Monday, December 7, 2009

Master/Diploma Thesis over

My Dear Phantoms,

My thesis has come to an end. I handed it in last week and with that graduated from university. I have not updated this Blog while I was working on the thesis, but now that I finished, I will summarize what I did.

Most of you will have read the white paper, the slides or will have watched Magnus at Defcon. So you probably remember that the protocol can be roughly split into three parts:

1: routing paths
2: routing tunnels
3: the Phantom Network Database

In my thesis I focused on routing paths. At first I laid some ground work by creating an environment for Phantom to use. This includes for example functionality to parse a config file and writing to log files. Noteworthy is also the unit test suite that I have developed in parallel to the protocol code. It covers most functionality used to construct routing paths. After that I implemented the key components needed for constructing routing paths:

Cryptography: For encryption I included the OpenSSL library. For asymmetric encryption I have implemented an interface for using RSA, and for symmetric encryption an interface for AES. Furthermore I made simple interfaces to use the OpenSSL SHA256 Hash functions.

Sockets: I first started with the standard Berkeley Socket API and a functional adapted interface is included in the project. However since the Phantom Protocol makes use of SSL streams I later saw it more useful to directly use the OpenSSL Socket API. Thus a class for sockets with derived classes server and client were written, which, on top of socket functionality, implement all necessary SSL functionality, like the verification of SSL certificates.

Serialization: The core medium for information transfer in the routing-path construction phase are Setup Packages. I created them as serializable class using the GoogleProtoBuffers library. With that byte order problems can be outsourced to a well tested library.

Finally I wrote a prototype which is able to create a routing path of arbitrary length (except zero-length) given a list of potential nodes (IP, Certificate, Public Key). The prototype implements Magnus' design with some small exceptions. The prototype consists out of two binaries:

- anonymized_node: simulating the behaviour of an anonymized computer trying to establish a routing path and

- routing_node: a Phantom routing node waiting for arbitrary requests and joining a routing path upon receiving such a request


As soon as I will have received my final grading on the thesis, I will publish it here under some creative commons license. For the future of the code I have some good news too: Another student at my university and a good friend of mine at that, has taken over the development of the Phantom protocol as his own Master/Diploma Thesis. This means another talented programmer will be able to work full time on the implementation of other aspects of Phantom, which is great! I presume he will soon make a public appearance himself and announce his targets of development here.

I myself will also stay at the project and support it henceforth. We are also thinking of presenting our progress on one of the upcoming conferences. If so, we will inform you about that here.

Till then, stay tuned - generic, decentralized, unstoppable, unbreakable anonymity will come to you. :-)


Monday, May 18, 2009

Announcement: Implementation of Phantom as Master Thesis

To all people involved or interested in this project:
Searching for a topic for my Diplomarbeit (~ Master Thesis) a friend (Leslie) told me about this project and after reading through the white paper, I felt it would be great if Magnus' concept could become reality.
So I formulated a thesis covering the basics of the protocol and looked for a thesis supervisor, which I found in Lars from FoeBud (a German civil rights and data privacy organization, similar to the Electronic Frontier Foundation).

So what does that mean for this project?

It means that for the next six months I will spend most of my time working on this project, hopefully getting it to a point where the remaining implementation steps can easily be distributed on other project members.

Since it is hard to estimate the required time for the thesis, I will first focus on the "setting up of the routing path" and then see how much further I can get from there within the time limit.
Since I will be focusing my time on this project, I can as well help Magnus in coordinating individual efforts to further this project, so please, everyone who wants to help this project, contact me and Magnus now! As long as I mark which parts of the code originate from me, and which originate from other people's efforts, this will be no problem (concerning the "no help allowed" clause in master theses). This clause also doesn't mean you can't give me valuable advice, and help me with problems I'll definitely run into! ;)

So where to start from?

I will start by looking a bit into cross platform development and network application programming (TCP, OpenSSL stuff), before getting started on the design. If anyone of you knows good resources for these fields, please forward them to me in the Mailing List or using Blog
Comments. Afterwards I will begin defining Interfaces and creating a UML diagram / a general implementation map of the protocol. And then I guess I can start by implementing base classes.

Let's bring anonymity to a new level!


Monday, March 23, 2009

Conference video and audio available online

Not a day too soon, the video and audio from the DEFCON 16 talk is now online:

Video (speaker/slides mixed):

Video (slides only):

Audio only:

And if the links above would be changed in the future, here is the index page for the DEFCON video/audio archive, simply search for "Phantom" on the page, and you should find it fast: