[cryptography] Potential funding for crypto-related projects

Jacob Appelbaum jacob at appelbaum.net
Sat Jun 29 21:04:29 EDT 2013


Natanael:
> I would like to point out that the developers of the anonymizing network
> I2P are looking for more external review of the codebase (it's in Java, by
> the way). Everybody who knows how to do security reviews of source code and
> has time to spare should take a look at it.
> 

I've previously read papers like this:

  http://grothoff.org/christian/i2p.pdf

My thought is that some of the ideas behind i2p are interest but many of
them are... misguided or perhaps ignoring some of the hard won lessons
from GnuNET, Tor, FreeNet, the Freedom Network, etc.

We should be reviewing protocols, not the code for i2p, I think. I'm not
convinced that the overall architecture makes sense from what we know
about building anonymity systems.

> FYI, I also think that I2P's supernode architecture is a whole lot better
> than Tor's directory servers. It's much more decentralized, to start with.
> 

Yeah, about that...

Have you seen the most recent paper by Egger et al?

The file is about two weeks old:

  Last-Modified: Fri, 14 Jun 2013 23:46:05 GMT

"Abstract. Anonymity networks, such as Tor or I2P, were built to allow
users to access network resources without revealing their identity.
Newer designs, like I2P, run in a completely decentralized fashion,
while older systems, like Tor, are built around central authorities. The
decentralized approach has advantages (no trusted central party, better
scalability), but there are also security risks associated with the use
of distributed hash tables (DHTs) in this environment.
I2P was built with these security problems in mind, and the network
is considered to provide anonymity for all practical purposes. Unfortu-
nately, this is not entirely justified. In this paper, we present a
group of attacks that can be used to deanonymize I2P users.
Specifically, we show that an attacker, with relatively limited
resources, is able to deanonymize a I2P user that accesses a resource of
interest with high probability.

...

"The developers of I2P have reacted to the publication of attacks, and
they have improved their network to resist the DHT-based attacks
introduced in [3] and [4], by limiting the database to a subset of
well-performing nodes. This reduces the number of nodes involved in each
individual lookup to only one for most cases. Moreover, the performance
computation techniques were up-dated to make it more difficult for an
attacker to exploit them. As a result, I2P
is considered secure in practice. Unfortunately, this is not entirely
justified.

"In this paper, we describe an attack that can be used to break the
anonymity of a victim who is using anonymized resources in I2P – for
example, a user browsing eepsites (I2P’s terminology for anonymous
websites) or chatting. We are able, with high probability, to list the
services the victim accesses regularly, the time of access, and the
amount of time that is spent using the service

The full paper is here:

  http://wwwcip.informatik.uni-erlangen.de/~spjsschl/i2p.pdf

Seems rather... well, not a lot better. :(

> A link on Hidden Services:
> http://donncha.is/2013/05/trawling-tor-hidden-services/
> 

Yeah, Ralf's paper is worth reading:

  http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf

Discussion about this paper starts here - read the thread for tickets,
fixes, etc:

  https://lists.torproject.org/pipermail/tor-dev/2013-May/004909.html

All the best,
Jacob


More information about the cryptography mailing list