1 \documentclass[handout
]{beamer
}
3 \usepackage[utf8
]{inputenc}
7 \lstloadlanguages{lisp
}
9 \usetikzlibrary{svg.path,positioning,intersections
}
10 \usepgflibrary{shapes.geometric
}
11 \usepgflibrary{shapes.misc
}
12 \usepgflibrary{shapes.symbols
}
14 \usepgflibrary{shapes
}
15 \usetikzlibrary{shapes,decorations,shadows
}
16 \usetikzlibrary{decorations.pathmorphing
}
17 \usetikzlibrary{decorations.shapes
}
18 \usetikzlibrary{fadings
}
19 \usetikzlibrary{patterns
}
21 \tikzstyle{netdb
}=
[anchor=center,
color=black,rectangle,draw,minimum
22 size=
1em,minimum height=
.5em
]
23 \tikzstyle{client
}=
[fill=i4gray,rectangle,draw
]
24 \tikzstyle{chain
}=
[rectangle,draw,minimum size=
1em,minimum height=
.5em
]
25 \tikzstyle{arrow
}=
[->,thick,draw,shorten <=
2pt,shorten >=
2pt,
]
26 \tikzstyle{tunnel
}=
[fill=gray,shape=ellipse,minimum size=
4em,minimum height=
1.1em
]
28 \newcommand{\iip}[1]{\textcolor{i4red
}{#1}}
30 \author[Christoph Egger
]{{\bf Christoph Egger
}, Johannes Schlumberger, Christopher
31 Kruegel, Giovanni Vigna
}
32 \title{Practical Attacks Against The I2P Network
}
33 \institute{Friedrich-Alexander University Erlangen-Nuremberg\\
34 University of California, Santa Barbara
}
35 \date{October
25,
2013}
42 \includegraphics[width=
0.2\paperwidth]{ucsbseal
}
44 \includegraphics[width=
0.25\paperwidth]{streifenlogo
}
51 \begin{block
}{What is I2P?
}
54 \item Network Database
55 \item \textcolor{gray
}{Floodfill Participation
}
59 \begin{block
}{Attacks
}
61 \item \textcolor{gray
}{Floodfill Takeover Attack
}
63 \item \textcolor{gray
}{Eclipse Attack
}
64 \item Deanonymization Attack
67 \begin{block
}{Evaluation
}
69 \item \textcolor{gray
}{Floodfill Takeover Attack
}
71 \item \textcolor{gray
}{Eclipse Attack
}
72 \item Deanonymization Attack
75 \begin{block
}{Conclusions
}
78 \item I2P Improvements
79 \item \textcolor{gray
}{Related Work
}
86 \frametitle{Introduction I2P
}
87 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
88 \item Solution for anonymous Communication
89 \item Separated from the ``Internet'' --
\emph{Darknet
}
90 \item Fully distributed Design
91 \item Based on Onion Routing
92 \item Between
18,
000 and
28,
000 active users
101 \item Handle Connections
102 \item Provide Name Services
106 \begin{block
}{Applications
}
108 \item Server, Client or P2P Software
109 \item Sockets interface with TCP-like or UDP-like Semantics
115 \begin{tikzpicture
}[scale=
1.2]
116 \tikzstyle{every node
}=
[font=
\tiny]
117 \node[minimum width=
7em,minimum height=
6em,draw=gray
](clientpc) at (
25mm,
9mm)
{};
118 \node[above=
0mm of clientpc.south
] {User's Computer
};
119 \node[cloud,drop shadow,fill=white,draw,minimum
120 width=
4.5em,minimum height=
2.5em
](ip) at (
22mm,
27mm)
{I2P
};
121 \node[client
](client) at (
22mm,
18mm)
{I2P Router
};
122 \node[rectangle,draw,below=
0mm of client.south east
](app1)
{Application
};
123 \node[rectangle,draw,below=
0mm of app1.south
](app2)
{Application
};
124 \node[rectangle,draw,below=
0mm of app2.south
](app3)
{Application
};
126 \path[arrow
] (app1.west) -| (
[xshift=
3.5mm
]client.south west);
127 \path[arrow
] (app2.west) -| (
[xshift=
2.5mm
]client.south west);
128 \path[arrow
] (app3.west) -| (
[xshift=
1.5mm
]client.south west);
129 \path[arrow
] (
[xshift=
.5mm
]client.north) -- (
[xshift=
.5mm
]ip.south);
130 \path[arrow
] (
[xshift=-
.5mm
]ip.south) -- (
[xshift=-
.5mm
]client.north);
140 \item using onion-routing for anonymity
142 \item paired for bi-directional communication
144 \begin{block
}{Client Tunnels
}
146 \item Used for Data Interactions
147 \item Several pro Application
151 \begin{block
}{Exploratory Tunnels
}
153 \item Used for Database interaction
154 \item 2 to
3 per Node
160 \frametitle{Network Database
}
162 \item<
1-> Kademlia-like DHT based on
\texttt{XOR
}-distance run on
164 \item<
2->
\iip{databaseRecord
}\\
165 Information named using a hash over their cryptographic Keys
166 \item<
3->
\iip{storageLocation
}\\
167 Hash over name and today's date
168 \item<
4->
\iip{routerInfo
}\\
169 Peer information: IP address, Port, Protocol, Keys
170 \item<
5->
\iip{leaseSet
}\\
171 Service Information: Entry tunnels, Keys
173 % \begin{multicols}{2}
174 % \begin{block}{\iip{routerInfo}}
176 % \item Peer information: IP address, Port, Protocol, Keys
179 % \begin{block}{\iip{leaseSet}}
181 % \item Service Information: Entry tunnels, Keys
186 % % \begin{tikzpicture}
187 % % \node[draw,rectangle split, rectangle split parts=2] (lease) at (-3em,0) {\iip{leaseSet}\nodepart{second}\tiny{Keys}};
188 % % \node[draw,rectangle split, rectangle split parts=2] (router) at (3em,0) {\iip{routerInfo}\nodepart{second}\tiny{Keys}};
189 % % \node[draw,ellipse] (hashfn1) at (0,-3em) {\tiny{SHA256}};
190 % % \node[draw,rectangle] (hash1) at (0,-5.5em) {\iip{resourceIdentifier}};
191 % % \node[draw,rectangle,right=-0.1mm of hash1.east] (day) {Date};
193 % % \node[draw,ellipse] (hashfn1) at (0,-8em) {\tiny{SHA256}};
194 % % \node[draw,rectangle] (resID) at (0,-10.5em) {\iip{storageLocation}};
195 % % \end{tikzpicture}
201 \frametitle{Sample Interaction
}
204 \begin{tikzpicture
}[scale=
1.2]
205 \tikzstyle{every node
}=
[font=
\tiny]
207 \foreach \sector in
{%
208 0,
1,
2,
3,
4,
5,
6,
7,
8,
9}%
210 \node[netdb
](node
\sector) at (
{36 * (-
\sector +
.5)
} :
10mm)
{\sector};
212 \node at (
0,
0)
{netDB
};
214 \node[client
](client) at (
28mm,
12mm)
{Server Router
};
215 \node[rectangle,draw,below=
0mm of client.south west
] {Application
};
216 \node[minimum width=
7em,minimum height=
4em,draw=gray
](clientpc) at (
25mm,
9mm)
{};
217 \node[above=
0mm of clientpc.south
] {Server's System
};
219 \node[client
](server) at (-
42mm,
12mm)
{Client Router
};
220 \node[rectangle,draw,below=
0mm of server.south east
] {Application
};
221 \node[minimum width=
7em,minimum height=
4em,draw=gray
](clientpc) at (-
38mm,
9mm)
{};
222 \node[above=
0mm of clientpc.south
] {Client's System
};
223 % client client tunnel
224 \node[chain,minimum size=
6.5em,minimum height=
2em,draw=gray
](tunnel) at (
16mm,
20.5mm)
{};
225 \node[above=
0mm of tunnel.north
] {Server's data tunnel pair
};
226 % \node[tunnel,minimum width=9.5em] at (16mm, 19mm) {};
227 % \node[tunnel,minimum width=9.5em] at (16mm, 22mm) {};
229 \node[chain
] (cco1) at (
23mm,
19mm)
{};
230 \path[arrow
] (
[xshift=
4mm
]client.north) |- (cco1.east);
231 \node[chain
] (cco2) at (
16mm,
19mm)
{};
232 \path[arrow
] (cco1.west) -- (cco2.east);
233 \node[chain
] (cco3) at (
9mm,
19mm)
{};
234 \path[arrow
] (cco2.west) -- (cco3.east);
235 \node[chain
] (cci1) at (
23mm,
22mm)
{};
236 \path[arrow
] (cci1.east) -| (
[xshift=
5mm
]client.north);
237 \node[chain
] (cci2) at (
16mm,
22mm)
{};
238 \path[arrow
] (cci2.east) -- (cci1.west);
239 \node[chain
] (cci3) at (
9mm,
22mm)
{};
240 \path[arrow
] (cci3.east) -- (cci2.west);
241 % server client tunnel
242 \node[chain,minimum size=
6.5em,minimum height=
2em,draw=gray
](tunnel) at (-
30mm,
20.5mm)
{};
243 \node[above=
0mm of tunnel.north
] {Client's data tunnel pair
};
244 % \node[tunnel,minimum width=9.5em] at (-34mm, 19mm) {};
245 % \node[tunnel,minimum width=9.5em] at (-34mm, 22mm) {};
247 \node[chain
] (csi1) at (-
37mm,
19mm)
{};
248 \path[arrow,<-
] (
[xshift=-
4mm
]server.north) |- (csi1.west);
249 \node[chain
] (csi2) at (-
30mm,
19mm)
{};
250 \path[arrow,<-
] (csi1.east) -- (csi2.west);
251 \node[chain
] (csi3) at (-
23mm,
19mm)
{};
252 \path[arrow,<-
] (csi2.east) -- (csi3.west);
253 \node[chain
] (cso1) at (-
37mm,
22mm)
{};
254 \path[arrow,<-
] (cso1.west) -| (
[xshift=-
5mm
]server.north);
255 \node[chain
] (cso2) at (-
30mm,
22mm)
{};
256 \path[arrow,<-
] (cso2.west) -- (cso1.east);
257 \node[chain
] (cso3) at (-
23mm,
22mm)
{};
258 \path[arrow,<-
] (cso3.west) -- (cso2.east);
259 % client exploratory tunnel
260 \node[chain,minimum size=
4.5em,minimum height=
2em,draw=gray
](tunnel) at (-
32.5mm,-
3.5mm)
{};
261 \node[below=
0mm of tunnel.south,align=center
] {Client's exploratory\
\tunnel pair
};
262 % \node[tunnel,minimum width=7.5em] at (-36.5mm, 0mm) {};
263 % \node[tunnel,minimum width=7.5em] at (-36.5mm, -3mm) {};
265 \node[chain
] (eo1) at (-
36mm, -
2mm)
{};
266 \path[arrow
] (
[xshift=-
4mm
]server.south) |- (eo1.west);
267 \node[chain
] (ei1) at (-
36mm, -
5mm)
{};
268 \path[arrow,<-
] (
[xshift=-
5mm
]server.south) |- (ei1.west);
269 \node[chain
] (eo2) at (-
29mm, -
2mm)
{};
270 \path[arrow
] (eo1.east) -- (eo2.west);
271 \node[chain
] (ei2) at (-
29mm, -
5mm)
{};
272 \path[arrow,<-
] (ei1.east) -- (ei2.west);
274 \draw[arrow,bend right=
20,dashdotted
] (eo2.east) to node
[above=
.8em,align=center
] {service\
\lookup} (node4.west);
275 \draw[arrow,bend right=
10,<-,dashdotted
] (ei2.east) to node
{} (
[yshift=-
1mm
]node4.west);
277 \draw[arrow,bend left=
15,dashdotted
] (cco3.west) to node
{} (csi3.east);
278 \draw[arrow,bend right=
15,dashdotted
] (cci3.west) to node
{} (cso3.east);
279 \node at (-
9mm,
20.5mm)
{Data connection
};
285 \frametitle{Thread Model
}
286 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
287 \item Implicitly specified in terms of attacks considered
288 \item Only allows local adversaries: No global view about traffic
289 passing through the network
290 \item Only allows limited number of malicious nodes -- around
20\,\%
291 of
\iip{netDB
} super-nodes and
20\,\% of total nodes
292 \item Secure cryptographic primitives
298 \frametitle{Sybil Attack
}
299 \begin{block
}{Definition
}
300 In a Sybil Attack, the adversary utilizes multiple identities to
301 break assumptions about the system
304 Gaining control over parts of the keyspace in the
\iip{netDB
} with
307 \begin{block
}{Challenge
}
308 Active identities require considerable resources to be useful
310 \begin{block
}{Solution
}
311 Compute a large pool of identities and only activate the relevant ones
316 \frametitle{Deanonymizing Users
}
318 Given an user Alice and a resource R, we want to confirm or refute
319 Alice using R with high probability.
321 \begin{block
}{Vulnerability
}
323 \item<
2-> Nodes store their
\iip{routerInfo
} directly in the
\iip{netDB
}
324 \item<
3-> Nodes verify the storage
20 seconds later using one of their
325 \iip{exploratory Tunnels
}
326 \item<
4-> Nodes use the same
\iip{exploratory Tunnel
} again for
333 \frametitle{Deanonymizing Users
}
336 \begin{tikzpicture
}[scale=
1.4,font=
\tiny]
338 \foreach \sector in
{%
339 0,
1,
2,
3,
4,
5,
6,
7,
8,
9}%
341 \node[netdb
](node
\sector) at (
{36 * (-
\sector +
.5)
} :
12mm)
{\sector};
343 \node at (
0,
0)
{netDB
};
345 \node[client
](client) at (-
45mm,
12mm)
{Client
};
347 \draw[arrow,bend left=
5,dashdotted
] (client.north east) to node
[above
] {store
} (node7.north west);
348 \draw[arrow,<-,bend left=
5,dashdotted
] (client.east) to node
{} (node7.west);
350 \draw[arrow,draw,bend right=
15] (node7.south east) to node
{} (node8.south west);
351 \draw[arrow,draw,bend right=
15] (node7.south east) to node
[below
] {replication
} (node9.west);
352 \draw[arrow,draw,bend left=
15] (node7.south east) to node
{} (node6.north east);
354 \node[chain,minimum size=
6em,minimum height=
3.5em,draw=gray
](tunnel) at (-
35mm,-
2.5mm)
{};
355 \node[below=
2mm of tunnel.south
] {exploratory tunnel pair
};
356 % \node[tunnel] at (-35mm, 0mm) {};
357 \node[chain
] (ol) at (-
40mm,
0mm)
{};
358 \node[chain
] (oe) at (-
30mm,
0mm)
{};
359 % \node[tunnel] at (-35mm, -5mm) {};
360 \node[chain
] (il) at (-
40mm, -
5mm)
{};
361 \node[chain
] (ie) at (-
30mm, -
5mm)
{};
362 \path[arrow
] (
[xshift=-
1mm
]client.south) |- (ol.west);
363 \path[arrow,<-
] (
[xshift=-
2mm
]client.south) |- (il.west);
364 \path[arrow
] (ol.east) -- (oe.west);
365 \path[arrow,<-
] (il.east) -- (ie.west);
367 \draw[arrow,bend left=
5,dashdotted
] (oe.north east) to node
[above
] {verify
} (
[yshift=
1mm
]node6.west);
368 \draw[arrow,bend left=
15,<-,dashdotted
] (ie.north east) to node
{} (node6.west);
370 \draw[arrow,bend right=
15,dashdotted
] (oe.south east) to node
[above
] {lookup
} (node4.west);
371 \draw[arrow,bend right=
5,<-,dashdotted
] (ie.south east) to node
{} (
[yshift=-
1mm
]node4.west);
378 \frametitle{Sybil Attack
}
379 \begin{block
}{Generating identities
}
381 \item Building a Database of
50,
000 identities takes around
30
382 minutes on
12-core Xeon server
383 \item 156 nodes on average between two adjacent database nodes
384 \item All identities available to all malicious nodes
387 \begin{block
}{Using identities
}
389 \item Malicious nodes can calculate the correct identities and
390 change identity at any time
391 \item Nodes coordinate to avoid duplicate identities
397 \frametitle{Deanonyizing Attack
}
400 \item 20 attacking nodes in Santa Barbara
402 \item 10 nodes capturing resource lookups
403 \item 10 nodes performing timing attack on
\iip{routerInfo
} storage
405 \item 6 monitoring nodes:
3 in Erlangen,
3 in Santa Barbara
408 \begin{block
}{Results
}
410 \item 60\,\% of potentially observable links detected
411 \item 52\,\% of attributed hits correct
412 \item Working equally well for geographically remote Hosts
418 \frametitle{Deanonymizing Users
}
421 \begin{tikzpicture
}[scale=
1.4,font=
\tiny]
423 \foreach \sector in
{%
424 0,
1,
2,
3,
4,
5,
6,
7,
8,
9}%
426 \node[netdb
](node
\sector) at (
{36 * (-
\sector +
.5)
} :
12mm)
{\sector};
428 \node at (
0,
0)
{netDB
};
430 \node[client
](client) at (-
45mm,
12mm)
{Client
};
432 \draw[arrow,bend left=
5,dashdotted
] (client.north east) to node
[above
] {store
} (node7.north west);
433 \draw[arrow,<-,bend left=
5,dashdotted
] (client.east) to node
{} (node7.west);
435 \draw[arrow,draw,bend right=
15] (node7.south east) to node
{} (node8.south west);
436 \draw[arrow,draw,bend right=
15] (node7.south east) to node
[below
] {replication
} (node9.west);
437 \draw[arrow,draw,bend left=
15] (node7.south east) to node
{} (node6.north east);
439 \node[chain,minimum size=
6em,minimum height=
3.5em,draw=gray
](tunnel) at (-
35mm,-
2.5mm)
{};
440 \node[below=
2mm of tunnel.south
] {exploratory tunnel pair
};
441 % \node[tunnel] at (-35mm, 0mm) {};
442 \node[chain
] (ol) at (-
40mm,
0mm)
{};
443 \node[chain
] (oe) at (-
30mm,
0mm)
{};
444 % \node[tunnel] at (-35mm, -5mm) {};
445 \node[chain
] (il) at (-
40mm, -
5mm)
{};
446 \node[chain
] (ie) at (-
30mm, -
5mm)
{};
447 \path[arrow
] (
[xshift=-
1mm
]client.south) |- (ol.west);
448 \path[arrow,<-
] (
[xshift=-
2mm
]client.south) |- (il.west);
449 \path[arrow
] (ol.east) -- (oe.west);
450 \path[arrow,<-
] (il.east) -- (ie.west);
452 \draw[arrow,bend left=
5,dashdotted
] (oe.north east) to node
[above
] {verify
} (
[yshift=
1mm
]node6.west);
453 \draw[arrow,bend left=
15,<-,dashdotted
] (ie.north east) to node
{} (node6.west);
455 \draw[arrow,bend right=
15,dashdotted
] (oe.south east) to node
[above
] {lookup
} (node4.west);
456 \draw[arrow,bend right=
5,<-,dashdotted
] (ie.south east) to node
{} (
[yshift=-
1mm
]node4.west);
462 \frametitle{Results for multiple Hits
}
464 $N=
144$, Number of time slices\\
465 $q=
0.001$,
7\,\% of total nodes accessing the resource once a day\\
466 $x=
0.52\cdot p +
0.48\cdot q$ \\
467 $P(k~hits) =
{N
\choose k
} x^k
\cdot (
1-x)^
{N-k
}$
}
470 \includegraphics[width=
.7\textwidth]{graph
}
474 \section{Conclusions
}
477 \frametitle{Limitations
}
478 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
479 \item Only works reliable for longer/repeated resource access
480 \item Less reliable for popular resources
481 \item Needs extra resources per tracked user and per resource
486 \frametitle{I2P Improvements
}
487 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
488 \item Limiting
\iip{netDB
} nodes per IPv4 network
489 \item Ignoring new
\iip{netDB
} nodes
490 \item Removing storage verification
491 \item Randomizing the time delta
492 \item Expiring tunnels after storage verification
497 \frametitle{Bibliography
}
499 \nocite{Timpanaro:
2011}
500 \nocite{Herrmann:
2011}
501 \nocite{Douceur:
2002}
502 \nocite{Dingledine:
2004}
504 \bibliographystyle{plain
}
505 \tiny{\bibliography{../i2p
}}