An interesting response from FMS, and my comments: Mitosis@8~dscNP1TFUHWMZMZtpFJDrwg0rVePL6fB1S7uy4fTM wrote : > On 21/12/12 01:31, > toad-notrust@h2RzPS4fEzP0zU43GAfEgxqK2Y55~kEUNR01cWvYApI wrote: ...
> If I understood it correctly then I am sorry to note that it seems to do > absolutely nothing at all to protect node that is surrounded. > Such partially or fully surrounded node is almost 100% identified and > have 100% prove that it is the inverter. A surrounded node is busted, period. Freenet assumes that you're not initially a suspect. If you are, they'll kidnap you and torture you until you confess. Or stick you in solitary confinement for 23 hours a day until you agree to a plea bargain. Or raid your home and read your files while they are still open. Etc. Freenet's job is to ensure that when they say "oh he's on freenet", they can't easily get to "he's one of these 5 people, lets go bust them and release the 4 that are innocent". I.e. it is to provide you with *anonymity*, not absolute security. > > Combined with long term invigilation, even uncovering 5% of inserts (1 > of 20 friends is bad) will get us near 99% certainty who is who, e.g. > monitor all sone updates. Completely surrounding a node will bust the operator. Completely surrounding every node on opennet will therefore bust whoever it is you are trying to find. However this is a relatively expensive attack... With the current code, if you can afford one or two connections to every node on opennet, you can probably identify inserters. This is likely affordable for a TLA, national-level police support agencies, and on a small network, maybe some corporate projects. With the proposal above, they would have to surround every node (not necessarily all at once, but for some time), or at least have a lot more connections. It's a substantial improvement given that my initial objective was simply to make reinserts safe against MAST (a very cheap attack currently possible against predictable inserts, but not against random ones). > > For this reason, we must have resistance to nodes completely surrounded > on opennet, otherwise 99% security degrades to 1% security over time. Any ideas on how to achieve that? On darknet, it's easy: In order to take over somebody's routing table you need to compromise all their friends (their PC or themselves). I.e. darknet basically solves the problem; the difficulty is whether darknet is feasible in the real world. There is at least one paper on an onion-DHT network that uses multiple social invites to solve this problem, while still using a mostly open DHT topology. > > Tor does it (IF only it would have long delay! but it doesn't) even if > all your entry nodes are bad still you can be safe. > > If we do not go this way, then in my opinion freenet will be a very slow > network that is sort of secure for absolutely one time inserts-leaks, > and an insecure network for other stuff if adversary is willing to spend > just few bucks or hire a botnet. > Tor is centralised and non-scalable. It can simply download a list of nodes to onion-route through from a central server. Of course there is nothing to prevent a large proportion of these being malicious nodes operated by a single entity, just as Freenet has attacks on opennet. And why do you trust the central server? This is analogous to "what if the seednodes are evil?" on opennet. Even if Freenet does onion routing, it will have to find nodes to route through using its existing peers. There are various ways of doing this in a more-or-less secure way, but if all our peers are malicious clearly we are going to get malicious tunnel members. Of course there are other attacks on Tor, either because it is realtime (time intersection attacks, some traffic analysis), because of peer selection issues, because it is centralised (it's easy to block, unlike freenet darknet), and so on. I2P is trivially harvestable, in that you can enumerate all the nodes (therefore it is also trivially blocked). Also I suspect there are attacks on the DHT. It may be closer to what you're after though, does it support delayed messages? There may be some possibilities for preventing routing table takeover by labelling nodes as being originally related to, or reachable through, a specific seednode, and ensuring we have sufficient diversity of seednode-responsibilities. This is analogous to the paper I mentioned above and might be worth looking at. However, the fundamental problem is that an attacker could easily run more than one seednode, and thus subvert this mechanism. THE BASIC PROBLEM WITH OPENNET: You can't detect conspiracies: Bandwidth, network I/O, disk I/O, IP addresses, CAPTCHAs, email addresses, hashcash, are all cheap in quantity (i.e. for an attacker), while often being very inconvenient for a regular user. Hence you can easily flood any p2p network (including Tor) with your own malicious nodes, you can make them perform better than the "real" nodes (while logging everything), you can subvert the bootstrapping mechanisms (e.g. adding 20 of your own seednodes) and so on. Ultimately anything we do to try to secure opennet comes back to this point. I can't see any way to make major progress with it. But I'm all ears if you have any ideas! Without any way to make it hard to run lots of nodes, AFAICS our only option for really strong security is darknet.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
