Monday, May 18, 2009

Announcement: Implementation of Phantom as Master Thesis

To all people involved or interested in this project:
Searching for a topic for my Diplomarbeit (~ Master Thesis) a friend (Leslie) told me about this project and after reading through the white paper, I felt it would be great if Magnus' concept could become reality.
So I formulated a thesis covering the basics of the protocol and looked for a thesis supervisor, which I found in Lars from FoeBud (a German civil rights and data privacy organization, similar to the Electronic Frontier Foundation).

So what does that mean for this project?

It means that for the next six months I will spend most of my time working on this project, hopefully getting it to a point where the remaining implementation steps can easily be distributed on other project members.

Since it is hard to estimate the required time for the thesis, I will first focus on the "setting up of the routing path" and then see how much further I can get from there within the time limit.
Since I will be focusing my time on this project, I can as well help Magnus in coordinating individual efforts to further this project, so please, everyone who wants to help this project, contact me and Magnus now! As long as I mark which parts of the code originate from me, and which originate from other people's efforts, this will be no problem (concerning the "no help allowed" clause in master theses). This clause also doesn't mean you can't give me valuable advice, and help me with problems I'll definitely run into! ;)

So where to start from?

I will start by looking a bit into cross platform development and network application programming (TCP, OpenSSL stuff), before getting started on the design. If anyone of you knows good resources for these fields, please forward them to me in the Mailing List or using Blog
Comments. Afterwards I will begin defining Interfaces and creating a UML diagram / a general implementation map of the protocol. And then I guess I can start by implementing base classes.

Let's bring anonymity to a new level!

michael

11 comments:

Cyril said...
This comment has been removed by the author.
X Ryl said...

The phantom protocol currently doesn't provides the claims it announce.

Let's say a Node X on public internet is contacted by a node on phantom network, if Node X trace its data, it will think that the node on phantom network is the initiator of the transaction (whatever the tunnel configuration inside the phantom network).

This means that the output node is sadly legal responsible for anything going through it.

Even when the Node X is inside the phantom network, the first node in the tunnel before it is legally responsible for asking the date.

The node X will then start lawsuits against all nodes in any tunnels it build (as after all, from its perspective, and direct node connection is asking for that copyrighted/illegal material), and finally break the whole network.

These node will be responsible for things that they even didn't know happened (and I really doubt it would be a good excuse to say "I don't know what my node was doing").

Adding crypto here doesn't solve any issue, you're still responsible if your son kill your neighbour, even if you never gave him a knife.

MagnusBrading said...

Yes, and that's exactly why the Phantom protocol was designed so that only nodes inside the Phantom network can communicate, and not any public internet addresses can be reached. :-)

MagnusBrading said...

These kinds of problems are also discussed in the white paper:

http://www.fortego.se/phantom-paper.pdf

X Ryl said...

I've read the paper. That how I've figured out the problem.

Anyway, let's try to forget crypto and anything specific for one second.

If I were the RIAA or whatever evil company, I'd bootstrap a node in such network (I don't care about the inner working of the stuff). Then I'd run a network packet sniffer, and a disk monitor (it's obviously simple to do so).

As soon as the disk monitor tells me that a "protected" file is read, I'd track the data on the network. (it's also dead simple, as I could trigger network capture from my disk monitor).

Soon a packet will exit my computer and get to another computer.

Please notice that I won't even try to understand what's inside this packet (*). I'd log the other computer IP address, and start suing the computer's owner.

(*) Don't think that a lawyer would understand the nice crypto mix you're implementing in Phantom. He would simply says : "This guy asked a protected file, what was sent to him (see evidence of transfer in doc A) is a "crypt" of a part of this file (see disk & data analysis)".


As a ciphered message is indistinguishable from random noise, he is right.

You can throw any level of crypto/anonymousity in there, you'll still get a computer X in the network that can monitor the packet it's sending, and its disk activity and link both.


Said differently, it's not because you've ciphered a copyrighted material that it becomes public. From then, whatever the data path of the ciphered material on the phantom network, any node in the path is guilty of piracy/counterfeit from a legal point of view.

Don't outsmart judges with complex protocol, it's as basic as it seems.

Christoph Heuwieser said...

X Ryl is right in first place...i've also have thought about the whole problematic the past months. I also think there is no 100% answer but there could be a 99,9% answer...
Think about combining the phantom protocol with oneswarm for example. the more client you get the harder it gets to trace one thing down. theoreticaly if you get a million clients and you try to download a copyrighted/illegal file, every point between you and the target gets only a few junks wich can be anything. you just have to make sure no one gets enough to do so as X Ryl said...

tjw said...
This comment has been removed by the author.
tjw said...

X Ryl seems to be forgetting the concept of plausible deniability. If the software acts in anyway as a router where traffic is automatically forwarded without knowledge of its contents, then the legal standing of challenging "node x" is shaky at best in most jurisdictions. If this where possible, then every ISP would be liable for the content their routers forwarded on to the end customers ie. they would be indirectly responsible for sharing secret documents, illegal music, child porn, etc.

X Ryl said...

tjw: I recognize that the example was overly simple. There is a big difference between being the recipient or being the messenger. Routers are messenger, the protocol itself doesn't even know about their presence (when you open a socket to www.google.com, you don't know which router will get involved, and you don't care, from a legal POV).

However, back to the Phantom protocol example, the honeypot software (uploading a copyrighted material) does so to a physical recipient.

This recipient is liable for the transfer, whatever it does with the received data.

It's exactly like if a drug dealer had to transmit drug and hides the drug in a closed wallet.
If he asks a guy to transport the wallet, the guy isn't innocent. Even if that guy has no idea of what is inside the wallet.
As it's impossible to tell if he's lying or not, and the fact proves that he had an interest in the story, he's guilty.

Said simply, the court usually assume that the simple fact of owning drug or counterfaited material makes you guilty.

There is an exception for ISP in some country that requires them to delete the counterfaited material as soon as they are aware of the act, but I really, really doubt you could use that excuse to justify yourself, as most of us aren't ISP.

jessicaRA said...

x ryl has a point, encrypted data if using the same key will be constant, so you would just need to download the copyrighted material in order to get the data after the encryption is applied then monitor for stuff matching that data. obfuscating it by multiple keys just means downloading it multiple times too. some obfuscation which changes the encrypted appearance much more often than not may help(via adding some small junk bytes every so often to the contents within the encrypted data)? comments on that idea?

Bruno said...

X-Ryl, mate, the problem you mention is easily solved: every now and then, the implementation of the application that uses Phantom net for file-sharing, reads a random piece of a random file and fires it into the cloud. Call it whatever you want, i'd go for "connection stability testing", yet reading a shared file and firing a subset of it's contents into the Phantom cloud then becomes a operational principe for the application. Add to this a possibly distributed-file-system kind of thing, actually saving a encrypted abstract chunk of the "audited" file, and the entire file can be downloaded without the possibility to detect the download.