On Wed, Mar 15, 2006 at 04:44:12PM +0000, Michael Rogers wrote: > Matthew Toseland wrote: > >Not sure I understand... You, the attacker, are an internal node. You > >only know what is sent to you by your peers... so are you talking about > >correlation attacks? > > I had a couple of attacks in mind... or sketches of attacks, since I > don't fully understand how greedy routing will be used in 0.7. Will it > be possible to send packets to a node using its location as a routing > address, or will it only be possible to insert and request data by keys, > as in 0.5?
Probably not in 0.7. But we will have 1:1 message channels in 0.8. These will be either between nodes, or between pseudonyms. > > First attack: recipient proximity > > Let's say you get a message from an anonymous source saying "I'm at > location 180 degrees, here's my public key, can we talk?" You know > someone who was recently at location 179 degrees and someone else who > was recently at 181, so if the location swapping algorithm is working > and the social network has been successfully embedded in one dimension, > your anonymous source is probably (a) one of those people or (b) someone > both those people know. Alternatively, the anonymous source's location > might be close to your own location. How is that a useful attack on a darknet? > > Second attack: sender proximity > > Your location is 180 degrees. You receive a packet for location 1. > Greedy forwarding means that the sender must be further away from the > destination than you are, so the sender's location must be between 178 > and 180. In general, the more distant the destination, the smaller the > number of possible senders. True. This is closely related to correlation attacks; if a request is from a node which is too far away from the target, it's probably local. Premix routing will fix this; a random start point will help. > > The second attack gets easier if you control a small number of nodes > scattered around the network (not easy in a friend-to-friend network, > but not impossible either). Imagine a recipient who's only communicating > with one sender. (How can you know this? Maybe you're the recipient.) If > a node you control forwards a packet towards the recipient, you can rule > out any senders who are nearer the recipient than your node is. On > average, this rules out half the network. As long as the network remains > perfectly stable, the sender's packets continue to follow the same path > and you don't get any additional information. But whenever a link comes > up or goes down there's the possibility of a packet passing through > another one of your nodes and giving you another sample. I'd like to > quantify this attack - what's the expected size (and entropy) of the > sender's anonymity set for a given number of samples? How long does it > take to gather samples? It is not true that every routing step will always route the request closer to the target. We allow it to go for 10 hops without getting a closer best-seen-location, before terminating the request. > > I don't have a hope of answering these questions analytically... I can > do simulations, but the results will probably depend on the topology of > the social network (pretty much a matter of conjecture at this point) > and the details of the location swapping algorithm, plus some > hand-waving assumptions about node lifetime, available bandwidth, > congestion... You can find out the details of the location swapping algorithm without too much difficulty... > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060315/5cb39037/attachment.pgp>
