Thursday, April 7, 2011

Release package downloads now available on Google Code Project Site

Hi everyone,
as Magnus has already announced yesterday, release packages are now distributed via Google Code here. The old release packages will no longer be updated.

I will update the release packages on the project site as often as possible, to keep it close to the current development head.

Wednesday, April 6, 2011

Source code now available in the Google Code repository

The Phantom source code is now available in the Google Code repository, and there has already been patches submitted and applied, so why don't you join the fun too?

Release packages will be arranged soon from Google Code too, and the old static release pack downloads will then be retired.

That's all for now, and as usual, big thanks to Johannes Schlumberger for all his hard work with the Phantom project!

Saturday, March 5, 2011

The First Phantom Source Code Release is Available!

FINALLY (sorry for the long delay), the first Phantom source code release is available, and it can be downloaded here.

Johannes Schlumberger has done an excellent job with this first implementation, which is complete enough for full practical testing of the protocol core functionality! The only parts that are not fully up to the original specs yet are some of the DHT-based Network Database parts, but the most important core parts are already implemented also there.

Also, performance testing shows very positive numbers, maxing out a 100 Mb/s network connection for data transfers over multi-hop Phantom routing tunnels, so the crypto overhead does not seem to be significant at all!

You can read a lot more about the implementation and performance testing results here (this paper is also included in the release package linked to above).

Finally, a big thanks to Johannes Schlumberger (and the initial work of Michael Prinzinger) for realizing this! Now we're looking forward to the input, testing and further development efforts of the community!

Sunday, July 18, 2010

the good, the bad and the ugly licensing

Hello everyone,
first for the good news. Last week I sent some IP-traffic from application to pplication (and back) through a test phantom network for the first time. This is a big step for phantom I think and I am very glad I got it working so far.
The bad news is, due to private problems I have not been able to work too much in the recent time and so I have fallen behind on my schedule. Finishing my thesis in July is no longer just ambitious but turned into an impossibility during the last weeks. However I am feeling better and I am back at work. The planned schedule is about two or three more weeks of coding (I will not put too much effort in the DHT-part but concentrate mostly on improving routing path and tunnel code as well as the application interface (currently a tun device)). After that I will sit down and write the text part of my thesis - no summer vacation for me this year it seems :-(.
After that I will publish what has been done and hopefully a community will rise to take over where I have left off. For releasing the code to the public Magnus and I have been thinking about the right license but unfortunately we are both inexperienced in these things. If a noble reader of this blog feels like he can help us discuss our options or decide on a license, please feel free to contact me or Magnus.

Saturday, May 1, 2010

Phantom Status Update

Hello to all the people interested in the phantom protocol,
it has been quiet around the protocol for some time now, however that does not mean that nothing happened. Michael finished his thesis in November and I took over. I have been working a lot on the implementation of the protocol in the last half year and I have made some progress. People keep asking Magnus if they can participate in the protocol implementation or how things are going with the protocol in general and so I decided to write an entry to the blog, so people can see, the protocol is by no means dead. (To be fair, Magnus has asked me to do so for quite some time, but I was always thinking other stuff (programming) was more fun, and never quite got to it). I am a 27 years old computer science student from Erlangen-University, currently working at my diploma thesis and therefore doing a prototype implementation of the phantom protocol. During my studies I have been specializing in operating systems, security, computer architecture, compiler construction and a little bit of cryptography. I have also worked as a system administrator at the university for the past 5 years.
Well nobody cares about that, so what is the state of the protocol? What has happened in the last 5 months?
Because I am no friend of C++ I started by switching the language to ANSI C and rewriting a lot of Code, until I had the routing path creation working again. I then coded some more and implemented tunnels almost completely. The tunnels have not been fully tested since they are generated randomly and so I need some kind of database that tells me about the (random) structure of the overlay network. So I had a look at distributed hash tables and found the kademlia design to my liking. Since I wanted to encrypt all dht-traffic via SSL, I have changed the design somewhat and have now an almost finished simple implementation of a kademlia-like-tcp-ssl-distributed hash table waiting to be integrated with the rest of the code. That is what happened so far. All parts combined I am now looking at around 10K lines of heavily multi threaded ANSI C using libprotobuf-c and libopenssl.
Well, sounds great, what is the catch?
It is of course all work in progress now and nowhere near being usable in the wild. I will try to finish my thesis in July (probably) and until then I want to have the dht integrated with the rest of the protocol, test the rest of the protocol, fix as many bugs as possible and try to hack up some kind of frontend to make the protocol usable in a controlled environment for further testing - I do not know yet how to do this, but I will figure something out.
As far as I know, I will be free to release my code under any license I see fit, after I have been graded (or maybe even after I have officially finished my thesis and handed it over to the graders). Since I am required to write at least some 60 pages of text for my thesis, there will be some kind of documentation available once the code gets published.
Things that may need to be done later on, which I will not tackle in my thesis are:
  • check if the library I use for marshalling and unmarshalling messages (libprotobuf-c) makes it possible for a potential attacker to piggyback information. I have thought about it (without looking into it) and I am pretty sure it can be done. That would mean writing own marshalling and unmarshalling code for messages, which is ok to do once when the messages have a stable format but is just time consuming right now, when everything is just in constant flow.
  • design and code a better dht, as mine has many features missing right now. The dht was not even part of my original plan for the thesis, I just did it, because I needed it to test the tunnels properly and my fun with long long coding_sessions; /*pun intended*/ was more long lasting than I thought it would be. But it is very simple and I am sure someone can do better than me.
  • port the code to different OSs (I am currently running on Linux2.6 on x86) the code is ANSI C as said, it conforms to the POSIX.1-2001 base specification, I have taken care to think about endianess and the code currently compiles with quite strict options in both gcc and clang. (I do not know if this helps for windows, and I know I should care (for windows), because it is the door to success but frankly I do not (yet))
  • write a test suite
  • everything I have forgotten
  • and the catch all: improve everything to make it great!

So please stay tuned everyone, there are definitely things going on behind the curtains and your interest and enthusiasm are most welcome, I am sorry I can not publish code right now, but hopefully in July you will see what has been done (and hopefully not judge it too harshly :-))

I wish you all a beautiful 1st of May,

Monday, December 7, 2009

Master/Diploma Thesis over

My Dear Phantoms,

My thesis has come to an end. I handed it in last week and with that graduated from university. I have not updated this Blog while I was working on the thesis, but now that I finished, I will summarize what I did.

Most of you will have read the white paper, the slides or will have watched Magnus at Defcon. So you probably remember that the protocol can be roughly split into three parts:

1: routing paths
2: routing tunnels
3: the Phantom Network Database

In my thesis I focused on routing paths. At first I laid some ground work by creating an environment for Phantom to use. This includes for example functionality to parse a config file and writing to log files. Noteworthy is also the unit test suite that I have developed in parallel to the protocol code. It covers most functionality used to construct routing paths. After that I implemented the key components needed for constructing routing paths:

Cryptography: For encryption I included the OpenSSL library. For asymmetric encryption I have implemented an interface for using RSA, and for symmetric encryption an interface for AES. Furthermore I made simple interfaces to use the OpenSSL SHA256 Hash functions.

Sockets: I first started with the standard Berkeley Socket API and a functional adapted interface is included in the project. However since the Phantom Protocol makes use of SSL streams I later saw it more useful to directly use the OpenSSL Socket API. Thus a class for sockets with derived classes server and client were written, which, on top of socket functionality, implement all necessary SSL functionality, like the verification of SSL certificates.

Serialization: The core medium for information transfer in the routing-path construction phase are Setup Packages. I created them as serializable class using the GoogleProtoBuffers library. With that byte order problems can be outsourced to a well tested library.

Finally I wrote a prototype which is able to create a routing path of arbitrary length (except zero-length) given a list of potential nodes (IP, Certificate, Public Key). The prototype implements Magnus' design with some small exceptions. The prototype consists out of two binaries:

- anonymized_node: simulating the behaviour of an anonymized computer trying to establish a routing path and

- routing_node: a Phantom routing node waiting for arbitrary requests and joining a routing path upon receiving such a request


As soon as I will have received my final grading on the thesis, I will publish it here under some creative commons license. For the future of the code I have some good news too: Another student at my university and a good friend of mine at that, has taken over the development of the Phantom protocol as his own Master/Diploma Thesis. This means another talented programmer will be able to work full time on the implementation of other aspects of Phantom, which is great! I presume he will soon make a public appearance himself and announce his targets of development here.

I myself will also stay at the project and support it henceforth. We are also thinking of presenting our progress on one of the upcoming conferences. If so, we will inform you about that here.

Till then, stay tuned - generic, decentralized, unstoppable, unbreakable anonymity will come to you. :-)


Monday, May 18, 2009

Announcement: Implementation of Phantom as Master Thesis

To all people involved or interested in this project:
Searching for a topic for my Diplomarbeit (~ Master Thesis) a friend (Leslie) told me about this project and after reading through the white paper, I felt it would be great if Magnus' concept could become reality.
So I formulated a thesis covering the basics of the protocol and looked for a thesis supervisor, which I found in Lars from FoeBud (a German civil rights and data privacy organization, similar to the Electronic Frontier Foundation).

So what does that mean for this project?

It means that for the next six months I will spend most of my time working on this project, hopefully getting it to a point where the remaining implementation steps can easily be distributed on other project members.

Since it is hard to estimate the required time for the thesis, I will first focus on the "setting up of the routing path" and then see how much further I can get from there within the time limit.
Since I will be focusing my time on this project, I can as well help Magnus in coordinating individual efforts to further this project, so please, everyone who wants to help this project, contact me and Magnus now! As long as I mark which parts of the code originate from me, and which originate from other people's efforts, this will be no problem (concerning the "no help allowed" clause in master theses). This clause also doesn't mean you can't give me valuable advice, and help me with problems I'll definitely run into! ;)

So where to start from?

I will start by looking a bit into cross platform development and network application programming (TCP, OpenSSL stuff), before getting started on the design. If anyone of you knows good resources for these fields, please forward them to me in the Mailing List or using Blog
Comments. Afterwards I will begin defining Interfaces and creating a UML diagram / a general implementation map of the protocol. And then I guess I can start by implementing base classes.

Let's bring anonymity to a new level!