Kadence: An Extensible, Hardened, and Secure Distributed Systems Framework
|
|
The Kadence Project is a complete implementation of the Kademlia distributed hash table that aims to effectively mitigate all vulnerabilities described in the S/Kademlia paper and then some! Kadence provides developers of distributed systems a complete framework for inventing new protocols on a rock solid base as well as providing a complete reference implementation of a Kadence network.
Ready to get started?
$ npm install -g @deadcanaries/kadence
$ kadence --help
If you're new to Kadence, check out our tutorial for {@tutorial quickstart}!
Kadence implements a completely decentralized publish/subscribe protocol based on Quasar, allowing you to build anything from peer-to-peer social networks to real time sensor networks for the internet of things.
Kadence enforces a proof of work system called Hashcash for relaying messages to prevent abuse and make large scale denial of service and spam attacks cost prohibitive.
Kadence proactively evicts offline or misbehaving peers from its routing table and uses an exponential cooldown time for allowing them back in to prevent unreliable contacts from propagating through the network.
Kadence monitors bandwidth and enables end users to configure their maximum bandwidth usage within a timeframe to suit their individual needs or prevent overages with internet services providers that enforce bandwidth caps.
Kadence can automatically generate SSL certificates and supports full end-to-end encryption via TLS using it's built in HTTPS transport adapter to prevent eavesdropping and man in the middle attacks.
Kadence extends Kademlia's node identity selection with the same cryptography bitcoin uses for securing funds. Node identities are derived from the hash of the public portion of an ECDSA key pair and each message is signed to ensure it hasn't been tampered with in transit.
Kadence employs a proof of work system using Equihash for generating valid node identities and subsequent acceptance into the overlay network. This forces nodes into sufficiently random sectors of the key space and makes Sybil and Eclipse attacks computationally very difficult and ultimately ineffective.
Kadence supports multiple strategies for punching through network address translation. This enables peers behind even the strictest of firewalls to become addressable and join the network. Fallback to secure reverse tunnels is supported through the use of Diglet servers.
Kadence supports the use of multiple transport adapters and is agnostic to the underlying network protocol. Support for UDP and HTTP/HTTPS ship by default. Plugin your own custom transport layer using using a simple interface.
Kadence remembers peers between restarts so after you've joined the network once subsequent joins are fast and automatically select the best initial peers for bootstrapping.
Kadence ships with full support for Tor Hidden Services out of the box with no additional software installation or configuration required. This enables fully anonymized structured networks and leverages the latest version 3 hidden services protocol.
Kadence provides a flexible trust policy plugin allowing for fine-tuned, per-identity, per-method trust policies. Blacklist misbehaving nodes on an open network or whitelist identities on an explicit trust-based network.
Kadence exposes a simple interface for extending the protocol with your own application logic. Users of Express will find it comfortable and familiar. If you are new to building distributed systems, you will find it easy to get started.
Kadence is used in academic research on distributed systems. Here are some notable papers!
- Secure and Trustable Distributed Aggregation based on Kademlia
- Distributed Random Process for a large-scale Peer-to-Peer Lottery
- DHT-based collaborative Web Translation
- Kademlia with Consistency Checks as a Foundation of Borderless Collaboration in Open Science Services
Kadence - Extensible, Hardened, and Secure Distributed Systems Framework
Copyright (C) 2019 Dead Canaries, Inc.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses/.