IN 2194 Peer-to-Peer Systems and Security, Summer 2013

General Information

The prerequisites for this class are a solid understanding of operating systems, networks and system programming. You must be able to write non-trivial programs in either C/C++ or Java on GNU/Linux. Lectures will be held Mondays from 10am to noon and Thursdays from 2pm to 4pm in FMI 00.13.009A ("multi media room"), starting Monday, April 15th 2013, If you have questions that you need to ask in question, feel free to drop in or make an appointment: Christian Grothoff, Boltzmannstr. 3, Room 03.05.040. You can also find us most of the time on, #gnunet.


Specific topics that will be covered include:

The various protocols are described in theory and practical implementations of those ideas are discussed (in particular Freenet, Bittorrent, Tor, JAP, GNUnet, I2P and Gnutella). The course will also include a practical component focusing on the design and implementation of a new P2P protocol or application.

The Project

You are free to choose a project for the course. The main requirement is that is must related to the topics discussed in the course. Some suggestions are at the bottom of this page. If you have your own ideas, please keep in mind that the motivation and originality of your idea as well as your (experimental) evaluation of your project contribute significantly to your grade, so you should pick something impressive - and ensure that it can actually be done by you. You are encouraged to discuss your preliminary ideas with the instructor.
Projects can be done individually or in groups of up to two students. It is your responsibility to form and manage the teams. Note that for all projects you should feel free to discuss the projects during the project phase in class and during office hours. It is acceptable to discuss ideas, algorithms, or approaches to solving problems and assignments with other students. We encourage you to give and get such advice as it will help you learn the material better and improve your ability to work in a team. If you use existing code from other projects you must specify this in your documentation and give proper attribution in the source code.

Project Proposal

Your first deliverable will be a 2-3 page project proposal. It should describe:

Your literature survey should be part of you work plan, and you should plan to have it finished (in writing) by the deadline for the status report. Project proposals are due on May 15th 2013 and should be submitted via Subversion. You are encouraged to discuss project proposals with us before the deadline.

Status Report

Your second deliverable will be a 1-2 page status report describing: It is suggested that you include your literature survey as an appendix to the status report. Status reports are due on June 15th 2013 and should be submitted via Subversion.

Project Presentations

Each project team is expected to give one in-class presentation per team member on the project. If there are two team members, the first presentation should focus on related work and the project ideas, and the second presentation on the final design, implementation and experimental results. To give the presentation, you must first give a trial-run with an FSNSG member and get approval to do the in-class presentation. It is your responsibility to schedule an appointment at least a week before your presentation is due. We will add the specific dates for each student's presentation to the class schedule below. Please e-mail your final slides (in PDF format) to the instructor at least 2h prior to the presentation.

Project Submission

Programming projects must be submitted by 11:59 PM on August 10th 2013. Project code and documentation should be submitted via Subversion. You should use

    svn co --username $LRZ_ID --no-auth-cache
to checkout your repository. Please ensure not to include any unnecessary (i.e., generated) files from the code you hand in such as object files or executables. You are encouraged to use the Subversion repository for all of your project development, not just for the submission. We will not accept crashed hard drives as an excuse for a failure to submit results on time, use our repository as your backup.
We expect that the projects will require a substantial amount of software design and implementation. The software produced will be graded based on manual and automatic code quality assessments, the quality of the documentation and student-provided (automated) tests.

Final Project Report

In your final project report, please describe what your system actually does provide (what really works, not what you planned to do), the bugs you are aware of, experimental measurements (setup, data, interpretation) and possible directions for future work. As usual, reports will be graded on quality, not quantity.

Final Project Interview

Finally, we will have individual project interviews with each student. During these interviews, we will provide feedback on the project and ask questions about the course material and the individual student's project (to ensure that we understand their individual contributions). The final project interviews are expected to last between 15 and 30 minutes, with no more than 20 minutes being used for our questions.


You will be evaluated on the basis of the course project and in-class quizzes. Achieving more than half of the points on the quizzes will result in a 0,3-bonus to the final grade. For the course project, the different deliverables are weighted as follows:

Project proposal10 Pts
Status report5 Pts
In-class presentation15 Pts
Final project report / paper40 Pts
Code quality15 Pts
Individual oral discussion of course and project15 Pts

For the final project report, equal weight will be given in the evaluation to the following four aspects

The presentations and discussions will be done both in-class and individually; the interviews at the end of the course will be done individually and may go beyond just the scope of the project.


I recommend that you use a Debian GNU/Linux system for this class; your project's code must run on (some) GNU/Linux system.

Submission of Assignments

Each team will get access to a subversion repository. Assignments must be committed to that repository by the respective deadline. Students are encouraged to use the repository for version control while still working on the assignment. Only the last version commited before the deadline will be used for grading.

For group projects, you should e-mail the logins of the group members and a project name to our system administrator. You will then be given the name of a directory to which all group members have access.

Course Materials

Each lecture will begin with a short quiz covering both material from previous lectures and the preparation materials given below. You are expected to study the preparation materials before the lecture. Lectures will be fast-paced and you will be unable to answer questions on the quiz and may struggle to follow along if you did not study the given materials in advance. You do not have to review the slides in advance.

15.04.2013: Introduction to Peer-to-Peer Networks

Take a course on C programming

18.04.2013: The GNUnet Architecture

A Tutorial for GNUnet Hackers

22.04.2013: Peer-to-Peer Security

Secure Coding Guide: Avoiding Buffer Overflows and Underflows, A Survey of Peer-to-Peer Network Security Issues

25.05.2013: Unstructured Networks and Network Size Estimation

Gossip-based counting in dynamic networks

02.05.2013: Algorithms for Routing in Structured Overlay Networks

A Survey and Comparison of Peer-to-Peer Overlay Network Schemes

06.05.2013: NAT Traversal and Network Neutrality

Behavior and Classification of NAT Devices and Implications for NAT-Traversal

13.05.2013: Incentive Systems

Reputation in P2P Anonymity Systems

16.05.2013: Anonymity I

Tor: The Second-Generation Onion Router

23.05.2013: Anonymity II

Tor: The Second-Generation Onion Router

27.05.2013: Attacks!

Distributed Routing in Small-World Networks

03.06.2013: Evil Networks

A survey of botnet technology and defenses

06.06.2013: Future Networks

Why Future Internet research?, Towards a Future Internet

13.06.2013: Student Presentations: Designs and Related Work

Team 8 (M. Dorner): NAT traversal
Team X (S. Dieterle): VoIP

17.06.2013: Student Presentations: Designs and Related Work

Team 4 (L. Weller): TTP-free Mental Poker
Team 1 (B. Peter): GNUnet over DNS

20.06.2013: Student Presentations: Designs and Related Work

Team 9 (A. Rakhmatulin): Improving GNUnet's adhoc connectivity with a Bluetooth transport
Team 2 (R. Popa): Implementation of a P2P messaging service

24.06.2013: Student Presentations: Designs and Related Work

Team 6 (C. Fuchs): SMC Vectorproduct
Team 7 (J. Kirsch): Hiding P2P Activity

27.06.2013: Student Presentations: Designs, Implementations and Results

Sven Barth (Team 5): GNUnet over LTP

01.07.2013: No lecture (moved to 24.7.2013)

04.07.2013: Student Presentations: Implementations and Results

08.07.2013: Student Presentations: Implementations and Results

Team 2 (A. Grunau): Implementation of a P2P messaging service (MQTT)
Team 1 (J. Wessner): GNUnet over DNS
Team 6 (G. Kukreja): SMC Vectorproduct

11.07.2013: Student Presentations: Implementations and Results

Team 8 (W. Vogginger): NAT traversal
Team 7 (M. Leclaire): Hiding P2P Activity

15.07.2013: Student Presentations: Implementations and Results

Team 4 (L. Winter): TTP-free Mental Poker
Team 9 (H. Syed): Improving GNUnet's adhoc connectivity with a Bluetooth transport
Team X (A. Fuchs): VoIP

24.07.2013: Tor and the Censorship Arms Race: Lessons Learned

Special lecture by Jacob Applebaum and Roger Dingledine in HS 1 at 18:00.

Project Ideas

Tor-like OR in GNUnet
Onion-routing is easy, but you need to find a way to securely enumerate candiates for the route. Tor uses directory servers; research has shown that using DHTs leaks information and is thus unsafe. Can you find a way to securely source route without directory servers or other trusted authorities?
Protocols for in-network P2P monitoring to detect ongoing attacks
Many recent attacks on I2P have at least been detected by their internal monitoring. Can you improve our means to detect attacks?
Distributed constraint optimization (DCOP)
Why should peers only exchange data? Let them compute! There are various proposals for protocols to perform distributed constraint optimization. Can you make any of them work?
Build a distributed search engine
Google biases and filters results, based on who you are and where you live. Write a better search engine that is purely P2P and thus does not need advertising and is harder to reach for the censors.
X-Vine or Cubit DHT
GNUnet has R5N, but are there better DHTs out there? X-Vine looks promising, hack it up and compare! Or how about a DHT that performs range queries? Any DHT is fair game, even something simple as Kademlia might do, if the implementation and evaluation are done well.
P2P communication using DNS, SMTP, SCTP, Satellite, ...
GNUnet can communicate over various protocols already (UDP, TCP, HTTP, HTTPS, UNIX Domain sockets); how about adding something more interesting?
Improve NAT traversal
There are many NAT traversal techniques out there. Show off your network hacking skills and improve GNUnet's NAT traversal success rate (we can provide hardware for testing)
M2M applications
P2P doesn't have to be between users. Machine-to-Machine communication is said to be the next big thing (TM). From sensors (collective data analysis) to vehicles (congestion control, accident avoidance) and industrical control systems (supply chain management, disaster recovery), can you build the next big P2P application?
Asynchronous (reliable) messaging (a la WebSphere MQ)
Messaging is a basic building block of the modern service oriented architecture. Can you devise a secure, high-latency P2P messaging service?
Skype is proprietary software and Microsoft is centralizing the service to support "monitoring". Time for a better P2P VoIP system! (Check out the Opus codec.)
Freedom of Information
Build a decentralized system for news distribution (Podcast, blogs, books, news) with the ability to filter and archive what is important
Got other ideas?
Tell us!

Christian Grothoff