Xem mẫu

Peer to Peer: Harnessing the Power of Disruptive Technologies In most messages that are passed from node to node, there is no mention of anything that might tie a particular message to a particular user. On the Internet, identity is established using two points of data: An IP address and the time at which the packet containing the IP address was seen. Most Gnutella messages do not contain an IP address, so most messages are not useful in identifying Gnutella users. Also, Gnutella`s routing system is not outwardly accessible. The routing tables are dynamic and stored in the memory of the countless Gnutella nodes for only a short time. It is therefore nearly impossible to learn which host originated a packet and which host is destined to receive it. Furthermore, Gnutella`s distributed nature means that there is no one place where an enforcement agency can plant a network monitor to spy on the system`s communications. Gnutella is spread throughout the Internet, and the only way to monitor what is happening on the Gnutella network is to monitor what is happening on the entire Internet. Many are suspicious that such monitoring is possible, or even being done already. But given the vastness of today`s Internet and its growing traffic, it`s pretty unlikely. What Gnutella does subject itself to, however, are things such as Zeropaid.com`s Wall of Shame. The Wall of Shame, a Gnutella Trojan Horse, was an early attempt to nab alleged child pornography traffickers on the Gnutella network. This is how it worked: a few files with very suggestive filenames were shared by a special host. When someone attempted to download any of the files, the host would log the IP address of the downloader to a web page on the Wall of Shame. The host obtained the IP address of the downloader from its connection information. That`s where Gnutella`s pseudoanonymity system breaks down. When you attempt to download, or when a host returns a result, identifying information is given out. Any host can be a decoy, logging that information. There are systems that are more interested in the anonymity aspects of peer-to-peer networking, and take steps such as proxied downloads to better protect the identities of the two endpoints. Those systems should be used if anonymity is a real concern. The Wall of Shame met a rapid demise in a rather curious and very Internet way. Once news of its existence circulated on IRC, Gnutella users with disruptive senses of humor flooded the network with suggestive searches in their attempts to get their IP addresses on the Wall of Shame. 8.8.2.2 Downloads, now in the privacy of your own direct connection So Gnutella`s message-based routing system and its decentralization both give some anonymity to its users and make it difficult to track what exactly is happening. But what really confounds any attempt to learn who is actually sharing files is that downloads are a private transaction between only two hosts: the uploader and the downloader. Instead of brokering a download through a central authority, Gnutella has sufficient information to reach out to the host that is sharing the desired file and grab it directly. With Napster, it`s possible not only to learn what files are available on the host machines but what transactions are actually completed. All that can be done easily, within the warm confines of Napster`s machine room. With Gnutella, every router and cable on the Internet would need to be tapped to learn about transactions between Gnutella hosts or peers. When you double-click on a file, your Gnutella software establishes an HTTP connection directly to the host that holds the desired file. There is no brokering, even through the Gnutella network. In fact, the download itself has nothing to do with Gnutella: it`s HTTP. By being truly peer-to-peer, Gnutella gives no place to put the microscope. Gnutella doesn`t have a mailing address, and, in fact, there isn`t even anyone to whom to address the summons. But because of the breakdown in anonymity when a download is transacted, Gnutella could not be used as a system for publishing information anonymously. Not in its current form, anyway. So the argument that Gnutella provides anonymity from search through response through download is impossible to make. page 77 Peer to Peer: Harnessing the Power of Disruptive Technologies 8.8.2.3 Anonymous Gnutella chat But then, Gnutella is not exclusively a file-sharing system. When there were fewer users on Gnutella, it was possible to use Gnutella`s search monitor to chat with other Gnutella users. Since everyone could see the text of every search that was being issued on the network, users would type in searches that weren`t searches at all: they were messages to other Gnutella users (see Figure 8.4). Figure 8.4. Gnutella search monitor It was impossible to tell who was saying what, but conversations were taking place. If you weren`t a part of the particular thread of discussion, the messages going by were meaningless to you. This is an excellent real-world example of the ideas behind Rivest`s "Chaffing and Winnowing."[6] Just another message in a sea of messages. Keeping in mind that Gnutella gives total anonymity in searching, this search-based chat was in effect a totally anonymous chat! And we all thought we were just using Gnutella for small talk. [6] Ronald L Rivest (1998), "Chaffing and Winnowing: Confidentiality without Encryption," http://www.toc.lcs.mit.edu/~rivest/chaffing.txt. 8.8.3 Next-generation peer-to-peer file-sharing technologies No discussion about Gnutella, Napster, and Freenet is complete without at least a brief mention of the arms race and war of words between technologists and holders of intellectual property. What the recording industry is doing is sensitizing software developers and technologists to the legal ramifications of their inventions. Napster looked like a pretty good idea a year ago, but today Gnutella and Freenet look like much better ideas, technologically and politically. For anyone who isn`t motivated by a business model, true peer-to-peer file-sharing technologies are the way to go. It`s easy to see where to put the toll booths in the Napster service, but taxing Gnutella is trickier. Not impossible, just trickier. Whatever tax system is successfully imposed on Gnutella, if any, will be voluntary and organic - in harmony with Gnutella, basically. The same will be true for next-generation peer-to-peer file-sharing systems, because they will surely be decentralized. Predicting the future is impossible, but there are a few things that are set in concrete. If there is a successor to Gnutella, it will certainly learn from the lessons taught to Napster. It will learn from the problems that Gnutella has overcome and those that frustrate it today. For example, instead of the pseudoanonymity that Gnutella provides, next generation technologies may provide true anonymity through proxying and encryption. In the end, we can say with certainty that technology will outrun policy. It always has. The question is what impact that will have. page 78 Peer to Peer: Harnessing the Power of Disruptive Technologies 8.9 Gnutella`s effects Gnutella started the decentralized peer-to-peer revolution.[7] Before it, systems were centralized and boring. Innovation in software came mainly in the form of a novel business plan. But now, people are seriously thinking about how to turn the Internet upside down and see what benefits fall out. [7] The earliest example of a peer-to-peer application that I can come up with is Zephyr chat, which resulted from MIT`s Athena project in the early 1990s. Zephyr was succeeded by systems such as ICQ, which provided a commercialized, graphical, Windows-based instant messaging system along the lines of Zephyr. Next was Napster. And that is the last notable client/server-based, peer-to-peer system. Gnutella and Freenet were next, and they led the way in decentralized peer-to-peer systems. Already, the effects of the peer-to-peer revolution are being felt. Peer-to-peer has captured the imagination of technologists, corporate strategists, and venture capitalists alike. Peer-to-peer is even getting its own book. This isn`t just a passing fad. Certain aspects of peer-to-peer are mundane. Certain other aspects of it are so interesting as to get notables including George Colony, Andy Grove, and Marc Andreessen excited. That doesn`t happen often. The power of peer-to-peer and its real innovation lies not just in its file-sharing applications and how well those applications can fly in the face of copyright holders while flying under the radar of legal responsibility. Its power also comes from its ability to do what makes plain sense and what has been overlooked for so long. The basic premise underlying all peer-to-peer technologies is that individuals have something valuable to share. The gems may be computing power, network capacity, or information tucked away in files, databases, or other information repositories, but they are gems all the same. Successful peer-to-peer applications unlock those gems and share them with others in a way that makes sense in relation to the particular applications. Tomorrow`s Internet will look quite different than it does today. The World Wide Web is but a little blip on the timeline of technology development. It`s only been a reality for the last six years! Think of the Web as the Internet equivalent of the telegraph: it`s very useful and has taught us a lot, but it`s pretty crude. Peer-to-peer technologies and the experience gained from Gnutella, Freenet, Napster, and instant messaging will reshape the Internet dramatically. Unlike what many are saying today, I will posit the following: today`s peer-to-peer applications are quite crude, but tomorrow`s applications will not be strictly peer-to-peer or strictly client/server, or strictly anything for that matter. Today`s peer-to-peer applications are necessarily overtly peer-to-peer (often to the users` chagrin) because they must provide application and infrastructure simultaneously due to the lack of preexisting peer-to-peer infrastructure. Such infrastructure will be put into place sooner than we think. Tomorrow`s applications will take this infrastructure for granted and leverage it to provide more powerful software and a better user experience in much the same way modern Internet infrastructure has. In the short term, decentralized peer-to-peer may spell the end of censorship and copyright. Looking out, peer-to-peer will enable crucial applications that are so useful and pervasive that we will take them for granted. page 79 Peer to Peer: Harnessing the Power of Disruptive Technologies Chapter 9. Freenet Adam Langley, Freenet Freenet is a decentralized system for distributing files that demonstrates a particularly strong form of peer-to-peer. It combines many of the benefits associated with other peer-to-peer models, including robustness, scalability, efficiency, and privacy. In the case of Freenet, decentralization is pivotal to its goals, which are the following: • Prevent censorship of documents • Provide anonymity for users • Remove any single point of failure or control • Efficiently store and distribute documents • Provide plausible deniability for node operators Freenet grew out of work done by Ian Clarke when he was at the University of Edinburgh, Scotland, but it is now maintained by volunteers on several continents. Some of the goals of Freenet are very difficult to bring together in one system. For example, efficient distribution of files has generally been done by a centralized system, and doing it with a decentralized system is hard. However, decentralized networks have many advantages over centralized ones. The Web as it is today has many problems that can be traced to its client/server model. The Slashdot effect, whereby popular data becomes less accessible because of the load of the requests on a central server, is an obvious example. Centralized client/server systems are also vulnerable to censorship and technical failure because they rely on a small number of very large servers. Finally, privacy is a casualty of the structure of today`s Web. Servers can tell who is accessing or posting a document because of the direct link to the reader/poster. By cross-linking the records of many servers, a large amount of information can be gathered about a user. For example, DoubleClick, Inc., is already doing this. By using direct marketing databases and information obtained through sites that display their advertisements, DoubleClick can gather very detailed and extensive information. In the United States there are essentially no laws protecting privacy online or requiring companies to handle information about people responsibly. Therefore, these companies are more or less free to do what they wish with the data. We hope Freenet will solve some of these problems. Freenet consists of nodes that pass messages to each other. A node is simply a computer that is running the Freenet software, and all nodes are treated as equals by the network. This removes any single point of failure or control. By following the Freenet protocol, many such nodes spontaneously organize themselves into an efficient network. 9.1 Requests In order to make use of Freenet`s distributed resources, a user must initiate a request. Requests are messages that can be forwarded through many different nodes. Initially the user forwards the request to a node that he or she knows about and trusts (usually one running on his or her own computer). If a node doesn`t have the document that the requestor is looking for, it forwards the request to another node that, according to its information, is more likely to have the document. The messages form a chain as each node forwards the request to the next node. Messages time out after passing through a certain number of nodes, so that huge chains don`t form. (The mechanism for dropping requests, called the hops-to-live count, is a simple system similar to that used for Internet routing.) The chain ends when the message times out or when a node replies with the data. page 80 Peer to Peer: Harnessing the Power of Disruptive Technologies The reply is passed back though each node that forwarded the request, back to the original node that started the chain. Each node in the chain may cache the reply locally, so that it can reply immediately to any further requests for that particular document. This means that commonly requested documents are cached on more nodes, and thus there is no Slashdot effect whereby one node becomes overloaded. The reply contains an address of one of the nodes that it came through, so that nodes can learn about other nodes over time. This means that Freenet becomes increasingly connected. Thus, you may end up getting data from a node you didn`t even know about. In fact, you still might not know that that node exists after you get the answer to the request - each node knows only the ones it communicates with directly and possibly one other node in the chain. Because no node can tell where a request came from beyond the node that forwarded the request to it, it is very difficult to find the person who started the request. This provides anonymity to the users who use Freenet. Freenet doesn`t provide perfect anonymity (like the Mixmaster network discussed in Chapter 7) because it balances paranoia against efficiency and usability. If someone wants to find out exactly what you are doing, then given the resources, they will. Freenet does, however, seek to stop mass, indiscriminate surveillance of people. A powerful attacker that can perform traffic analysis of the whole network could see who started a request, and if they controlled a significant number of nodes so that they could be confident that the request would pass through one of their nodes, they could also see what was being requested. However, the resources needed to do that would be incredible, and such an attacker could find better ways to snoop on users. An attacker who simply controlled a few nodes, even large ones, couldn`t find who was requesting documents and couldn`t generate false documents (see "Key Types," later in this chapter). They couldn`t gather information about people and they couldn`t censor documents. It is these attackers that Freenet seeks to stop. 9.1.1 Detail of requests Each request is given a unique ID number by the node that initiates it, and this serves to identify all messages generated by that request. If a node receives a message with the same unique ID as one it has already processed, it won`t process it again. This keeps loops from forming in the network, which would congest the network and reduce overall system performance. The two main types of requests are the InsertRequest and the DataRequest . The DataRequest simply asks that the data linked with a specified key is returned; these form the bulk of the requests on Freenet. InsertRequests act exactly like DataRequests except that an InsertReply, not a TimedOut message, is returned if the request times out. This means that if an attacker tries to insert data which already exists on Freenet, the existing data will be returned (because it acts like a DataRequest), and the attacker will only succeed in spreading the existing data as nodes cache the reply. If the data doesn`t exist, an InsertReply is sent back, and the client can then send a DataInsert to actually insert the new document. The insert isn`t routed like a normal message but follows the same route as the InsertRequest did. Intermediate nodes cache the new data. After a DataInsert, future DataRequests will return the document. 9.1.2 The data store The major tasks each node must perform - deciding where to route requests, remembering where to return answers to requests, and choosing how long to store documents - revolve around a stack model. Figure 9.1 shows what a stack could contain. page 81 ... - tailieumienphi.vn
nguon tai.lieu . vn