Goals
I'd like to offer up these goals for the network. What goals are missing? Please respond with your thoughts on how these goals are already met by an existing network, or how they could be met by a new network.
- Security of transactions. Uploaders, Downloaders, and Data Facilitators must be protected from their transactions.
- This goal must be maintained assuming some fraction of participating nodes are subversively working in collusion, and that all network traffic between participants is visible to the attacker.
- This is the highest priority and no compromise outside of the necessity for practicality will be made at the expense of this goal.
- Note, security from participation is NOT a goal. That is the goal of a darknet.
- Protection of Data Facilitators excludes the use of public exit points from the network. These serve as legal and technological attack points.
- Specific entry points for data should also be avoided. These also serve as legal and technological attack points.
- Anyone at anytime can participate in the network given a computer and Internet connection. It should be a public network, not a private darknet.
- Darknets require existing relationships with others already participating. This would exclude a large portion of the population that would like to participate but know of no other people already participating or willing to participate.
- Trust is dispersed over a user defined number of nodes.
- Trust is based on the probability that some faction of nodes known are NOT evil. This faction is defined by the user on a per access basis.
- The plain text of the transaction must not be revealed until it has passed through enough nodes that the user is comfortable with the probability it has passed through a trustworthy node as compared to the risk of the transaction.
- This is one of the biggest problems with many anonymous peer to peer networks. Requests and transactions are plain text to immediate nodes. The legal recourse is that you could simply be passing the request through from someone else. However, for some networks an immediate node could perform statistical analysis of the transactions to yield a fairly strong certainty of a user's general network activity.
- No centralization.
- Centralization is very tempting, especially given the previous goals. There are many benefits including performance, reliability, and security. However, centralization provides a small number of attack points to cripple or completely disable the entire network.
- Proper centralized servers can also be expensive, requiring solicitation for donations, or other money making schemes such as advertisements.
Subscribe to:
Post Comments (Atom)
7 comments:
Comments can be left anonymously.
"...that all network traffic between participants is visible to the attacker."
Why do you assume this?
This can be avoided by using point-to-point encryption unless you suppose that the enenmy not only controls the ISPs but also intercepts your keyboard input or the whole of your computer using a worm/virus.
And what do you think of end-to-end encryption? Although the designer of the MUTE network is strongly opposed to this security measure assuming that it is useless, I would say that it contributes to safety all the same. It is obvious that the exchange of the public key through the network can be manipulated by a man-in-the-middle attack. However, if you let the key travel on several routes you can check whether one or more keys have been distorted or not.
>"...that all network traffic
>between participants is visible
>to the attacker."
>Why do you assume this?
I think Mark Klein only saw the tip of the iceberg, and PERCS/HPCS is the next stepping stone towards total Internet surveillance (at least in the U.S.). We must also assume that the RIAA and the MPAA will win legal measures requiring ISP's to log certain activity.
>This can be avoided by using
>point-to-point encryption unless
>you suppose that the enenmy not
>only controls the ISPs but also
>intercepts your keyboard input or
>the whole of your computer using
>a worm/virus.
You're right, I think that point-to-point (node-to-node) is the best defense against Big Brother analysis. However, I'd also like to see data padding or other measures to defend against size and timing analysis.
We also assume some fraction of the nodes in the network are compromised partially because of your other statement.
>And what do you think of end-to-
>end encryption? Although the
>designer of the MUTE network is
>strongly opposed to this security
>measure assuming that it is
>useless, I would say that it
>contributes to safety all the
>same. It is obvious that the
>exchange of the public key
>through the network can be
>manipulated by a man-in-the-
>middle attack. However, if you
>let the key travel on several
>routes you can check whether one
>or more keys have been distorted
>or not.
I think Jason's arguments about end-to-end encryption in an Ant/MUTE style network are valid. However, I imagine our network working something similar to a MixMaster or a TOR network, where nodes have asymmetric key pairs shared before a node initiates an transactions. The problem with Ant/MUTE lies more in the transparency of the initial search.
I'm definitely no expert, but I have done considerable research/testing with most of the anonymous P2P networking frameworks to date, and, for the most part, I have been hugely disappointed. What's most frustrating about my search is that not only are most of these options slow/unreliable, the development, for the most part, is stagnant. It isn't like you have creators saying "well, it doesn't work all that well now, but it will in x amount of time."
The P2P community is at a crossroads. The enemy is getting smarter and a lot more aggressive. Many users are attempting to duck under the cover of private trackers, but this protection isn't going to last very long. The hammer is coming down, soon, and when it does, people are going to jump to the closest raft they can clutch onto.
It seems to me that most of the attempts at anonymous networking have striven for a very high level of anonymity, and, in turn sacrificed performance. What I'd like to see is something that makes it only slightly difficult to track users- something that will buy the community a little bit of time until a viable solution can be found. Something that could be put together quickly.
Rather than taking a year or two to build the Queen Elizabeth II, come up with a viable liferaft now. That's what the community needs.
I have built such a network. See www.kerjodando.com or kerjodando.blogspot.com for the development blog.
It looks to me like you've simply developed another front end for Ants? Which does NOT meet all of the goals listed.
embedded quantify leiter strangers berkeley frameworkthe adverbs dpcdsb kettering illustration edinburghin
lolikneri havaqatsu
Post a Comment