Sunday, July 18, 2010

the good, the bad and the ugly licensing

Hello everyone,
first for the good news. Last week I sent some IP-traffic from application to pplication (and back) through a test phantom network for the first time. This is a big step for phantom I think and I am very glad I got it working so far.
The bad news is, due to private problems I have not been able to work too much in the recent time and so I have fallen behind on my schedule. Finishing my thesis in July is no longer just ambitious but turned into an impossibility during the last weeks. However I am feeling better and I am back at work. The planned schedule is about two or three more weeks of coding (I will not put too much effort in the DHT-part but concentrate mostly on improving routing path and tunnel code as well as the application interface (currently a tun device)). After that I will sit down and write the text part of my thesis - no summer vacation for me this year it seems :-(.
After that I will publish what has been done and hopefully a community will rise to take over where I have left off. For releasing the code to the public Magnus and I have been thinking about the right license but unfortunately we are both inexperienced in these things. If a noble reader of this blog feels like he can help us discuss our options or decide on a license, please feel free to contact me or Magnus.

Saturday, May 1, 2010

Phantom Status Update

Hello to all the people interested in the phantom protocol,
it has been quiet around the protocol for some time now, however that does not mean that nothing happened. Michael finished his thesis in November and I took over. I have been working a lot on the implementation of the protocol in the last half year and I have made some progress. People keep asking Magnus if they can participate in the protocol implementation or how things are going with the protocol in general and so I decided to write an entry to the blog, so people can see, the protocol is by no means dead. (To be fair, Magnus has asked me to do so for quite some time, but I was always thinking other stuff (programming) was more fun, and never quite got to it). I am a 27 years old computer science student from Erlangen-University, currently working at my diploma thesis and therefore doing a prototype implementation of the phantom protocol. During my studies I have been specializing in operating systems, security, computer architecture, compiler construction and a little bit of cryptography. I have also worked as a system administrator at the university for the past 5 years.
Well nobody cares about that, so what is the state of the protocol? What has happened in the last 5 months?
Because I am no friend of C++ I started by switching the language to ANSI C and rewriting a lot of Code, until I had the routing path creation working again. I then coded some more and implemented tunnels almost completely. The tunnels have not been fully tested since they are generated randomly and so I need some kind of database that tells me about the (random) structure of the overlay network. So I had a look at distributed hash tables and found the kademlia design to my liking. Since I wanted to encrypt all dht-traffic via SSL, I have changed the design somewhat and have now an almost finished simple implementation of a kademlia-like-tcp-ssl-distributed hash table waiting to be integrated with the rest of the code. That is what happened so far. All parts combined I am now looking at around 10K lines of heavily multi threaded ANSI C using libprotobuf-c and libopenssl.
Well, sounds great, what is the catch?
It is of course all work in progress now and nowhere near being usable in the wild. I will try to finish my thesis in July (probably) and until then I want to have the dht integrated with the rest of the protocol, test the rest of the protocol, fix as many bugs as possible and try to hack up some kind of frontend to make the protocol usable in a controlled environment for further testing - I do not know yet how to do this, but I will figure something out.
As far as I know, I will be free to release my code under any license I see fit, after I have been graded (or maybe even after I have officially finished my thesis and handed it over to the graders). Since I am required to write at least some 60 pages of text for my thesis, there will be some kind of documentation available once the code gets published.
Things that may need to be done later on, which I will not tackle in my thesis are:
  • check if the library I use for marshalling and unmarshalling messages (libprotobuf-c) makes it possible for a potential attacker to piggyback information. I have thought about it (without looking into it) and I am pretty sure it can be done. That would mean writing own marshalling and unmarshalling code for messages, which is ok to do once when the messages have a stable format but is just time consuming right now, when everything is just in constant flow.
  • design and code a better dht, as mine has many features missing right now. The dht was not even part of my original plan for the thesis, I just did it, because I needed it to test the tunnels properly and my fun with long long coding_sessions; /*pun intended*/ was more long lasting than I thought it would be. But it is very simple and I am sure someone can do better than me.
  • port the code to different OSs (I am currently running on Linux2.6 on x86) the code is ANSI C as said, it conforms to the POSIX.1-2001 base specification, I have taken care to think about endianess and the code currently compiles with quite strict options in both gcc and clang. (I do not know if this helps for windows, and I know I should care (for windows), because it is the door to success but frankly I do not (yet))
  • write a test suite
  • everything I have forgotten
  • and the catch all: improve everything to make it great!

So please stay tuned everyone, there are definitely things going on behind the curtains and your interest and enthusiasm are most welcome, I am sorry I can not publish code right now, but hopefully in July you will see what has been done (and hopefully not judge it too harshly :-))

I wish you all a beautiful 1st of May,