3 \usepackage[utf8
]{inputenc}
7 \lstloadlanguages{lisp
}
9 \usetikzlibrary{svg.path,positioning,intersections
}
10 \usepgflibrary{shapes.geometric
}
11 \usepgflibrary{shapes.misc
}
12 \usepgflibrary{shapes.symbols
}
14 \usepgflibrary{shapes
}
15 \usetikzlibrary{shapes,decorations,shadows
}
16 \usetikzlibrary{decorations.pathmorphing
}
17 \usetikzlibrary{decorations.shapes
}
18 \usetikzlibrary{fadings
}
19 \usetikzlibrary{patterns
}
21 \tikzstyle{netdb
}=
[anchor=center,
color=black,rectangle,draw,minimum
22 size=
.6em,minimum height=
.2em
]
23 \tikzstyle{client
}=
[fill=i4gray,rectangle,draw
]
24 \tikzstyle{chain
}=
[rectangle,draw,minimum size=
1em,minimum height=
.5em
]
25 \tikzstyle{arrow
}=
[->,thick,draw,shorten <=
2pt,shorten >=
2pt,
]
26 \tikzstyle{tunnel
}=
[fill=gray,shape=ellipse,minimum size=
4em,minimum height=
1.1em
]
28 \newcommand{\iip}[1]{\textcolor{i4red
}{#1}}
30 \author[Christoph Egger
]{{\bf Christoph Egger
}, Johannes Schlumberger, Christopher
31 Kruegel, Giovanni Vigna
}
32 \title{Practical Attacks Against The I2P Network
}
33 \institute{Friedrich-Alexander University Erlangen-Nuremberg\\
34 University of California, Santa Barbara
}
35 \date{October
25,
2013}
42 \includegraphics[width=
0.23\paperwidth]{fau_siegel
}
44 \includegraphics[width=
0.25\paperwidth]{ucsbseal
}
51 \begin{block
}{What is I2P?
}
54 \item Network Database
55 \item \textcolor{gray
}{Floodfill Participation
}
59 \begin{block
}{\textcolor{gray
}{Floodfill Takeover Attack
}}
62 \begin{block
}{Sibyl Attack
}
64 \item Attack Description
68 \begin{block
}{\textcolor{gray
}{Eclipse Attack
}}
71 \begin{block
}{Deanonymization Attack
}
73 \item Attack Description
77 \begin{block
}{Conclusions
}
80 \item I2P improvements
81 \item \textcolor{gray
}{Related Work
}
88 \frametitle{Anonymity
}
89 \begin{block
}{Who needs anonymity
}
92 \item Civil rights activists
96 \begin{block
}{I2P and tor
}
98 \item Tor: directory authorities $
\leftrightarrow$ I2P:
100 \item Tor: proxy to the outside world $
\leftrightarrow$ I2P:
101 separated
\emph{Darknet
}
107 \frametitle{Introduction to I2P
}
108 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
109 \item Solution for anonymous communication
110 \item Separated from the ``Internet'' --
\emph{Darknet
}
111 \item Fully distributed design
112 \item Based on onion-routing
113 \item Between
18,
000 and
28,
000 active users
121 \begin{block
}{Router
}
123 \item Handle connections
124 \item Provide name services
128 \begin{block
}{Applications
}
130 \item Server, client or P2P software
131 \item Sockets interface with TCP-like or UDP-like semantics
137 \begin{tikzpicture
}[scale=
1.2]
138 \tikzstyle{every node
}=
[font=
\small]
139 \node[minimum width=
9em,minimum height=
9em,draw=gray
](clientpc) at (
25mm,
9mm)
{};
140 \node[above=
0mm of clientpc.south
] {User's Computer
};
141 \node[cloud,drop shadow,fill=white,draw,minimum
142 width=
4.5em,minimum height=
2.5em
](ip) at (
22mm,
30mm)
{I2P
};
143 \node[client
](client) at (
22mm,
18mm)
{I2P Router
};
144 \node[rectangle,draw,below=
0mm of client.south east
](app1)
{Application
};
145 \node[rectangle,draw,below=
0mm of app1.south
](app2)
{Application
};
146 \node[rectangle,draw,below=
0mm of app2.south
](app3)
{Application
};
148 \path[arrow
] (app1.west) -| (
[xshift=
3.5mm
]client.south west);
149 \path[arrow
] (app2.west) -| (
[xshift=
2.5mm
]client.south west);
150 \path[arrow
] (app3.west) -| (
[xshift=
1.5mm
]client.south west);
151 \path[arrow
] (
[xshift=
.5mm
]client.north) -- (
[xshift=
.5mm
]ip.south);
152 \path[arrow
] (
[xshift=-
.5mm
]ip.south) -- (
[xshift=-
.5mm
]client.north);
162 \item Using onion-routing for anonymity
164 \item Paired for bi-directional communication
166 \begin{block
}{Client Tunnels
}
168 \item Used for data interactions
169 \item Several per application
173 \begin{block
}{Exploratory Tunnels
}
175 \item Used for database interaction
176 \item 2 to
3 per node
182 \frametitle{Network Database
}
184 \item<
1-> Kademlia-like DHT based on
\texttt{XOR
}-distance run on
186 \item<
1-> Layout of the database changes completely every day
187 \item<
2->
\iip{databaseRecord
}\\
188 Information named using a hash over their cryptographic Keys
189 \item<
2->
\iip{storageLocation
}\\
190 Hash over name and today's date
191 \item<
3->
\iip{routerInfo
}\\
192 Peer information: IP address, port, protocol, keys
193 \item<
3->
\iip{leaseSet
}\\
194 Service information: Entry tunnels, keys
199 \frametitle{Sample Interaction
}
200 Accessing a hidden website -- ``http://civilrights.i2p''
203 \input{sample-interaction
}
208 \frametitle{Threat Model
}
209 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
210 \item Implicitly specified in terms of attacks considered
211 \item Only allows local adversaries: No global view about traffic
212 passing through the network
213 \item Only allows limited number of malicious nodes -- around
20\,\%
214 of
\iip{netDB
} super-nodes and
20\,\% of total nodes
215 \item Secure cryptographic primitives
219 \section{Sibyl Attack
}
221 \frametitle{Sybil Attack
}
222 \begin{block
}{Definition
}
223 In a sybil attack, the adversary utilizes multiple identities to
224 break assumptions about the system
227 Gaining control over parts of the keyspace in the
\iip{netDB
} with
228 limited resources. As a result be the only source considered for
229 certain pieces of data and therefore able to monitor every access
232 \begin{block
}{Challenge
}
233 Active identities require considerable resources to be useful
235 \begin{block
}{Solution
}
236 Compute a large pool of identities and only activate the relevant ones
241 \frametitle{Sybil Attack
}
242 \begin{block
}{Generating identities
}
244 \item Building a database of
50,
000 identities takes around
30
245 minutes on
12-core Xeon server
246 \item 156 nodes on average between two adjacent database nodes
247 \item All identities available to all malicious nodes
250 \begin{block
}{Using identities
}
252 \item Malicious nodes can calculate the correct identities and
253 change identity at any time
254 \item Nodes coordinate to avoid duplicate identities
259 \section{Deanonymizing Users
}
261 \frametitle{Deanonymizing Users
}
263 Given an user Alice and a resource R, we want to confirm or refute
264 Alice using R with high probability.
266 \begin{block
}{Vulnerability
}
268 \item<
2-> Nodes store their
\iip{routerInfo
} directly in the
\iip{netDB
}
269 \item<
3-> Nodes verify the storage
20 seconds later using one of their
270 \iip{exploratory tunnels
}
271 \item<
4-> Nodes use the same
\iip{exploratory tunnel
} again for
278 \frametitle{Deanonymizing Users
}
281 \input{deanonymization
}
286 \frametitle{Deanonyizing Attack
}
289 \item 20 attacking nodes in a single network
291 \item 10 nodes capturing resource lookups
292 \item 10 nodes performing timing attack on
\iip{routerInfo
} storage
294 \item 6 monitoring nodes: split between two continents
297 \begin{block
}{Results
}
299 \item 60\,\% of potentially observable links detected
300 \item 52\,\% of attributed hits correct
301 \item Working equally well for geographically remote hosts
306 \section{Conclusions
}
308 \frametitle{Limitations
}
309 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
310 \item Only works reliably for longer/repeated resource access
311 \item Less reliable for popular resources
312 \item Needs extra resources per tracked user and per resource
317 \frametitle{I2P Improvements
}
318 \begin{itemize
}\addtolength{\itemsep}{1\baselineskip}
319 \item Working with I2P developers to make it secure again
320 \item<
2-> Implemented improvements
322 \item Limiting
\iip{netDB
} nodes per IPv4 network
323 \item Randomizing the time delta
324 \item Ongoing discussion about deeper modifications to the
\iip{netDB
}
326 \item<
3-> Further improvements
328 \item Ignoring new
\iip{netDB
} nodes
329 \item Removing storage verification
330 \item Expiring tunnels after storage verification
335 \begin{frame
}{Questions?
}
338 \includegraphics[width=
7cm
]{42.pdf
}
344 \frametitle{Bibliography
}
346 \nocite{Timpanaro:
2011}
347 \nocite{Herrmann:
2011}
348 \nocite{Douceur:
2002}
349 \nocite{Dingledine:
2004}
351 \bibliographystyle{plain
}
352 \tiny{\bibliography{../i2p
}}