Monday, December 7, 2009

Master/Diploma Thesis over

My Dear Phantoms,

My thesis has come to an end. I handed it in last week and with that graduated from university. I have not updated this Blog while I was working on the thesis, but now that I finished, I will summarize what I did.

Most of you will have read the white paper, the slides or will have watched Magnus at Defcon. So you probably remember that the protocol can be roughly split into three parts:

1: routing paths
2: routing tunnels
3: the Phantom Network Database

In my thesis I focused on routing paths. At first I laid some ground work by creating an environment for Phantom to use. This includes for example functionality to parse a config file and writing to log files. Noteworthy is also the unit test suite that I have developed in parallel to the protocol code. It covers most functionality used to construct routing paths. After that I implemented the key components needed for constructing routing paths:

Cryptography: For encryption I included the OpenSSL library. For asymmetric encryption I have implemented an interface for using RSA, and for symmetric encryption an interface for AES. Furthermore I made simple interfaces to use the OpenSSL SHA256 Hash functions.

Sockets: I first started with the standard Berkeley Socket API and a functional adapted interface is included in the project. However since the Phantom Protocol makes use of SSL streams I later saw it more useful to directly use the OpenSSL Socket API. Thus a class for sockets with derived classes server and client were written, which, on top of socket functionality, implement all necessary SSL functionality, like the verification of SSL certificates.

Serialization: The core medium for information transfer in the routing-path construction phase are Setup Packages. I created them as serializable class using the GoogleProtoBuffers library. With that byte order problems can be outsourced to a well tested library.

Finally I wrote a prototype which is able to create a routing path of arbitrary length (except zero-length) given a list of potential nodes (IP, Certificate, Public Key). The prototype implements Magnus' design with some small exceptions. The prototype consists out of two binaries:

- anonymized_node: simulating the behaviour of an anonymized computer trying to establish a routing path and

- routing_node: a Phantom routing node waiting for arbitrary requests and joining a routing path upon receiving such a request


As soon as I will have received my final grading on the thesis, I will publish it here under some creative commons license. For the future of the code I have some good news too: Another student at my university and a good friend of mine at that, has taken over the development of the Phantom protocol as his own Master/Diploma Thesis. This means another talented programmer will be able to work full time on the implementation of other aspects of Phantom, which is great! I presume he will soon make a public appearance himself and announce his targets of development here.

I myself will also stay at the project and support it henceforth. We are also thinking of presenting our progress on one of the upcoming conferences. If so, we will inform you about that here.

Till then, stay tuned - generic, decentralized, unstoppable, unbreakable anonymity will come to you. :-)