IN 2194 Peer-to-Peer Systems and Security, Summer 2013
General Information
The prerequisites for this class are a solid understanding of
operating systems, networks and system programming.
You must be able to write non-trivial programs in either C/C++ or Java
on GNU/Linux.
Lectures will be held Mondays from 10am to noon and Thursdays
from 2pm to 4pm in FMI 00.13.009A ("multi media room"),
starting Monday, April 15th 2013,
If you have questions that you need to ask in question, feel free to
drop in or make an appointment: Christian Grothoff,
Boltzmannstr. 3, Room 03.05.040. You can also find us most of the time on irc.freenode.net, #gnunet.
Syllabus
Specific topics that will be covered include:
- P2P applications, advantages and disadvantages of P2P systems
- common problems and operations in P2P systems
- routing in structured and unstructured overlay networks,
in particular distributed hash tables
- network address translation and traversal
- decentralized network size estimation
- reputation systems
- common attacks on P2P protocols and defenses against them
- anonymity, protocols to create anonymity and attacks on
anonymity
The various protocols are described in theory and practical
implementations of those ideas are discussed (in particular Freenet,
Bittorrent, Tor, JAP, GNUnet, I2P and Gnutella). The course will also
include a practical component focusing on the design and
implementation of a new P2P protocol or application.
The Project
You are free to choose a project for the course. The main
requirement is that is must related to the topics discussed
in the course. Some suggestions are at the bottom of this
page. If you have your own ideas, please keep in mind that the
motivation and originality of your idea as well as your
(experimental) evaluation of your project contribute significantly
to your grade, so you should pick something impressive - and
ensure that it can actually be done by you. You are encouraged
to discuss your preliminary ideas with the instructor.
Projects can be done individually or in groups of up to two
students. It is your responsibility to form and manage the
teams.
Note that for all projects you should feel free to discuss the
projects during the project phase in class and during office hours.
It is acceptable to discuss ideas, algorithms, or
approaches to solving problems and assignments with other students. We
encourage you to give and get such advice as it will help you learn
the material better and improve your ability to work in a team. If you
use existing code from other projects you must specify this in your
documentation and give proper attribution in the source code.
Project Proposal
Your first deliverable will be a 2-3 page project proposal. It should
describe:
- The problem you plan to study (be specific)
- Why you think it is important
- Related work you have found so far
- What you plan to do, including required, desired and optional
milestones
Your literature survey should be part of you work plan, and you should
plan to have it finished (in writing) by the deadline for the status report.
Project proposals are due on May 15th 2013 and should be submitted
via Subversion. You are encouraged to discuss project proposals with
us before the deadline.
Status Report
Your second deliverable will be a 1-2 page status report describing:
- What you have accomplished so far
- What you have left to do
- A week-by-week plan for finishing the project
It is suggested that you include your literature survey as an appendix
to the status report.
Status reports are due on June 15th 2013 and should be submitted via Subversion.
Project Presentations
Each project team is expected to give one in-class presentation
per team member on the project. If there are two team members,
the first presentation should focus on related work and the
project ideas, and the second presentation on the final design,
implementation and experimental results. To give the presentation,
you must first give a trial-run with an FSNSG member and get approval
to do the in-class presentation. It is your responsibility to
schedule an appointment at least a week before your presentation
is due. We will add the specific dates for each student's
presentation to the class schedule below. Please e-mail your final
slides (in PDF format) to the instructor at least 2h prior to the
presentation.
Project Submission
Programming projects must be submitted by 11:59 PM on August 10th 2013.
Project code and documentation should be submitted via Subversion.
You should use
svn co --username $LRZ_ID --no-auth-cache https://projects.net.in.tum.de/svn-tum/tum2194
to checkout your repository. Please ensure not to include any
unnecessary (i.e., generated) files from the code you hand in such
as object files or executables. You are encouraged to use the
Subversion repository for all of your project development, not
just for the submission. We will not accept crashed hard drives
as an excuse for a failure to submit results on time, use our
repository as your backup.
We expect that the projects will require a substantial amount of software design and
implementation. The software produced will be graded based on manual
and automatic code quality assessments, the quality of the
documentation and student-provided (automated) tests.
Final Project Report
In your final project report, please describe what your system actually
does provide (what really works, not what you planned to do),
the bugs you are aware of, experimental measurements (setup,
data, interpretation) and possible directions for future work.
As usual, reports will be graded on quality, not quantity.
Final Project Interview
Finally, we will have individual project interviews with each
student. During these interviews, we will provide feedback
on the project and ask questions about the course material and
the individual student's project (to ensure that
we understand their individual contributions). The final project
interviews are expected to last between 15 and 30 minutes, with
no more than 20 minutes being used for our questions.
Grading
You will be evaluated on the basis of the course project and in-class quizzes.
Achieving more than half of the points on the quizzes will result in a
0,3-bonus to the final grade.
For the course project, the different deliverables are weighted as follows:
| Project proposal | 10 Pts |
| Status report | 5 Pts |
| In-class presentation | 15 Pts |
| Final project report / paper | 40 Pts |
| Code quality | 15 Pts |
| Individual oral discussion of course and project | 15 Pts |
For the final project report, equal weight will be given in the evaluation to
the following four aspects
- motivation / originality
- clarity of the paper presentation
- thoroughness of the evaluation
- analysis of related work
The presentations and discussions will be done both in-class and
individually; the interviews at the end of the course will be
done individually and may go beyond just the scope of the project.
Software
I recommend that you use a Debian GNU/Linux
system for this class; your project's code must run on (some) GNU/Linux system.
Submission of Assignments
Each team will get access to a subversion
repository. Assignments must be committed to that repository by the respective
deadline. Students are encouraged to use the repository for version control while
still working on the assignment. Only the last version commited before the deadline will
be used for grading.
For group projects, you should e-mail the logins of the group members and a project
name to our system administrator. You will then be given the name of a directory to which
all group members have access.
Course Materials
Each lecture will begin with a short quiz covering both material from previous
lectures and the preparation materials given below. You are expected to study
the preparation materials before the lecture. Lectures will be fast-paced and
you will be unable to answer questions on the quiz and may struggle to follow
along if you did not study the given materials in advance. You do not have to
review the slides in advance.
15.04.2013: Introduction to Peer-to-Peer Networks
- Preparation
- Take a course on C programming
- Slides
- slides
- Quiz
- quiz
18.04.2013: The GNUnet Architecture
- Preparation
- A Tutorial for GNUnet Hackers
- Slides
- slides
22.04.2013: Peer-to-Peer Security
- Preparation
- Secure Coding Guide: Avoiding Buffer Overflows and Underflows,
A Survey of Peer-to-Peer Network Security Issues
- Slides
- slides
25.05.2013: Unstructured Networks and Network Size Estimation
- Preparation
- Gossip-based counting in dynamic networks
- Slides
- slides
02.05.2013: Algorithms for Routing in Structured Overlay Networks
- Preparation
- A Survey and Comparison of Peer-to-Peer Overlay Network Schemes
- Slides
- slides
06.05.2013: NAT Traversal and Network Neutrality
- Preparation
- Behavior and Classification of NAT Devices and Implications for NAT-Traversal
- Slides
- slides
13.05.2013: Incentive Systems
- Preparation
- Reputation in P2P Anonymity Systems
- Slides
- slides
16.05.2013: Anonymity I
- Preparation
- Tor: The Second-Generation Onion Router
- Slides
- slides
23.05.2013: Anonymity II
- Preparation
- Tor: The Second-Generation Onion Router
- Slides
- slides
27.05.2013: Attacks!
- Preparation
- Distributed Routing in Small-World Networks
- Slides
- slides
03.06.2013: Evil Networks
- Preparation
- A survey of botnet technology and defenses
- Slides
- slides
06.06.2013: Future Networks
- Preparation
- Why Future Internet research?,
Towards a Future Internet
- Slides
- slides
13.06.2013: Student Presentations: Designs and Related Work
- Team 8 (M. Dorner): NAT traversal
- Team X (S. Dieterle): VoIP
17.06.2013: Student Presentations: Designs and Related Work
- Team 4 (L. Weller): TTP-free Mental Poker
- Team 1 (B. Peter): GNUnet over DNS
20.06.2013: Student Presentations: Designs and Related Work
- Team 9 (A. Rakhmatulin): Improving GNUnet's adhoc connectivity with a Bluetooth transport
- Team 2 (R. Popa): Implementation of a P2P messaging service
24.06.2013: Student Presentations: Designs and Related Work
- Team 6 (C. Fuchs): SMC Vectorproduct
- Team 7 (J. Kirsch): Hiding P2P Activity
- tbd
27.06.2013: Student Presentations: Designs, Implementations and Results
- Sven Barth (Team 5): GNUnet over LTP
- Slides
- slides
01.07.2013: No lecture (moved to 24.7.2013)
04.07.2013: Student Presentations: Implementations and Results
08.07.2013: Student Presentations: Implementations and Results
- Team 2 (A. Grunau): Implementation of a P2P messaging service (MQTT)
- Team 1 (J. Wessner): GNUnet over DNS
- Team 6 (G. Kukreja): SMC Vectorproduct
11.07.2013: Student Presentations: Implementations and Results
- Team 8 (W. Vogginger): NAT traversal
- Team 7 (M. Leclaire): Hiding P2P Activity
15.07.2013: Student Presentations: Implementations and Results
- Team 4 (L. Winter): TTP-free Mental Poker
- Team 9 (H. Syed): Improving GNUnet's adhoc connectivity with a Bluetooth transport
- Team X (A. Fuchs): VoIP
24.07.2013: Tor and the Censorship Arms Race: Lessons Learned
Special lecture by Jacob Applebaum and Roger Dingledine in HS 1 at 18:00.
Project Ideas
- Tor-like OR in GNUnet
- Onion-routing is easy, but you need to find a way to securely enumerate
candiates for the route. Tor uses directory servers; research has shown
that using DHTs leaks information and is thus unsafe. Can you
find a way to securely source route without directory servers
or other trusted authorities?
- Protocols for in-network P2P monitoring to detect ongoing attacks
- Many recent attacks on I2P have at least been detected by their
internal monitoring. Can you improve our means to detect
attacks?
- Distributed constraint optimization (DCOP)
- Why should peers only exchange data? Let them compute!
There are various proposals for protocols to perform
distributed constraint optimization. Can you make
any of them work?
- Build a distributed search engine
- Google biases and filters results, based on who you are and where you
live. Write a better search engine that is purely P2P and thus
does not need advertising and is harder to reach for the censors.
- X-Vine or Cubit DHT
- GNUnet has R5N, but are there better DHTs out there? X-Vine looks
promising, hack it up and compare! Or how about a DHT that performs
range queries? Any DHT is fair game, even something simple as
Kademlia might do, if the implementation and evaluation are done well.
- P2P communication using DNS, SMTP, SCTP, Satellite, ...
- GNUnet can communicate over various protocols already (UDP, TCP, HTTP, HTTPS,
UNIX Domain sockets); how about adding something more interesting?
- Improve NAT traversal
- There are many NAT traversal techniques out there. Show off your
network hacking skills and improve GNUnet's NAT traversal
success rate (we can provide hardware for testing)
- M2M applications
- P2P doesn't have to be between users. Machine-to-Machine communication
is said to be the next big thing (TM). From sensors (collective data analysis)
to vehicles (congestion control, accident avoidance) and
industrical control systems (supply chain management, disaster recovery),
can you build the next big P2P application?
- Asynchronous (reliable) messaging (a la WebSphere MQ)
- Messaging is a basic building block of the modern service oriented
architecture. Can you devise a secure, high-latency P2P messaging
service?
- Voice-over-IP
- Skype is proprietary software and Microsoft is centralizing the service
to support "monitoring". Time for a better P2P VoIP system!
(Check out the Opus codec.)
- Freedom of Information
- Build a decentralized system for news distribution (Podcast, blogs,
books, news) with the ability to filter and archive what is important
- Got other ideas?
- Tell us!
Christian Grothoff