from each of those places, then you're effectively getting 1 mega second. So hopefully that's the way puzzle net can work. Essentially the main term is a puzzle piece, and that's basically a piece of a file. The nominal size of a puzzle piece would be approximately 32K. I basically was looking at the average DSLR cable modem user has an upload capability of about 32K a second. So if you're downloading from somebody, and you're downloading a 32K chunk, depending on what their usage is, you might get it in half a second, or 10 seconds a minute. It shouldn't really matter too much if you're downloading from enough different people, enough different sites, then even a 1K a second download can still contribute to a very high bandwidth download. And it doesn't really tax any one site, and it doesn't tax the network too much because the concept is to go more directly for the downloads than, say, free net, which when you request data through free net, you're basically going through the net, and the data comes back to you. That means the data traverses the net. With PuzzleNet, I wanted to make the downloads more direct. In order to keep them anonymous, I end up using proxies for the transfers. The encryption ensures that the proxy has no idea what's being transferred, but the data itself doesn't go through the network, and so the network traffic is reserved for passing packets around, for searching, for inserting data, mainly for searching and the responses to searches, but some of the other administrative stuff on the network. Maybe I can't think of too many other terms at the moment, so maybe when I come upon them later in the talk, I'll remember to define them and then, et cetera. Let's say a typical user like me has a bunch of Grasshopper Takeover MP3 files that he wants to make available to all of you Grasshopper Takeover lovers. I already have a bunch of Grasshopper Takeover MP3s on my website, but if you want to download them, you get them at 30k a second or 15k a second, and if there are a lot of people downloading, you get them even slower. One of the nice things about a network like FreeNet is that the data stays on the network only as long as people are requesting it, and there's a very similar way that PuzzleNet handles data. The data doesn't actually traverse the network, so it doesn't get replicated through the network, but over the course of time, the way it's intended to work, when you download things, you're requesting from somebody, and the person that's supplying that file is going to get a few requests or no requests or dozens of requests over the course of any given day and any given time, if a node that's serving up files gets lots and lots of requests for a certain file, then they can basically disperse copies of that file that they have out among more of the servers to spread the load. So I kind of like that feature of FreeNet, and I decided to try to emulate that with PuzzleNet. Anyway, I need to move on to the slide, I guess. The concept of searching basically is very similar to Nutella. When you send a search request out onto the network, it gets propagated out to all of the server's neighbors and all of their neighbors' neighbors and all of their neighbors' neighbors to a certain extent, then you get responses back. Basically, packets that you send out on the network have an ID and everybody can route responses back based on that ID. So just like in Nutella, when you do a search, your search is actually propagating out to all the nodes within a certain number of hops of you and you're getting responses back and then you can decide how to proceed from there. But because you're searching on so many different nodes when you get six or eight or ten hops out, you're more likely to get lots and lots of hits and you're likely to find all the different puzzle pieces for this file that you need. Then basically you proceed to selecting which files, which hits that you want to download and once you've selected them, the download process can begin. The download process basically is you take all these responses from your searches that you've gotten back and you individually request the different puzzle pieces for that file. All this is essentially encrypted between you and this other node that has the files and some of you may realize that that is a difficult proposition. When you're talking an anonymous network and you're talking many hops out into the network, I'm as a client talking to a server over here that's six hops away. How do I exchange a key with him such that nobody else can tell what data is transferring between the two? That is a major problem with any network. If you don't know who you're talking to, then how do you know that they're who you're talking to? Well, it's kind of a paradoxical question because you can't really tell who you're talking to and you don't really know so you don't really care. But because of the way the search responses come back, there's essentially a time delay between two different parts of the search responses and you need both responses in order to decrypt the search result. So if you're looking at your search results that you're getting back and you see some search results coming back after a certain time period, you know they're invalid. If you see search results that come back, they're too close together, you know they're invalid. You can kind of follow that a little bit more precisely on the web pages. I try to describe it a little bit on the web pages and then describe the different packet types they're using and everything. I don't want to get too deep into the details of it here basically because all of this is slightly dynamic and still changing a little bit, but also because I have a flight to catch right after the talk and I kind of want to get through this so that you can maybe ask a few questions. Essentially then you're taking these search responses and you're requesting pieces from the search responses and downloading individual pieces to form this file. Once you get that file, how do you know that you've built the file correctly from all these pieces and how do you know that the file is what you really wanted? The files essentially have a set of metadata attached to each of the pieces and the metadata agrees between the different pieces so that when you download from five different people who have five different pieces, you can verify that the metadata agrees and basically PuzzleNet uses the secure hash algorithm and uses that to verify the data that you've downloaded. If I download the first puzzle piece and see that it has a certain hash value and then I download the second puzzle piece, the second puzzle piece's metadata is actually going to include a secure hash value for other puzzle pieces and I can verify that all those match. If I download puzzle piece one and it has a secure hash value for puzzle piece two that doesn't match the secure hash value that puzzle piece two has, then I know one of the two of those is bad and if I can download puzzle piece one from three different sites, then I can see whether the first site gives me basically a puzzle piece that agrees with the third site, but it's different than the second site and you can use that as kind of a voting scheme to say if two of these three servers are giving me this puzzle piece that correctly validates itself with the other puzzle pieces, then I'm going to go with that and not this other piece that seems to be coming from an obnoxious evil node. So basically the concept of verification is a voting process between the puzzle pieces that you download and the puzzle net itself is intended to have a certain redundancy of puzzle pieces so that you can download puzzle piece one from five different servers if you need to and compare the results. If you download, you know, if the file is only five puzzle pieces and you download all five of them and they all agree with each other, then basically you're done. You just download those five pieces, you stitch them all together, you decrypt the file if it's encrypted, basically the encryption of the file as a whole would be an option for the person injecting it into the puzzle net and you have it. And that kind of gets into the injection and uploading part. Instead of basically serving a file from a server, you have puzzle pieces and just like in FreeNet, when you send data through the network and it gets cached at all the different sites along the way, it's basically dispersed between several different servers and with puzzle net, when you inject something into the network, you're basically sending it out to several, anywhere between one and ten different servers that will have that data redundantly. The overall concept with a puzzle net server is you dedicate say a gigabyte or two gigabytes of space to running this network and you collect your puzzle pieces that other people are injecting into the network. If the nominal size of a puzzle piece is 32K, two gigabytes goes a long way. Do the math. Somebody do the math for me, I don't know what the answer is, I think it's a lot. You can hold lots of different files. Some servers may have only one puzzle piece from a file, some may have five different puzzle pieces from a single file. Some files may be broken out into 2,000 puzzle pieces, some files may be small enough that they're just one small puzzle piece. There's basically a lot of flexibility there. A lot of that is determined when you inject a file into the puzzle net. As the person injecting the file, you're going to decide basically and the client software that you're using to inject it is probably going to help you, but you're going to decide how big the puzzle pieces are going to be. Whether you want the entire file encrypted such that you need to get all the pieces together to decrypt them, you're going to decide basically what metadata you attach to the file. You can attach a description of the file in terse terms, keywords and stuff like that. And then basically you let it go and it goes out to lots of different servers and gets stored and if nobody ever downloads it, then it eventually will disappear. But the metadata is basically what ties into the searching again. If I attach certain metadata to the file, then that is searchable. When I send out a query and I get a response back, as a human user I can actually view the metadata and say now this file isn't what I'm looking for, but this file is. So if you send out a search for Stego or just Steg and you get back a steganography program and a Stegosaurus picture you can say well I want the steganography program and nobody really knows what you downloaded. General protocol ideas I'm not really sure why I put that there, but I'll try to expand on it. The basic idea is to borrow from all the good qualities of services like Nutella and FreeNet and Publius. The encryption of the file as a whole so that you need all the pieces in order to decrypt it if you so choose. A lot of times people upload things that there's really no reason to protect their identity, there's no reason to decrypt it. If it's just an ISO image of a Linux distribution or something like that there's no reason anyone would need to encrypt that. So you have that option and hopefully that will basically help disperse this information that's good for the world. But then after all these good points of these different other protocols I looked at some of the drawbacks. I think FreeNet is actually a really good network and it's really well thought out but I think the difficulties inherent in it are kind of difficult to surpass so even though PuzzleNet is basically an infant stage right now the potential exists for people to start writing code and have a working version before the people writing PuzzleNet or people writing FreeNet actually can get search capabilities or update capabilities into their protocol. And to go back to the injection for a second since this is kind of a general protocol thing the metadata has certain required fields and certain optional fields and the optional fields are basically to help humans doing a search so they can tell is this the file I want or is this the file I want. The required fields are basically for verification purposes and to identify the file for people who know what they're looking for. So you can duplicate the functionality where there is no metadata that makes any sense to a human but there is a key value that's unique to that file and if you know that key value you can get that file. One of the things that is incorporated in the metadata is a version identifier and if you want to update something like you put out a new distribution of your of your ISO image you basically mark it as a new version and you put it out there and depending on what people download if people download the old version because they like the old version and they know that there is a bug in the new version the old version is what sticks around and the new version eventually disappears. On the other hand if the new version is way way better and the old version is getting dated then people download the new version and they keep downloading the new version until the old version kind of disappears on its own and it's not working freely available and you can download it rapidly from anywhere. So that's a little bit of general ideas. This is a reproduction of one of the pages off of the website explaining the different packet types involved in some of these transfers. I'm not going to go into too much detail on these basically just wanted to show that there's like an explanation of each packet type and there's basically an overview of how those packet types are used. A lot of the stuff I haven't filled out yet like over on the left hand side you'll see at the bottom server behavior and client behavior. I haven't really fully specified all of the server's behavior when it receives different packet types or a client's behavior when it's searching and it receives responses back but some of that stuff actually most of that stuff is fairly obvious. For instance the order of the packets in the search somebody sends out an initial query and that has basically some search information like a regular expression in it. When a server receives that basically it's going to distribute it out to all of its neighbors and then it's going to do a search within its database and say yeah this matches three of the files that I have three of the puzzle pieces that I have and then it'll return a query response that includes data from those three files and then a second query response a precise time later that includes the rest of the data and I think I mentioned earlier but basically a query response and a query response to are two separate parts of one piece that's been encrypted so that you need both pieces to decrypt it and that's one way that a client doing a search can tell whether a search coming back is actually from somebody who has the file or if it was basically intercepted and modified along the way. So just kind of a general look at that this is a picture of my boss digitally disguised to protect the guilty and I kind of want to talk about other protocols I've already mentioned quite a few of them but I wanted to mention these five protocols at least because I have a fairly decent grasp of how they work and what their features are and I just kind of want to run through them and as someone trying to design an anonymous network for sharing files describe some of their shortcomings some of their good properties Napster I'm sure you've heard of basically there's a single point of failure with a central agency that maintains the records of what files are available the drawback to that is when that central point of failure gets sued it gets shut down Nutella is kind of the next step where there's no central authority and the search capability from PuzzleNet is essentially very similar to Nutella except for the fact that searches will have to expire after a certain amount of time like two minutes and that's an attempt basically to keep their requests the search requests and the responses from flooding the network because that's a bad thing so Nutella suffers from basically a scalability problem where when you have lots and lots of nodes and you're doing lots and lots of searches those search responses basically flood the network and take up all the bandwidth and then it's really hard to get response back when you actually want to download something Nutella also suffers from a lack of anonymity on the servers part when you're a client you're doing a search you're basically protected because nobody can tell except for the person that you're directly connected to and then only probabilistically nobody can tell where that search is coming from but when you receive your responses back you basically have an IP address and a bunch of file names and you know that that server at that address is providing those files so somebody like a Metallica lawyer does a Nutella search and just takes the list of IP addresses and the list of Metallica songs and goes and files legal complaint against all those people running those servers so that's generally a very bad thing FreeNet basically overcomes that really well in the fact that everything traverses through the network and you're not really sure where the end point of the transfer is so you can't really tell okay this is the guy that originated the search and this is the guy that has the file all you really know is that somebody over there requested the file and somebody over there has it Publius is fairly new and probably most of you haven't heard of it yet but it's kind of strange in that the proposal for Publius is for a static array of servers like a hundred servers and when you have a static array of servers basically you're saying okay these are the targets these are the sites that have what people who are looking download files need and if you attack these servers then you can basically cripple the network you can prevent people from etc etc and also if you know certain files that are made available you can say okay well this server has that file that server has that file and you can basically shut them down for knowing what they have to some degree that's defended in Publius because all the files are encrypted the servers themselves don't really know what they have that's kind of the same thing as FreeNet and PuzzleNet the servers aren't really aware of what they have unless it's in the metadata for PuzzleNet with FreeNet basically the servers don't know so the servers can basically have plausible deniability on what they have I'm a server but I don't know that this file I have is illegal I don't know that this file violates copyright law or anything like that one of the interesting things about Publius is the keys for the files are distributed out to these different servers and even though they're using these static servers that theoretically you should be able to trust since they're the only servers you can actually still get a form of man in the middle attack the data that you're transferring from the server gets corrupted gets replaced with something else or the key value that you need to decrypt it gets replaced with something else so with Publius what they've done is they've split the key that's necessary to decrypt the file into several pieces and then each of the servers has a piece of that key and one of the things that's covered in the applied cryptography book is you can set it up so that you can have say 10 different keys for a file and be able to decrypt that file if you have any 3 of those keys as an example numerically speaking you could split up a key into 100 pieces and still say you only have to have 3 to decrypt it or you could split it up into 50 pieces and say you have to have 25 to decrypt it at any rate when you have that many servers one of those is going to have a good copy of the key and a good copy of the file and if you download enough and you download enough of those copies you can tell which one is correct you can verify that the file you're downloading is correct using Publius' scheme for sharing the key out don't think I'll say anything more about Publius for now Fling is another fairly new one that was announced fairly recently it's like a totally different concept for encrypting traffic using an onion approach if you're familiar with that you set up a certain pathway between nodes each step along the way each node along the way only knows where the packet came from and where it's going that's one hop from it so I encrypted 10 different times with 10 different steps indicated send it off to the first node along the way it decrypts that first step says okay the next step is over here and sends it over there and then that second site decrypts that says okay it's supposed to be over here now decrypts it sends it over so that's the basic approach with Fling and Fling is intended to basically be a replacement for a generic TCP IP connection for FTP for Telnet for pretty much anything so it's more of a generic solution but it's basically a networking solution rather than a shared network connected network it's not really intended for downloading files or sharing information it's basically intended just to protect your privacy which is a good thing but a different purpose really I kind of chose FreeNet to compare with because it's essentially the closest thing in terms of what it's intended for how it works what its strengths are what its weaknesses are searching basically I've already mentioned FreeNet the search in FreeNet is kind of at this point undefined in the software it may be hashed out on the mailing list and you know it's hard to say whether it will be available for use in the program anytime soon downloading I've already pretty much described PuzzleNet where you download pieces of the file from lots of different places and then combine them all and with FreeNet essentially you send out your search request and if there's data matching that search request you get that data back basically just along the same path that you sent your search add on you don't really have much control over the download process if you get a response back to your search great you've got your file you might have to wait a couple of years to actually get the download finished but if you send out your search request and nothing is found then basically it times out and you don't get anything pluses and minuses to that once you get your information once you get your file you want to decrypt it if it's encrypted you want to verify it at any rate I've pretty much described the PuzzleNet approach where you have kind of a voting system with your puzzle pieces if you have agreeing values three different puzzle pieces then that's great that's probably an indication that what you've got is valid if you have disagreeing values then essentially you can re-download stuff from other places or you can say if I have five different copies and three of them agree and the other two are completely different I'm going to go with the three that agree so you have a reasonable degree of certainty that you can verify what you've gotten is accurate and what you wanted actually I'm not entirely certain I haven't been following the mailing list for quite some time and I don't believe there's really any way to verify what you've downloaded maybe you can index version in the next version the answer to free net questions is always in the next version but you have to forgive them based on my point of view there's actually not even one line of code yet for PuzzleNet it's a race now and injection or dispersal of the file essentially you choose when you inject your file into PuzzleNet and you send out your little feelers protocol wise to find servers out there that are willing to accept your puzzle piece that have 4k or 32k or however much available on their hard drive for puzzle piece and then you send multiple copies out to different servers basically for the redundancy value with free net it's basically out of your hands anything that traverses the network gets cached if the server traversing has enough hard drive space for what it's sending along at that local server if it doesn't have enough hard drive space then basically it doesn't cache it and it continues traversing so essentially it gets copied the entire file gets copied along the way when it gets requested and then downloaded so the PuzzleNet concept is basically redundancy and only replicating information that's requested enough basically to justify having multiple copies I guess that brings up another issue that I kind of meant to mention earlier I think right now maybe you can tell me if I'm wrong but I think right now the limit on a free net file is essentially a 4 byte value for the length plus it's a streaming value or a streaming file so essentially you're limited to a 4 gigabyte file size for any given file with PuzzleNet since you're breaking it up into many puzzle pieces the limit of a puzzle piece size is 4 gigabytes hopefully there won't be any that large out there but you never really know maybe someday when we all have T3 connections into our homes a 4 gigabyte puzzle piece size won't be a big deal but the limit for a puzzle piece is 4 gigabytes there is actually no limit well I guess there is I have to remember now there is an identifier in the metadata for a puzzle piece that indicates the puzzle piece number so essentially I think I have that as a 2 byte value which gives you an upper limit of 65,000 puzzle pieces for a file so if your file is really huge it could be up to I don't even know the term for something beyond terabytes but it could be pretty darn huge what did you say exobytes? whatever anyway really really big and it's always possible that I might change sometime in the future and have the puzzle piece ID be 4 bytes and then it would be 4 billion times 4 billion would be your maximum file size at any rate it's pretty darn huge so you could start sharing DVDs and downloading DVDs now that kind of gets into some of the features and capabilities a little bit I sort of separated that because it's more of an abstract discussion than the specifics of how things work FreeNet is pretty cool I kind of said to the last guy as I came up here that I was going to make fun of FreeNet but really I think FreeNet is a pretty good project and I know I probably won't have time to contribute to it but at some point when they have a server that's ready to run I may run one at my site so I don't have anything really against FreeNet except for a couple of the capabilities that I think PuzzleNet does better one of the things that's kind of cool about FreeNet is they basically are open-ended there's the possibility of supporting streaming media I'm not really sure how that could be handled in PuzzleNet I don't think it's really a big concern but it's one of the things that kind of makes FreeNet a really cool thing I'll move on actually I probably need to wrap up pretty soon so I can catch my flight but I was looking basically at different attacks that you can launch against an anonymous network no matter how you work out your arrangements for your network there's going to be attacks against it nothing is foolproof so basically you have denial of service attacks you have attacks that lead you to doubt the data that you're downloading or that are intended to flood the system with bogus stuff that prevents people from downloading stuff that they want one of the attacks against Napster that somebody launched was to upload a bunch of bogus mp3 files whether it was like Britney Spears Link or whatever but they uploaded a bunch of files and people downloaded them and found that they were just some cow honking noise or something one of the things that is really difficult to design for is a broad range of attacks because it's far easier to figure out a way of attacking something than to figure out a good way to defend against all the attacks man in the middle basically is someone malicious trying to figure out what data you're transferring on the network or corrupt the data that you're transferring on the network the search mechanism in puzzle net is intended to thwart the man in the middle attack to some degree as the free net person mentioned there's basically a diffie helmet key exchange and at this point in time a man in the middle attack against a malicious attacker isn't really defended against so that's a difficult thing to handle anytime you have an anonymous network basically you don't know anybody you're talking to you don't know anybody that has any of the data and you don't know anybody that's downloading anything from you so how do you know who you can trust and essentially you can't you can't figure out who you can trust unless you can identify the other nodes with some sort of signature digital signature in which case it's no longer anonymous so that's always going to be a difficult thing essentially you defend against what you can and what you can't defend against you cover up flooding attacks basically is someone uploading a bunch of stuff to try to take up space on the servers to try to prevent other network traffic from occurring and a black hole type attack would be someone who accepts a server that accepts puzzle pieces from people that are trying to upload puzzle pieces, somebody trying to inject files in a network, but then basically just discards the data or accepts search requests but doesn't forward them on and doesn't respond to them so that's kind of like a single server node that's being evil and hopefully the redundancy in the network helps defend against that and the fact that the fact that there are many different pieces of the files spread throughout the network and many different servers containing each piece will hopefully prevent a black hole type attack from succeeding essentially one of the things that you try to do with the different attacks like this is figure out whether someone is actually attacking you and who is doing the attack if you figure out that there's an attack going on and it's a difficult proposition if you're a server and you're passing network traffic, passing puzzle net packet traffic between yourself and other servers and you notice another server not responding to any of your requests or responding to every injection request with yeah I've got room yeah I've got room then you start getting suspicious and I haven't really defined any expected response to these different detections and I haven't defined any thresholds for these detections but you know at some point it'll probably become an issue it's hard to say with no code that you can run and not a whole lot of the protocol completely defined as far as expected behavior on the server and client's part it's hard to say how you should respond to detecting the sort of attack I get basically from from analyzing the protocol and from analyzing the way it's intended to work just thought wise I get the impression that a black hole attack would be detectable and essentially because of the redundancy in the system if a node is evil and you detect that node is evil you can basically just disconnect from that node which is kind of another network concept that's different between PuzzleNet and FreeNet on the PuzzleNet network basically you have a dynamic set of connections and servers would disconnect from other servers and form other connections to other servers periodically so the network kind of moves itself along in sort of a random fashion and one of the potentials for dealing with attacks like this is if you can determine that a node is suspicious you can put it on a blacklist you can share blacklists with other nodes and basically come to a consensus that yeah we think this node is bad so we're not going to allow connections anymore that's sort of a future prospect and a feature that's not really fully examined yet and just to brief forward on the TTL equals 0 if this is a different form of attack than what I mentioned so far basically like denial of service and corruption of data and things like that well the TTL equals 0 attack is basically intended to determine who's sharing what files and who's requesting what files if you send out a bunch of packets with a TTL equals 0 to all your neighbors PuzzleNet doesn't have the probabilistic decay of packets the way FreeNet and I don't know if any others use it but this is like a probabilistic decay of packets instead of a straight decrement TTL and if it's 0 then you're the last node so anyway with PuzzleNet if you send out packets with the TTL equals 0 then any response you get back is guaranteed to be from that node that you sent the request to so an evil node like a spy node that's operated by the CIA or something can send out a bunch of TTL equals 0 request and see who gets stuff back and look at the responses that it gets back it's another thing that could probably be detected it's kind of difficult to say but there are a lot of potential weaknesses in any sort network and as the mailing list on FreeNet attests there's a lot of debate that goes into deciding whether or not something is secure against different attacks here's some links to the different sites for the different protocols no particular order I'm not really going to promote anything above anything else I'll say FreeNet is a good one hopefully you'll check out PuzzleNet I mentioned Yoink at the end but