IN 2194 Peer-to-Peer Systems and Security, Summer 2014

General Information

The prerequisites for this class are a solid understanding of operating systems, networks and system programming. You must be able to write non-trivial programs in either C/C++ or Java on GNU/Linux. Lectures will be held Tuesdays from 2-4pm and Thursdays from 1pm to 2:30pm in FMI 00.13.009A ("multi media room"), starting Tuesday, April 8th 2014, If you have questions that you need to ask in question, feel free to drop in or make an appointment: Christian Grothoff, Boltzmannstr. 3, Room 3.5.40. You can also find us most of the time on irc.freenode.net, #gnunet.

Syllabus

Specific topics that will be covered include:

The various protocols are described in theory and practical implementations of those ideas are discussed (in particular Freenet, Bittorrent, Tor, JAP, GNUnet, I2P and Gnutella). The course will also include a practical component focusing on the design and implementation of a new P2P protocol or application.

The Project

You are free to choose a project for the course. The main requirement is that is must related to the topics discussed in the course. Some suggestions are at the bottom of this page. If you have your own ideas, please keep in mind that the motivation and originality of your idea as well as your (experimental) evaluation of your project contribute significantly to your grade, so you should pick something impressive - and ensure that it can actually be done by you. You are encouraged to discuss your preliminary ideas with the instructor.
Projects can be done individually or in groups of up to two students. It is your responsibility to form and manage the teams. Note that for all projects you should feel free to discuss the projects during the project phase in class and during office hours. It is acceptable to discuss ideas, algorithms, or approaches to solving problems and assignments with other students. We encourage you to give and get such advice as it will help you learn the material better and improve your ability to work in a team. If you use existing code from other projects you must specify this in your documentation and give proper attribution in the source code.

Project Proposal

Your first deliverable will be a 2-3 page project proposal. It should describe:

Your literature survey should be part of you work plan, and you should plan to have it finished (in writing) by the deadline for the status report. Project proposals are due on May 1st 2014 and should be submitted via Subversion. You are encouraged to discuss project proposals with us before the deadline.

Status Report

Your second deliverable will be a 1-2 page status report describing: It is suggested that you include your literature survey as an appendix to the status report. Status reports are due on June 15th 2014 and should be submitted via Subversion.

Project Presentations

Each project team is expected to give one in-class presentation per team member on the project. If there are two team members, the first presentation should focus on related work and the project ideas, and the second presentation on the final design, implementation and experimental results. To give the presentation, you must first give a trial-run with an FSNSG member and get approval to do the in-class presentation. It is your responsibility to schedule an appointment at least a week before your presentation is due. We will add the specific dates for each student's presentation to the class schedule below. Please e-mail your final slides (in PDF format) to the instructor at least 2h prior to the presentation.

Project Submission

Programming projects must be submitted by 11:59 PM on August 8th 2014 (extended deadline). Project code and documentation should be submitted via Subversion.

You should use 

    svn co --username $LRZ_ID --no-auth-cache https://projects.net.in.tum.de/svn-tum/tum2194
to checkout your repository. Please ensure not to include any unnecessary (i.e., generated) files from the code you hand in such as object files or executables. You are encouraged to use the Subversion repository for all of your project development, not just for the submission. We will not accept crashed hard drives as an excuse for a failure to submit results on time, use our repository as your backup.
We expect that the projects will require a substantial amount of software design and implementation. The software produced will be graded based on manual and automatic code quality assessments, the quality of the documentation and student-provided (automated) tests.

Final Project Report

In your final project report, please describe what your system actually does provide (what really works, not what you planned to do), the bugs you are aware of, experimental measurements (setup, data, interpretation) and possible directions for future work. As usual, reports will be graded on quality, not quantity.

Final Project Interview

Finally, we will have individual project interviews with each student. During these interviews, we will provide feedback on the project and ask questions about the course material and the individual student's project (to ensure that we understand their individual contributions). The final project interviews are expected to last between 15 and 30 minutes, with no more than 20 minutes being used for our questions.
You need to schedule your individual (not team) presentations with me to happen between August 4th and August 14th. Alternatively, you might be offered the possibility to present at the GNU Hacker Meeting 2014 August 15-17th. In exceptional cases, you might present at a later time to Bart Polot. In that case, your final grade for the course may be entered into the system with significant delay.

Grading

You will be evaluated on the basis of the course project and in-class quizzes. Achieving more than half of the points on the quizzes will result in a 0,3-bonus to the final grade. For the course project, the different deliverables are weighted as follows:

Project proposal10 Pts
Status report5 Pts
In-class presentation15 Pts
Final project report / paper40 Pts
Code quality15 Pts
Individual oral discussion of course and project15 Pts

For the final project report, equal weight will be given in the evaluation to the following four aspects

The presentations and discussions will be done both in-class and individually; the interviews at the end of the course will be done individually and may go beyond just the scope of the project.

Software

I recommend that you use a Debian GNU/Linux system for this class; your project's code must run on (some) GNU/Linux system.

Submission of Assignments

Each team will get access to a Subversion repository. Assignments must be committed to that repository by the respective deadline. Students are encouraged to use the repository for version control while still working on the assignment. Only the last version committed before the deadline will be used for grading.

For group projects, you should select a group in Moodle. Your team is then to submit the materials into the /team???/a1/ directory in Subversion, which will be shared between the team members. The ??? should be replace with your group number in Moodle.

Course Materials

Each lecture will begin with a short quiz covering both material from previous lectures and the preparation materials given below. You are expected to study the preparation materials before the lecture. Lectures will be fast-paced and you will be unable to answer questions on the quiz and may struggle to follow along if you did not study the given materials in advance. You do not have to review the slides in advance.

08.04.2014: Introduction to Peer-to-Peer Networks

Preparation
Take a course on C programming, and read a book or two.
Slides
slides, video
Quiz
quiz

10.04.2014: The GNUnet Architecture

Preparation
A Tutorial for GNUnet Hackers (C version), A Tutorial for GNUnet Hackers (Java version)
Slides
slides

15.04.2014: Peer-to-Peer Security

Preparation
Secure Coding Guide: Avoiding Buffer Overflows and Underflows, A Survey of Peer-to-Peer Network Security Issues
Slides
slides

24.04.2014: Unstructured Networks and Network Size Estimation

Preparation
Gossip-based counting in dynamic networks
Slides
slides

29.04.2014: Bitcoin

Preparation
Zeitgeist: Addendum (apply critical thinking), BitCoin: A Peer-to-Peer Electronic Cash System, bmoney
Slides
slides

06.05.2014: Network Size Estimation and Random Peer Sampling

Preparation
Brahms: Byzantine Resilient Random Membership Sampling
Slides
slides

08.05.2014: Algorithms for Routing in Structured Overlay Networks

Preparation
A Survey and Comparison of Peer-to-Peer Overlay Network Schemes
Slides
slides

13.05.2014: NAT Traversal and Network Neutrality

Preparation
Behavior and Classification of NAT Devices and Implications for NAT-Traversal
Slides
slides

15.05.2014: Incentive Systems

Preparation
Reputation in P2P Anonymity Systems
Slides
slides

20.05.2014: Anonymity I

Preparation
Tor: The Second-Generation Onion Router
Slides
slides

22.05.2014: Anonymity II

Preparation
Tor Stinks (U)
Slides
slides

27.05.2014: Evil Networks

Preparation
A survey of botnet technology and defenses
Slides
slides

03.06.2014: Attacks!

Preparation
TOP SECRET//COMINT//20291123: (U//FOFU) Tor, Distributed Routing in Small-World Networks
Slides
slides

05.06.2014: Future Networks

Preparation
Why Future Internet research?, Towards a Future Internet
Slides
slides

12.06.2014: Student Presentations: Designs and Related Work

Taxable anonymous digital cash
Mueller (pdf)
Multiplicative Secret Sharing
Buenger, Arias (pdf)

17.06.2014: Student Presentations: Designs and Related Work

Axolotl Rachet
Strasser, Lotz
GNUnet support for Git
Kruk, Carvalho (pdf)

24.06.2014: Student Presentations: Designs and Related Work

Improved MQTT
Frey, Sawadski (pdf)
Brahms
Galtsev, Migal (pdf)

26.06.2014: Student Presentations: Designs and Related Work (begin: 13:30)

Group OTR
Teich, Theiss

01.07.2014: Student Presentations: Implementations and Results

Scribe
Zhdanov
Axolotl Rachet
Strasser, Lotz

03.07.2014: Student Presentations: Implementations and Results

Multiplicative Secret Sharing
Buenger, Arias

07.07.2014: Talk @ TUM: Peter Schaar

Technik, Recht und Überwachung, HS 1, 18:00

07.07.2014: Podiumsdiskussion im Literaturhaus

Überwachung total. Wie wir in Zukunft unsere Daten schützen

08.07.2014: Student Presentations: Implementations and Results

Taxable anonymous digital cash
Dold, Mueller
Improved MQTT
Frey, Sawadski
Group OTR
Teich, Theiss (pdf)

10.07.2014: Student Presentations: Implementations and Results

Brahms
Galtsev, Migal
GNUnet support for Git
Kruk, Carvalho
Axolotl Rachet
Strasser, Lotz

15.07.2014: Talk @ TUM: Rebekah Overdorf

Blogs, Comments, and Twitter Feeds: A Study of Domain Adaptation in Stylometry, 03.07.023, 14:00

15-17.8.2014: GNU Hackers' Meeting

GHM 2014 at LRZ/TUM.

Project Ideas

Byzantine Fault-Tolerant Decentralized Random Peer Sampling
Many protocols require the ability to pick a "random" peer. But how can this be done securely in an open network? Fortunately, there are research papers on this subject. But do they work in practice?
P2P communication using DNS, SMTP, SCTP, Satellite, ...
GNUnet can communicate over various protocols already (UDP, TCP, HTTP, HTTPS, WLAN, Bluetooth, UNIX Domain sockets); how about adding something more interesting?
Implement solution to the SMP
The Socialist Millionair Problem (SMP) is a common building block for privacy-preserving computations, and in particular can be used to securely verify a shared secret.
Improve NAT traversal
There are many NAT traversal techniques out there. Show off your network hacking skills and improve GNUnet's NAT traversal success rate (we can provide hardware for testing)
More DHTs
GNUnet has R5N, but are there better DHTs out there? How about a DHT that performs range queries? Any DHT is fair game, even something simple as Kademlia might do, if the implementation and evaluation are done well.
Protocols for in-network P2P monitoring to detect ongoing attacks
Many recent attacks on I2P have at least been detected by their internal monitoring. Can you improve our means to detect attacks?
Distributed constraint optimization (DCOP)
Why should peers only exchange data? Let them compute! There are various proposals for protocols to perform distributed constraint optimization. Can you make any of them work?
Voice-over-IP
gnunet-conversation needs love. Features like group conversations (without host?) could be interesting. Build the next P2P VoIP system!
Build a distributed search engine
Google biases and filters results, based on who you are and where you live. Write a better search engine that is purely P2P and thus does not need advertising and is harder to reach for the censors.
M2M applications
P2P doesn't have to be between users. Machine-to-Machine communication is said to be the next big thing (TM). From sensors (collective data analysis) to vehicles (congestion control, accident avoidance) and industrical control systems (supply chain management, disaster recovery), can you build the next big P2P application?
Asynchronous (reliable) messaging (a la WebSphere MQ)
Messaging is a basic building block of the modern service oriented architecture. Can you devise a secure, high-latency P2P messaging service?
Freedom of Information
Build a decentralized system for news distribution (Podcast, blogs, books, news) with the ability to filter and archive what is important
Got other ideas?
Tell us!

Christian Grothoff