The last two weeks have been a clustersuck of getting the dissertation finished, having to review, edit and rewrite the better half of 100 pages here and there, hoping the stack of paper will be turned into a couple of decent hardbacks by the deadline. The working title is ‘Secure IPv6 Communications across Multiple Untrusted Networks‘ (comes with state of the art interactive CD-ROM). Considering the huge deal I made over this last year, it should have been much better.
When I first started thinking about the project a while back, the idea was a group of proxy servers with different IP addresses that would change every 24 hours or so, and a software client that would select the first available one. The central problem was how to communicate those proxy addresses to the clients without those addresses becoming known to whoever’s blocking them. The Global Internet Freedom Consortium creates technologies like that.
Things took another direction after coming across that SecuraBit interview with Sam Bowne on IPv6, then The Second Internet (Lawrence Hughes). All the pieces were there for secure communications system even better than what I originally thought up, and so IPv6 became the focus of the project. Somehow those huge address blocks and IPsec tunneling between hosts can be leveraged to defeat both censorship and surveillance. Probably forever.
About half way through, it was becoming apparent the solution is theoretically very simple, and the main component of my system would be a software client – installed on the Internet-enabled devices, it would handle everything from encryption, IPsec, address management and a couple of other things. It also turned out the system could be used for point-to-point (or P2P) communications and multicasting, so the plan shifted somewhat from defeating censorship in the existing client-server Internet. Actually creating a working product is another matter, as I’m not that technically gifted yet. Certainly not gifted enough to develop the GUI in C++.
Essentially what we have is a design and some components for a client application that could be adapted for a range of things – military communications between PDA-equipped units, P2P social networking (the application database supports this), media broadcasting over IPsec to hidden groups, and even government personnel deployed in other countries could host reports on their own devices without adversaries even being aware of it. Sounds like pretty impressive stuff, but it won’t become relevant for another 8-10 years because the routers and everything in between must be IPv6-ready for this to work.
In the end the dissertation amounted to a colossal amount of research on Internet surveillance and traffic filtering (many thanks to the UWN Thesis blog), a fairly detailed methodology for developing and testing the countermeasures, instructions for setting up a fully IPv6-capable carrier routing system, and some of the main components for the software client.