A secure and resilient communication infrastructure for decentralized networking applications

The contribution of this thesis is the study, design and implementation of a resilient and secure communication infrastructure for decentralized peer-to-peer networks. On today’s Internet, free and unrestricted communication between users is often restricted due to limited connectivity between participants, attempts to degrade service for certain traffic classes and other filtering and manipulation attempts. Peer-to-peer networks are in particular impacted by these effects since peer-to-peer networks are a target for censorship attempts due to the lack of a centralized node to control, their dependency on end-to-end connectivity and on a neutral network treating all traffic classes equally. In this thesis, we design and implement a communication infrastructure for decentralized peer-to-peer networks employing existing Internet infrastructure and technologies with the goal of re-establishing unhindered communication between users. The proposed communication infrastructure tries to provide and improve connectivity between participants and to improve quality of service for applications by detecting and counteracting traffic management and degradation attempts. The communication infrastructure has the goal to make communication resilient against censorship attempts and provides with GNS a public key infrastructure that provides a secure, resilient, and privacy-preserving way to map human-memorable names to addresses and other information. This thesis starts with a motivation for the objective of this work introducing and explaining limitations with respect to unrestricted communication on today’s Internet. We describe the different parties interested in controlling and influencing traffic on the Internet and their motivations and give an overview over technical restrictions to unrestricted communication a communication infrastructure tailored for the requirements of decentralized peer-to-peer networks and trying to provide resilient communication has to cope with and counteract. As a second step, we analyze if the current Internet can provide a suitable foundation for resilient communication between peers in a peer-to-peer overlay network. For this evaluation, we analyze how resilient the Internet and its routing infrastructure is against Byzantine failures of providers or links between networks and what impact these failures have on routing in a peer-to-peer network. We use a graph representation of the Internet topology generated from BGP routing data and path measurement data and apply a new graph separation heuristic to find the smallest set of providers and networks to partition the Internet. The size of the resulting separators gives evidence how hard it is to partition the Internet in a way that prevents communication between partitions and therefore could have an impact on routing between peers in the peer-to-peer overlay. We then present the design and implementation of a resilient and secure communication infrastructure for the GNUnet peer-to-peer framework. This communication infrastructure has the goal to increase connectivity between participants, improve connectivity for peers in restricted environments, counteract service degradation and traffic manipulation attempts and provide secure communication between participants of the peer-to-peer network. One of the key approaches used to detect and counteract service degradation is to support multiple transport mechanisms and to provide the possibility to