peer to peer networking

[xDDunce]

Hey everyone.

I haven't posted on here for a while, been a bit busy making a few iPhone apps, but was hoping if you guys could help me out with a knew one.

I'm trying to create an cross device (iPhone to iPhone/PC/Mac) application, which does not rely on a server in any way. it is purely a peer network. The trouble comes when considering how this could be implemented, with as little network traffic as possible (due to bandwidth consumption, speed etc).

So far, I have been trying to find any open source application which implements a network model similar to what I want, but everywhere seems to rely on a server for an IP Table distribution system. Is there not a way of being able to find a virtual network without the server's help?

I know this concept sounds weird, but it would make the development of this application suite so much cheaper, and hopefully a bit more secure. I understand the possible security flaws in this proposed system, but I was hoping that, without having to store any data on a server, I would be able to create a more user-interacting application.

The only system I have been able to conceive as plausible, has been just a secure handshake with a server, and then hand the application a small list of some user's connected to the peer network. From there we can then expand to those not marked on the server. But my problem lies with protecting those IP addresses stored on the server.

I suppose using an SSL system to connect to the server securely, would be the best option (if not a little obvious) but then how can I be sure the connection has come from my application? If people just suddenly started connecting to my site and downloading hundreds of IP's all of which will have a single port open, that would leave the ENTIRE peer network compromised, not just the IP addresses logged on the server.

I would hope that there is a much simpler, securer method than this. It seems like the more I consider this method, the less plausible it becomes.

So, what do you guys think?
- Is it possible to have a peer-2-peer network, without having to bootstrap from a server?
- How would you go about implementing the server side of the network, securely and without recording excess data?
- Does this application concept seem plausible? Or am I just mad?

Cheers,
James.

[Combuster]

Isn't the idea of a peer-to-peer network to be able to find others? By just monitoring a backbone link you can find everybody who is using a certain protocol or program going over that link anyway. Some ISPs already keep full logs of your internet connection, and so you can not hide the fact you are communicating.

Define what "security" is being "compromised".

[xDDunce]

Well, it's not so much security being compromised. It's more; I don't want to be liable to releasing a program with a fixed port, a list of IP addresses and a very simple buffer overflow error. This is just a "worst case scenario", that I'm taking into account early, rather than letting them happen and then considering them.

And I'm not sure on the specifics, but i know thepiratebay.org has recently dropped their tracker in favor of DHT peer discovery. I will have to do a bit of research to discover if this is true, but I have noticed that you don't need a response from a tracker on a torrent to use DHT. Also, Magnet links appear to be virtual. They can be generated on-the-fly, or so it appears. Of course, more research for me.

I was just wondering if anybody here has had any experience in dealing with "virtual" P2P networking.

[Owen]

DHT works by getting peers from

• Other peers you know - either from the same torrent, or a different one (Perhaps you acquired said peers another way)
• A couple of central servers which return a few random clients from the giant DHT pool

All P2P systems need some kind of server from which to seed their initial pool. Most will cache clients they have seen recently and try them too; this has the downside that, if the IP gets reassigned, you knock on a stranger's door.

[inx]

Is this meant for a LAN or a WAN? If it's a LAN, there's the ZeroConf "standard". http://en.wikipedia.org/wiki/ZeroConf
Avahi (http://en.wikipedia.org/wiki/Avahi_(software)) is an open source implementation of it, and the Bonjour implementation (http://en.wikipedia.org/wiki/Bonjour_(software)) is
built in on OS X/iPhone OS, and available as freeware for Windows and a few unices.

EDIT: I realized this comment is probably irrelevant because the common usage of P2P these days means online file sharing. Kids these days.
Leaving the comment up in case I'm wrong.

[xDDunce]

@inx: Thanks for the links, i completely forgot about zeroconf. Bonjour was an idea to begin with, but the limited range of usage is a problem.

By P2P I mean the original meaning of P2P networking. 2 or more peers communicating without an intermediate server for routing packets and such. To most people, P2P only ever means TPB and 'illegal' etc.

Thanks for the help, though.

@owen: Thanks for the explanation. I suppose I should do a lot more of my homework before throwing terms out into the world. But now that I _have_ done my homework, I can hopefully get a better idea on what is and isn't possible.

With DHT, I would require atleast 1 IP address to be stored somewhere. Then, as long as the node at that IP address is running one of the client node applications, everybody else will then be able to tie into the network, although relatively slowly. To increase the speed capabilities of this, would be a private tracker for clients. Not neccessarily holding _all_ client IPs, but maybe 5-10%. From there, I can run multiple DHT rings, with inter-ring mobility (think runescape styled worlds, log out of 1 world and into another. each ring being a world instance).

Thanks for all the help guys, I think i'm getting a much better view on how P2P networks work, and how best to utilize the network power.

Cheers,
James.

[dak91]

mmh, try to see this http://netsukuku.freaknet.org/

[Combuster]

EDIT: I realized this comment is probably irrelevant because the common usage of P2P these days means online file sharing. Kids these days.

The essence of peer-to-peer is sharing without nodes being more important than others. You can't use a p2p network for anything other than sharing information and resources. Files just happen to be the most straightforward resource to share.

I don't want to be liable to releasing a program with a fixed port, a list of IP addresses and a very simple buffer overflow error.

Well, check your buffers then.
Seriously, a good protocol is not compromised because some implementation has a bug. I can just portscan the internet for port 80 and quickly find several webservers to try and exploit. A good protocol is resistant against a single node or groups of malfunctioning nodes.

[inx]

@xDDunce: Not a problem. Wasn't meaning anything by the 'kids these days' bit, it was a joke as I'm only 20.

The essence of peer-to-peer is sharing without nodes being more important than others. You can't use a p2p network for anything other than sharing information and resources. Files just happen to be the most straightforward resource to share.

I was aware of that, but peer to peer does not exclusively mean file sharing, especially does not exclusively mean audio and video sharing, and does not even technically mean a service that is client/server for initialization. Either way, I was not meaning to convey a commentary on the correctness of referring to a peer to peer service as peer to peer, only to apologize if my comment was irrelevant due to my datedness in popular terminology.

[js]

You can request that the user provides a list of peers to start with. Instead of having a central server handing out IPs of peers, people exchange their IP with their friends through whatever means they have. This means that one can bootstrap himself into the network by using real-world, physical, peer-to-peer communication (the peers being your users there). This is the solution used by freenet IIRC.

Another solution, if you have enough users, is to poke at random in the IP (v4 !) space until you find a node. But people aren't going to like it if you knock at too many strangers' doors.

In any case, check your implementation, let no security holes go out in the wild : even if you don't have a central server containing all IPS, it'll be just a matter of minutes to walk through the whole network and get that list of IPs. The protocol isn't going to fix the security problems in your client.

[Candy]

I'd thought up a p2p system about half a year ago that tried to solve that problem. Basically, connect to a given node, request some edge nodes of his and connect to those too, so no single failure can get the network split. The longer you've been online the more nodes you know, the more likely one of them will be back next time.

About authentication; the only thing you can hope to achieve is knowing which clients you're connecting with that you've seen before. There's no other identity that you can check. But anyway, as your identity online is made by your actions, that should be ok. Create a private key for yourself, send others the public key for communication and allow them to do challenge/response with that key. Use the response of that in determining connection keys and you are sure that you connect directly (no MITM) to the target user with that private key. Then, keep track of users and your own user's notes about that target user.

You can even do a "I like / dislike" system in there. Put out a message saying something about any given target user and sign it with your private key. That allows you to mark trolls. "put out" in this context is, allow N-node deep probes for a given user public key with the request of "what do you guys think of this guy".

I thought of it in the context of a game with networking, and a game distribution network that is secure but not for money. The original proposal (more detailed than this) is on gamedev.net.