JMixNet

JMixNet is a Java implementation of a so called Chauminian Mixnet (or mix-net, or even mix net, at your will ;). It is an anonymous communication network, designed to provide anonymity in data transfers among Internet users. This implementation has a high latency, and can be integrated to any system which have anonymity requirements.

JMixNet is being developed by the Computer Security Laboratory (www.labsec.ufsc.br) of the Federal University of Santa Catarina, Brazil (www.ufsc.br).

Description

JMixNet uses Java language to implement an anonymous communication network. In order to do this, we are using some Java packages: Java NIO, Java SSL, and Java Reflection API. This project uses no database, and is able to be used on any OS which supports Java 1.4.
The aim of this project is to build a secure network to provide anonymity services, to allow anonymous communication among client systems. We have integrated PKI-based cryptographic messages with SSL connections among JMixNet servers, and provided adequate interfaces to client systems. The main features provided consist of a way to send anonymous informations through the Internet. This is not limited to e-mail messages or web browsing, but can be used in any system with anonymity requirements.

Development

Currently the project can only send anonymous messages, mainly to be used on voting systems. There is an operational prototype, if you'd like, you can get the source-code, and run the mixnet.

How to run

The first step to run the mixnet is to stablish a simple PKI, in witch each server must have a certificate signed by the mixnet CA. The common name (CN) field of the certificate must be the IP address of the server.

To use a mixnet Certificate Authority you can:

• Generate mixnet Certificate Authority (OpenSSL):
  
  openssl req -x509 -newkey rsa:1024 -keyout jmixnet_ca_key.pem -out jmixnet_ca.pem
  
  
• Import CA certificate into "$JREHOME/lib/security/cacerts" (Java keytool):
  
  keytool -import -alias jmixnetCA -file jmixnet_ca.cer -keystore cacerts

To create servers certificates (repeat these steps for each server) you must:

• Generate server keypair (Java keytool):
  
  keytool -genkey -alias serverKey -keystore JMixNetServer.keystore
  
  
• Generate server Certificate Signing Request (Java keytool):
  
  keytool -certreq -alias serverkey -keystore JMixNetServer.keystore -file serverReq.csr
  
  
• Sign server certificate (OpenSSL):
  
  openssl x509 -in serverReq.csr -out jmixnet_server66.cer -days 360 -req -CA jmixnet_ca.pem -CAkey jmixnet_ca_key.pem -CAcreateserial
  
  
• Import server certificate (Java keytool):
  
  keytool -import -alias serverKey -file jmixnet_server66.cer -keystore JMixNetServer.keystore -trustcacerts

The next step is to define the mixnet configuration file (jmixnet.cfg). This file must contain at least one property, the servers chain:

Example: chain=192.10.15.66,192.10.15.67,192.10.15.68,192.10.15.69

This setting indicates who are the first server, middle servers, and the last server. JMixNet uses TCP port 1981 as the default port. The chain setting can contain IP addresses or domain names, "localhost" also.

To run the network you must start the servers in reverse ordem, i.e., start the last server, than the previous one, and so on. The first server of the chain will be the last to be started.

As a default keystore file, JMixNet uses "JMixNetServer.keystore", and "jmixnet" as default keystore password. To set different values you can use keyStoreLocation and keyStorePassword configuration properties in the config file.

As Java does not provide many cryptographic algorithms implementation on its default Cryptographic Service Provider, we suggest the use of an alternative provider. We are using the one provided by the Legion of The Bouncy Castle.