Student Name: Conor Mc Manamon Student Number: XXXXXXXXXXXX



Download 52.22 Kb.
Date31.07.2017
Size52.22 Kb.
#25509

Final Year Proposal Form 2009/2010

Student Name: Conor Mc Manamon

Student Number: XXXXXXXXXXXX

Mobile Number: XXXXXXXXXXXXX


Stream (CSAA/SDIS/DKM/GP):

XXXX

Project Title



Going Dark: An Investigation Into the Measures Which Threaten the State of Privacy and Net Neutrality on Public Domain Networks and the Development of a Private Darknet Suite to Circumvent or Defeat Them.

Summary

The aim of this project is to firstly identify the core measures in place which threaten the privacy of users on public domain networks. The focus will be on communication and file sharing on the Internet, which will limit the commentary to issues surrounding peer to peer software, file hosting services, Internet service providers and governments, with reference to censorship and net neutrality.


Having identified these threats, I will then develop and deploy a private darknet suite to show how some of these measures maybe circumvented or defeated. The suite will consist of an authentication server and a hybrid client/server application with which the user will interface with the darknet.
The server application's sole purpose will be to authorise clients' access to the darknet. Upon successful authentication with the server, clients would be synchronised with the other online clients on the darknet.
The client application will allow the user to both communicate and share files with other online clients in a secure manner – all traffic being encrypted between clients and clients, and clients and the server.
The fully completed project would also include tools to ease the generation of user specific resources such as keys, and the addition of users to a given server's governed darknet.
At the end of the project, I hope to have a minimal configuration lightweight application suite to release as a free, open source project under a yet to be chosen open source license.


Background (and References)
In recent years, the Internet has become heavily policed in an aim to quash the distribution of illegal materials, whether they infringe copyright, or are of another dubious nature. Applications such as peer to peer software, as well as services provided by file hosting companies have become heavily scrutinised, held responsible for the distribution of these materials and in some cases even made illegal. These measures taken to combat these these problems as the respective industries see them has had a major knock on effect on the state of privacy in the public domain. These include censorship, traffic shaping and the control of content delivery or violating net neutrality, terms relatively unheard of in the context of western society until recent years.
One possible remedy to the current trend of privacy intrusion is the deployment of a darknet. A darknet, in the context of file sharing and this project, is defined as a network operating on top of another network, such as the Internet, in a closed or private manner, whereby the content of data exchange is hidden from users outside the network or lacking sufficient authorisation. This can be achieved in a number of ways, the most common being encrypting all traffic between nodes. In some networks, anonymity provided through proxy servers or onion routers is sufficient, read masking your identity.
While there are currently many darknet applications in existence, I feel some lack certain features, are prone to feature creep or are aimed at a certain user base, thus I intend to investigate the development of a more universal darknet application suite which will appeal to a wider audience whilst maintaining a more lightweight “Do One Thing and Do It Well” approach. As outlined in the summary, the focus will be on communication and file sharing. These two functions tend to be the bare bones of most darknet clients in modern usage and shall constitute two of the major features of the application proposed in this project. The suite will be aimed at usage in smaller networks, for example, in small companies, small software development groups, home users' networks, and for people generally concerned with their privacy in the public domain.
Key concepts in a darknet are privacy, trust and security. All three are closely related in the context of a darknet as I will now demonstrate. As outlined above, a common means to provide private data exchange within darknets is the encryption of all traffic between nodes. This presents the problem of secure key exchange between nodes. The use of a public private key scheme such as RSA would solve this problem, and also offer a means to provide host verification, which solves the trust conundrum (We will assume users invited into the darknet are trusted); Clients can be verified by some sort of handshake using their key pair. With this sort of verification scheme in place, attacks such as client spoofing are mitigated, thus preserving the overall integrity of the security of the system.
The goal of this project is to combine all of these concepts into a functional minimal configuration lightweight application suite to release as a free, open source project into the public domain.




Texts found to date:
Applied Cryptography (2nd Edition) - Bruce Schneier.

Wiley; ISBN 978-0471117094


Cryptography and Network Security (4th Edition) – William Stallings. Prentice Hall; ISBN 978-0131873162
Cryptographic Libraries for Developers – Ed Moyle & Diana Kelley.

Charles River Media; ISBN 978-1584504092


Hacking: The Art of Exploitation (2nd Edition) – Jon Erickson.

No Starch Press; ISBN 978-1593271442


Network Security with OpenSSL – John Viega, Matt Messier, Pravir Chandra.

O'Reilly Media Inc.; ISBN 978-0596002701


Software Security: Building Security In - Gary McGraw

Addison-Wesley Professional; ISBN 978-0321356703


Applied Cryptography and Network Security - Michel Abdalla, David

Pointcheval, Pierre-Alain Fouque, Damien Vergnaud.

Springer; ISBN 978-3642019562
Engaging Privacy and Information Technology in a Digital Age – Committee on Privacy in the Information Age, National Research Council.

National Academies Press; ISBN 978-0309103923


Digital Privacy: Theory, Technologies, and Practices – Allesandro Acquisti, Stefanos Gritzalis, Costos Lambrinoudakis, Sabrina di Vimercati.

Auerbach; ISBN 978-1420052176



Computer Security, Privacy and Politics: Current Issues, Challenges and Solutions – Ramesh Subramanian.

IRM Press; ISBN 978-1599048048



Whitepaper resources found to date:
The Darknet and the Future of Content Distribution - Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman; Microsoft Corporation. (2001)
Darknets, DRM, and Trusted Computing - Alessandro Acquisti; Carnegie Mellon University. (2004)
Establishing Darknet Connections: Usability and Security - John Bethencourt, Wai Yong Low, Issac Simmons, and Matthew Williamson; Carnegie Mellon University. (2007)
Darknets: Fun and Games with Anonymising Private Networks – Adrian Crenshawl; Louisville InfoSec 2009. (2009)



Whitepaper resources found to date (contd.):
Black Hat USA 2009 Washington DC Presentations:
Veiled – A Browser Darknet – Matt Wood & Billy Hoffman; Web Research Group, HP Software.
Sub-Prime PKI: Attacking Extended Validation SSL - Michael Zusman & Alexander Sotirov.

Null Prefix Attacks Against SSL/TLS Certificates – Moxie Marlinspike.
Protocol Abuses - Michael Brooks and David Aslanian.


Web resources found to date:
RFCs - http://www.ietf.org

3394, 3447, 3602, 4615, 4738, 5208, 5408, 5451.

Date of last access: 09 October 2009.
FIPS - http://www.itl.nist.gov/fipspubs/

180-3, 196, 197.

Date of last access: 09 October 2009.
OpenSSL - http://openssl.org/

Mailing lists/reference documentation etc.

Date of last access: 14 October 2009.
New York Law Journal - http://www.law.com/jsp/nylj/index.jsp

Articles on related to net neutrality, file sharing etc.

Date of last access: 10 October 2009.
The Irish Times - http://www.irishtimes.com/

National news in relation to net neutrality, file sharing etc.

Date of last access: 27 September 2009.
IDPC - http://www.dataprotection.ie/docs/Home/4.htm

Irish Data Protection Commission.

Date of last access: 10 October 2009.
ERDI - http://edri.org

Digital Civil Rights in Europe.

Date of last access: 14 October 2009.
RIPA - http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_1

UK legal guidelines surrounding privacy and data communication.

Date of last access: 12 October 2009.
Torrent Freak - http://torrentfreak.com/

Europe oriented file sharing news.

Date of last access: 14 October 2009.

Proposed Approach

To manage the development of the software in the project, I intend to follow the Spiral Model, whose steps can be outlined as follows:




  • Identify and detail requirements.

  • Preliminary design.

  • Initial prototype of preliminary design.

  • Test and evaluate prototype and extend design for following prototype.

  • Construct following prototype and repeat.

While this methodology is usually associated with large projects with long development cycles, certain aspects of it will provide a useful framework for the development of this project. For example, the ability to build new prototypes atop previous ones, ensures there is always a presentable working prototype code base. Also, the ability to rethink flawed design decisions at each prototype stage allows the delivery of a final product which conforms closely to the customer's, or in this case, the target user base's specification.


Diagramming Convention:
While associated with the Rational Unified Process, I shall borrow from the Unified Model Language diagramming convention for some of the diagrams in this project. The UML class diagrams are particularly useful for displaying the relationship between objects in the system.
I will however, in lieu of UML's sequence diagrams, use Jackson Structured Programming Diagrams to display programme flow in the varying scenarios. In my experience, these diagrams are easier to follow, not requiring the user to scroll up and down and back and fourth between pages to see where control flows lead as is the case with flow charts, and are more intuitive than UML's sequence diagrams.

Evaluation Criteria

At this stage, the following sections of the projects are candidates for evaluation:




  • Overall system integrity.

  • Functionality.

  • Efficiency.

  • Portability.

  • Standards compliance.

  • Legal compliance.

So far as an evaluation strategy is concerned at this point, in addition to either an open or closed beta release for feedback, I plan to use some evaluation standards

for each appropriate section of the project:


  • Overall structure; A yet to be chosen OSS evaluation model.

  • User interface; Nielsen's Heuristics in addition to another yet to be chosen UI evaluation scheme.

  • Cryptographic functionality and integrity; I am currently reviewing models from a number of sources.

  • Security; Again, I am reviewing various models, but I plan to perform some common attacks on the system. The idea will be to test how resilient the system is on a software level, as well as on an overall level if, for example a client is compromised.



Deliverables





  • Project dissertation.

  • Functional darknet client/server suite for demonstration.

  • User and administration manuals.


Priority Features:


  • Secure protocol and cryptographic middleware.

  • Sever daemon with logging capability.

  • Client application with instant messaging and file transfer capability.

  • Portability across major open source UNIX based platforms.


Secondary Features:


  • Windows support.

  • UDP support for clients on restricted GPRS networks.

  • User and administration tools.



Technical Requirements

2 laptops, minimum:


  • Running Arch Linux/FreeBSD/OpenBSD with relevant library/toolset support for building software in C/C++.

  • GCC/G++ for compiling.

  • qmake/cmake for makefile generation.

  • GDB/Valgrind for debugging.

  • Latest builds of OpenSSL and QT 4.5.

A router to provide basic network functionality for testing and demonstration:



  • NAT capability.

  • Wireless AP.






Project Plan





October 2009:

Complete high level design of the system.

Further detailed design plan for each programme module.

Complete protocol outline.

Alpha versions of cryptographically secure modular socket, basic client interface

and server. Fully working login sequence/Synchronisation.

Completed client user interface.

Evaluate and test initial prototypes.

Chapter 1 & 2 of dissertation.


November 2009:

Daemonised server application with logging enabled.

Client Instant messaging functionality completed.

Remote search and file transfer functionality completed.

Re-evaluate and test prototypes.

Chapter 3 & 4 of dissertation.



Late November:

Code freeze. Begin testing and evaluation plans.




December 2009:

Begin testing and bug fixes.

Begin evaluation of beta product.

Prepare for interim report/Presentation.




January 2010:

Fix any bugs reported in beta product.

Re-evaluate beta product.

Continue dissertation.




February 2010:

Final testing of release candidate product.

Final evaluation of release candidate product.

Continue dissertation.




March 2010:

Continue dissertation.

Prepare for final presentation.


April 2010:

Final review and finishing touches to documentation:



  • Dissertation.

  • Final presentation.

  • User manuals.



Lecturer Comments





Student Signature



Date

Lecturer Signature



Date

Download 52.22 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page