tor replacement - was Re: Box for simple Tor node.

Sat Oct 26 18:47:50 PDT 2019

On Sat, Oct 26, 2019 at 10:30:36PM -0300, Punk - Stasi 2.0 wrote:
> 
> 
> 	here's another article with some interesting info.
> 
> 	Freedom Systems 2.1 Security Issues and Analysis
> 	https://www.freehaven.net/anonbib/cache/freedom21-security.pdf
> 
> 	'freedom' was the name of the network run by 'zero knowdlege systems' - As noted ian goldberg was part of zks and now works for tor. Adam back was also involved. It seems to me that when the company failed some(most?) ppl went from working in the 'private' sector to working for the govt. 
> 
> 	
> 	"someone who is watching the network links can see that you are logging into the Freedom Network by watching the packets. They can’t tell what you’re doing, but can see that you are logged in, and by counting packets and seeing how long you’re online, may be able to make certain assumptions. (Counting and timing packets is possible today since traffic shaping and link padding do not offer strong security as implemented."
> 
> 
> 	"In the current version of the protocol there is no link padding, cover traffic or traffic shaping. It might be argued that one at minimum needs some of these countermeasures to defend against traffic analysis, but our initial analysis suggests that these countermeasures are probably necessary, but certainly not sufficient. This is because even if one does implement a combination of these countermeasures there remain a number of attacks, not significantly harder than attacking a system without these countermeasures.  The main example is the packet round-trip timing related attacks, where the attacker passively observes or actively (and plausibly deniably) induces latency variations to uniquely identify the source of a route. These remaining attacks are expensive in bandwidth utilization to defend against, and the counter measures greatly hinder performance. Consider that to defend against timing attacks, even as a first step one would need to start by padding round-trip times to get cover, reducing all round-trip times to worst case round-trip." 

Yes, that's the same conclusion.

You install/ set up one or more dark links, or you are exposed to
active latency injection attacks.

Given this fact, is it still worth pursuing the software side of any
overlay net?

For many use cases an overlay net appears to provide benefits - the
usage stats of Tor certainly suggest there is not insignificant
demand for as much, and all high latency low b/w apps appear to
"obviously benefit" since active latency injection attacks must
inject latency "in the order of" your particular local ping circle's
latency config - if your ping is 2 hours, and your first hop is
always to nodes who are actual friends and therefore maintain their
own fixed rate links, your own node going down for an hour or a day
says nothing about anyone else or about who you connect to through
your friend's node, other than that your own node went down.
[absolutism warning, but this one feels sound]