FHome
FOverview
FPapers
FNews
FMailing List
FRelated Works
FBibliography
FPeople
F
FTor
FMixminion

    The Free Haven Project aims to deploy a system for distributed, anonymous, persistent data storage which is robust against attempts by powerful adversaries to find and destroy any stored data. This model of decentralized system has been classified as peer-to-peer by recent popular media.

    Main research goals of the Free Haven Project:

    • Anonymity: We try to meet this goal for all parties: the publishers that insert documents, the readers that retrieve documents, and the servers that store documents. We are in the process of designing and developing a free, low-latency, two-way mixnet for forward-anonymous communication.
    • Accountability: We consider methods for achieving accountability without sacrificing anonymity. In particular, we're researching reputation and micropayment schemes, which allow us to limit the damage done by servers which misbehave.
    • Persistence: The publisher of a document -- not the servers holding the document -- determines its lifetime.
    • Flexibility: The system functions smoothly as peers dynamically join or leave.

    The Free Haven project began in December 1999 as a research project initially comprised of several MIT students to design, implement, and deploy a functional data haven. We've put it on the back burner for now because it still has four main unsolved problems before it can be robust enough:

    • The reputation system is tricky and won't work. We need to replace the gossip/credibility system with a mechanism for verifiable transactions. See this draft paper for more details.
    • Retrieval is currently broadcast, which is too inefficient. We're letting other projects work on solutions here, and we'll pick our favorite when the time comes. Notably, it would be nice to base an addressing scheme on consistent hashing, so it's easy to know which node is currently hosting a piece of data, but hard to find the actual location of that node.
    • There is no anonymous communications infrastructure. This is the area we're focusing on currently. See the Mixminion page for our current work in that direction. I'm also working on second-generation Onion Routing (tcp-level anonymous communications rather than message-based), which will provide weaker anonymity but lower latency.
    • The incentives need to be better aligned. See this paper by George Danezis and Ross Anderson about how distributing files randomly over the network may be the wrong approach.

Site last updated on June 12th, 2009.
Check the News section for information on the latest content updates.