IPv8: Peer-to-Peer overlay network

In short: a library for networking in distributed applications based on a P2P-overlay which handles IP changes, strong identities, trust levels, and neighbourhood graphs.

Overview

Problems with the very fabric of The Internet, IPv4, are mounting. The approach of IPv6, Mobile IP, and IPSec is hampered by fundamental architectural problems. A superior solution is moving the intelligence up to a higher layer in the protocol stack and towards the end points.

We have the expertise to design and build innovative P2P overlay software. Our overlay will offer a secure network connection to either a known person or a specific computer which is robust against eavesdropping, man-in-the-middle attacks, peer failure, network failure, packet loss, change of IP numbers, network mobility, and blocking by NAT/Firewalls. Our solution exposes trust and reputation levels to the networking layer to lower the risk of DDOS attacks.

Functionality

IPv8 is an P2P overlay network which unlocks more advanced functionality. Over the coming 5 years we aim to evolve this technology and offer the following functionality:

• Direct, safe, and robust communication between you and any other node
• Determine the friendship paths between you and any other node by integrating existing web-based social networks
• Estimate the trust level between you and any other node
• Exchange of multimedia information of any size or popularity
• Transfer of virtual currency (credits) or real money to any other node

Performance and awareness

IPv8 also enables a new interface for performance and network awareness. Currently every application has to guess the available bandwidth, latency, etc. while all this information is availbe in the hidden TCP state. Especially for network-dependent applications this can boost effectiveness and efficiency. (As nicely described years ago by MIT people in the Daytona paper)

Related work

• Relates to novel routing ideas
• Group of P2P papers
• User-Space TCP with UDP primitives
• Query Google scholar
• links to NAT doc
• IPv8 links
• Skype is the nearly undocumented state-of-the-art
• Skype reactions to packet loss and bandwidth reduction
• Cached copy of Skype admin documentation
• Peer discovery, random walk, and trackerless torrents
• 2005 work on NAT with references to generic libraries
• Twisted into and main site
• Daytona - A User-Level TCP Stack, 2002

Security specific

• Obfuscated TCP with Linux kernel code
• The TCP Authentication Option
• Unauthenticated Mode of IPsec
• TCP crypto discussion on MIT mailinglist

STUN Specific

• Details on the different types of NAT
• STUN protocol
• Boogu: A python STUN client for getting NAT type, followed RFC 3489
• Google query
• http://www.google.com/search?q=NAT+Check
• http://www.cs.cornell.edu/projects/stunt/
• http://www.cs.cornell.edu/projects/stunt/firewall-classify-1.0.htm
• Actual C code
• source code
• http://sparrow.ece.cmu.edu/~adrian/projects/natblaster.pdf
• http://nutss.gforge.cis.cornell.edu/pub/imc05-tcpnat.pdf
• http://www.nattraversalserver.com/

TCP connection establishment

The aim is to copy the TCP handshake algorithm with the SYN and SYN-ACK packets

SCTP

• wiki
• user space lib

Planning

• NAT check: every peer runs the STUN protocol in order to find out the kind of NAT (if any) they are behind, as well as their public address (IP and port) our code

• NAT timeout: every peer has to find out the timeout of their own NAT for UDP connections

• UDP hole punching: combining the information above in order to implement UDP hole punching

For the NAT check we are using th STUN algorithm: