Intersection attacks aren't what I thought they were... :) Intersection attacks are simply a matter of correlating when a user is up which when a node is up. Any real time system is vulnerable; there are various ways to make it harder e.g. high uptime nodes, not being visibly on IRC continually, etc. I'm still interested in attacks on packet forwarding though.
On Thu, Oct 27, 2005 at 12:29:14PM +0100, Matthew Toseland wrote: > Okay, so the conclusion is that: > - Open and dark freenet, and open I2P, are vulnerable to intersection > attacks, once the network is known. > - Both dark and open (maybe) freenet can be insulated from this via CBR > links because nodes are of low order and links change slowly. - IF there > is no fundamental problem with CBR links. I2P probably can't be. > - Open I2P is vulnerable to connection setup attacks. Freenet isn't, if > it tunnels 1:1 tunnels inside its existing links. This will obviously > be slower than I2P's fixed length open tunnels, so cannot have the > same use cases. > - Open freenet and open I2P are harvestable. > - To identify nodes on darknet freenet or I2P requires that a) Nodes be > probabilistically identifiable by their local traffic patterns (which > is likely, at least for the time being), and b) The attacker has the > ability to surveil a smallish number of chosen individual IPs in > detail at once, in order to pull off this attack. > > In summary: > - If open Freenet uses open I2P as a basis, it *loses* anonymity (and > gains speed) relative to implementing its own mixnet and 1:1 streams. > A powerful passive attacker who permits the running of nodes can break > the mixnet. It is possible to use both internal and external streams, > for different use cases, however we would lose the ability to do CBR > at link level. > - If dark Freenet uses dark I2P as a basis, it loses nothing, provided > that dark I2P provides the ability to do link level CBR. > - An attacker powerful enough to pull off the attacks mentioned could > probably identify nodes on an internet-hosted darknet, unless there is > some breakthrough in steganography e.g. parasitic traffic. > Nonetheless, open freenet would be less secure over I2P than > implementing its own internal mechanisms (which could be the same as > used on the darknet), and dark freenet would gain little from I2P. > > On Thu, Oct 27, 2005 at 11:38:59AM +0100, [EMAIL PROTECTED] wrote: > > On Wed, Oct 26, 2005 at 11:12:15PM -0400, [EMAIL PROTECTED] wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > > it is quite possible to fully pad darknet links as they generally > > > > are of low order. > > > > > > As mentioned in my reply to Michael, the padding would be fixed > > > across the whole network, which reverts into Wei Dai's pipenet[1], > > > which is entirely undeployable. Plus, from a steganographic > > > perspective, CBR is a pretty big giveaway, but thats another issue. > > > > Can't reasonable rates be negotiated? And yes, it's a giveaway, but > > plausible traffic patterns are like plausible session bytes; they're > > transport specific. > > > > > > [1] http://www.eskimo.com/~weidai/pipenet.txt > > > > > > > I asked once why connection setup doesn't give the game away to a > > > > traffic analyst > > > [cut] > > > > in general, why do you think that on a large network the > > > > construction of new tunnels will not be obvious? > > > > > > It depends upon what the capabilities of the analyst are - if > > > they're a global passive adversary, a state funded active adversary, > > > a regional passive adversary, etc. > > > > > > For someone who can watch all lines, you need high latency mixing > > > and batching strategies. There's no (deployable) way around that > > > that I'm aware of. > > > > Okay, so I2P *is* vulnerable to a global passive traffic analyst? > > > > > > To mount an attack watching all tunnels be constructed, you've got > > > a probability of (c/n)^h of success, where c = # of nodes monitored, > > > n = # of nodes in the network, and h = # of hops in > > > the path. As an additional criteria, each of the nodes monitored, > > > including the targetted peer, needs to either be under an active > > > blending attack or have their lines expose no plausible other paths > > > for the data to flow. Mounting a blending attack on the entire > > > network is equivilant to turning off the internet, and tunnel > > > creation messages are small enough to reasonably fit in with any of > > > the other tunnel messages passed along in any direction (all tunnel > > > messages are a fixed 1KB). > > > > Hmm. Can you justify the above probability somehow? I mean, can't you > > just see the tunnel setup from the timing most of the time? What makes > > it probabilistic? > > > > > > For passive adversaries, simple long term intersection attacks > > > are significantly cheaper, and have no dependencies upon tunnel > > > operation or construction. Active adversaries can go much, much > > > further, destroying any hope of anonymity with low latency comm, as > > > long as they are willing to bear the necessary expenses. > > > > Long term intersection attack = "hmm, he gets a packet from this node, > > then sends one to this one..."? > > > > > > Obviously if you can compromize 25% of the network, it's in trouble. > > > > > > So, why bother if we can't provide perfect anonymity with low > > > latency? Because what we /can/ provide is pretty strong low latency > > > anonymity, and, as we grow, those who require stronger anonymity can > > > blend in their high latency comm. > > > > Right. A sufficiently powerful global passive analyst can probably find > > darknet freenet on the open inet (stego is a topic for future research), > > he is probably also powerful enough to close down all p2p channels... > > > > > > =jr > > > (I do generally prefer to discuss these questions publicly - there's > > > always the chance that someone in the peanut gallery can offer some > > > new insight into the issues at hand. Or, at the least, they can > > > dig through the mailing list archives to understand some design > > > decision better. Would you mind if I forwarded my response to the > > > list, sans your post, if you like?) > > > > I'll CC my reply to the list; you can bounce yours. > -- > Matthew J Toseland - [EMAIL PROTECTED] > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. > _______________________________________________ > i2p mailing list > [EMAIL PROTECTED] > http://dev.i2p.net/mailman/listinfo/i2p -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
