Abstract:
Peer-to-peer (P2P) file sharing accounts for one of the major sources of the Internet traffic. As privacy and anonymity issues continue to grow due to constant censorship and network surveillance, more and more Internet users are getting attracted towards the facilities for anonymous communication. Extensive research has been conducted over the years towards the design and development of several anonymous P2P file sharing protocols and systems. Size of the Anonymity Set plays a crucial role in determining the degree of anonymity being provided by such networks. However, most of the existing anonymous infrastructures create a completely new network and invite users to join in. As a result, even popular systems like Freenet and GNUnet suffer from not enough participants. Popular Online Social Networks (OSNs) like Facebook and Twitter have an existing strong network of millions of users which can provide us with a readily exploitable abstraction of a P2P platform for implementing an anonymous communication scheme. In this thesis, we explore the possibility of allowing censorship-resistant P2P file sharing on top of Facebook, an inherently non-anonymous non-P2P architecture. We present the design of AnonSocialMix, an overlay network that uses Facebook as the underlying platform to enable its existing set of users to search and share files in a distributed, anonymous, peer-to-peer fashion. We use Dropbox as the file hosting service. Users of our proposed system no longer need to hide their identities behind a mask as the proposed cryptographic framework preserves the anonymity, privacy and confidentiality of the communications and ensures an infrastructure that is strongly resistant to Eavesdropping, Traffic Analysis and Timing Attacks. It is further infeasible to determine the actual source of a request or a reply as the proposed communication scheme makes it impossible to distinguish between the actual creator of a message and its forwarder. We have implemented a server-based running prototype of our proposed design in the form of a Chrome extension to verify our claims. We further compare its performance with the results of a controlled lab based simulation of our system and obtain encouraging results.