added source code review to methodology section

Chapters/Introduction.tex

@@ -2,9 +2,23 @@
 
 \label{Introduction}
 
-TODO
+Peer-to-peer overlay VPNs promise to restore genuine decentralization
+by enabling direct connectivity between nodes regardless of NAT or
+firewall restrictions. Yet practitioners choosing among the growing
+number of mesh VPN implementations must rely largely on anecdotal
+evidence: systematic, reproducible comparisons under realistic
+conditions are scarce.
 
-\subsection{Motivation}
+This thesis addresses that gap. We benchmark ten peer-to-peer VPN
+implementations across seven workloads and four network impairment
+profiles, yielding over 300 unique measurements. We complement these
+performance benchmarks with a source code analysis of each
+implementation, verified through direct engagement with the respective
+maintainers. The entire experimental framework is built on Nix, NixOS,
+and the Clan deployment system, making every result independently
+reproducible.
+
+\section{Motivation}
 
 Peer-to-peer architectures promise censorship-resistant, fault-tolerant
 infrastructure by eliminating single points of failure
@@ -176,13 +190,39 @@ in pursuit of top rankings.
   \label{fig:vision-stages}
 \end{figure}
 
-\subsection{Research Contribution}
+\section{Research Contribution}
 
-TODO
+This thesis makes the following contributions:
 
-\subsection{Related Work}
+\begin{enumerate}
+  \item A comprehensive benchmark of ten peer-to-peer VPN
+    implementations across seven workloads. Including real-world
+    video streaming and package downloads; and four network
+    impairment profiles, producing over 300 unique measurements.
+  \item A source code analysis of all ten VPN implementations,
+    combining manual code review with LLM-assisted analysis,
+    followed by verification through direct engagement with the
+    respective maintainers on GitHub.
+  \item A fully reproducible experimental framework built on
+    Nix, NixOS, and the Clan deployment system, with pinned
+    dependencies, declarative system configuration, and
+    deterministic cryptographic material generation, enabling
+    independent replication of all results.
+  \item A performance analysis demonstrating that Tailscale
+    outperforms the Linux kernel's default networking stack under
+    degraded conditions, and that kernel parameter tuning; Reno
+    congestion control in place of CUBIC, with RACK
+    disabled; yields measurable throughput improvements.
+  \item The discovery of several security vulnerabilities across
+    the evaluated VPN implementations.
+  \item An automated benchmarking framework designed for public
+    leaderboard generation, intended to encourage ongoing
+    optimization by VPN developers.
+\end{enumerate}
 
-\subsubsection{A Comparative Study on Virtual Private Networks}
+\section{Related Work}
+
+\subsection{A Comparative Study on Virtual Private Networks}
 
 Lackorzynski et al.\ \cite{lackorzynski_comparative_2019} evaluate
 VPN protocols in the context of industrial communication systems (Industry 4.0),
@@ -192,7 +232,7 @@ latency, and CPU overhead; rather than overlay network behavior.
 In contrast, this thesis evaluates VPNs that provide a full data plane
 with peer-to-peer connectivity, NAT traversal, and dynamic peer discovery.
 
-\subsubsection{Full-Mesh VPN Performance Evaluation}
+\subsection{Full-Mesh VPN Performance Evaluation}
 
 Kjorveziroski et al.\ \cite{kjorveziroski_full-mesh_2024} provide a
 comprehensive evaluation of full-mesh VPN solutions for distributed
@@ -210,5 +250,5 @@ This thesis extends their work in several ways:
   \item Fully reproducible experimental framework via Nix/NixOS/Clan
 \end{itemize}
 
-\subsubsection{Performance Evaluation of  TCP over QUIC Tunnels}
+\subsection{Performance Evaluation of  TCP over QUIC Tunnels}
 TODO \cite{guo_implementation_2025}