[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Design of next-generation Tor systems

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Design of next-generation Tor systems
From: Aymeric Vitte <vitteaymeric@xxxxxxxxx>
Date: Sat, 2 Jul 2016 12:17:26 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 02 Jul 2016 06:18:02 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=tNqFZENC0THhrBXC4z7LuU1ptzt3dmQ14PzMNsDx1ZY=; b=OA9kt/d+eDYRcVAmctt6joRokm6MS52e311fBV5y0yhES6l+RJoTjYfkMjRWrkRSUG OzWNkCXG+We3P+TilDr8atxfOMY1LjUrqN0OnYZ3zkp8eeFNpI7OslAhBT3bBSsfGfuN eqNGuJv0LAFnoT8xzqSXWUuIO8kgg0aVW6cPtNGjVjs67RDo65lYF9vXVn6RDBTnh7ty vG8P+lu+oVan3ipfvI+Pe7fv1Ahx3unDltoi0HiFrJxJqhKq70Iv6Wu1WNEylQRKUm2B 66syTmo7+gVxMwlpqF5/uTause6VHDvDx6FA23VBSjhG64/D5Ta/rhdl9CMzls/rYu7F qgXg==
In-reply-to: <20160701120218.GA25005@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <5768abc1.8d38c80a.1d4f8.23b7@xxxxxxxxxxxxx> <20160621041939.GA84886@xxxxxxxxxxxxxxxxxxxxxx> <ece45e3c-b9a7-3ac6-02e5-60dd98f58723@xxxxxxxxx> <20160621164838.GC4418@xxxxxxxxxxxxxxxxxxxxxx> <20160621173921.GA16523@xxxxxxxxxxxxx> <6ce3e4cf-9670-a2af-ffa8-c06adc52a3f1@xxxxxxxxx> <20160622114627.GA28667@xxxxxxxxxxxxx> <190b76c4-0a9e-a82f-ced6-8717e7869257@xxxxxxxxx> <20160625115425.GA21954@xxxxxxxxxxxxx> <5b5ca367-0ea8-10eb-5da4-c2cb1e8059f2@xxxxxxxxx> <20160701120218.GA25005@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; rv:45.0) Gecko/20100101 Thunderbird/45.1.1


Le 01/07/2016 Ã 14:02, carlo von lynX a Ãcrit :
> Just thought.. strange.. Aymeric never bails out of a discussion,
> and guess what, I overlooked his reply! Here we go.

Maybe we can continue off the list since the discussion is going into
specific details not related to Tor

>
> On Mon, Jun 27, 2016 at 01:00:14PM +0200, Aymeric Vitte wrote:
>>> Do you know of any other technology that does so with comparable dedication?
>>> Is the spy detection for bittorrent that you implemented (and mention
>>> further below) similar to this?
>> Probably it is, but as stated I did not understand very well the
>> presentation, is there some paper or more detailed document about it?
> https://gnunet.org/cadet

I did read the paper before and looked at the presentation again. It's
very different from what torrent-live (securizing the bittorrent DHT for
the users' privacy but inherently, if used correctly, the bittorrent DHT
already secures the routing for attacks described in the presentation)
and Convergence are doing (explained here
https://github.com/Ayms/node-Tor#bootstrap-and-peers-discovery but for
Convergence you should replace the notion of file hash by the notion of
peerID)

In gnunet, when the DHT is used the path for data goes through the node
that stored the data and as far as I understand the ID used for the
nodes in the DHT is the peerID of the nodes (not the same in Convergence
the DHT nodeIDs are the fingerprint of their temporary onion keys, not
their long term peerID), I find it a bit strange since it might be
possible for a node to force the traffic to go through him for a given
peerID (not easy since it cannot choose his peerID but still possible),
but probably this is foreseen, and the path is then a bit "indirect"
too, but why not, will keep this in mind too

>>> Hm, I have a feeling you are describing how gnunet works. Nodes that see
>>> each other keep on communicating to each other also after a restart, but
>>> whenever a new route needs to be discovered, it's time to use the DHT
>>> with the hardened CADET technique. This way it can cross network boundaries,
>>> reach into censorship-friendly countries, operate over mesh networks. That
>>> extra post-broken-Internet capability does not make gnunet less efficient
>>> over the broken Internet.
>> It's similar indeed, I believe each system designed for
>> privacy/anonymity have similarities, maybe something different with
>> Convergence/Peersm is that no direct routes are established toward the
>> peers and data are relayed by rdv points to which the peers are
>> connected via two Tor hops, but one might finally consider that the
>> routes through the rdv points are direct ones, another difference is
>> that peers do not advertise themselves in the DHT, others are doing it
>> for them, one idea behind this (other than countering sybil attacks) is
>> to make sure that the peers cannot freeride
> Interesting, I think gnunet does it differently.. there's some game
> theory in there. But that's outside my competence scope.

I don't remember having seen a lot in design papers regarding
freeriding, that's at least as important as classical attacks,
freeriders can just stop the network, for example if a lot of people
were to use torrent-live then the bittorrent network would just stop working

>
>>>>>  Also why do people even
>>>>> think of using an insecure file sharing tool (Bittorrent) over an
>>>>> anonymizing network that isn't designed for it if they can use a
>>>>> file sharing system that is designed to be anonymous? gnunet-fs works
>>>>> great from what I've seen...
>>>> gnunet-fs has probably not 200 M peers and associated content, probably
>>> Tor also doesn't have 200 M bittorrent peers. If those peers are all
>>> outside of Tor, then what's the point? Is anonymity only for a few?
>> I did not get this, what do you mean? What peers outside of what Tor?
> You are alluding to bittorrent's 200 M peers, right? Well, those are
> on clearnet, correct? We can expect that Tor would not be able to
> scale to handle them all, it can only help some freeloaders cover
> their identity.

Yes but as we know this does not protect anything

>  gnunet-fs has not seen much popularity but it has
> been tested in simulations on university supercomputers with some
> million virtual users.

Ok but I guess the virtual users don't have the content that the non
virtual users are looking for

>
>>> Yes. At first it may make sense to play lego and put two things
>>> together, one for the file sharing and the other for anonymity.
>>> But it doesn't scale up.
>> Neither works and/or achieves its goal, perfect example is
>> https://github.com/Ayms/torrent-live#deanonymizing-the-vpn-peers
> You are announcing a bigger scandal than the unwillingness of WebRTC
> developers to close their deanonymization loophole? Well, let me
> know when "More to come" is replaced.

Bigger I don't know since we are talking about the bittorrent users here
but serious yes, maybe "more to come" will come, this is going together
with the study https://gist.github.com/Ayms/79bdfc6ba747fb49503d, and
this is for sale at least to fund this more than two years work
(scandalous, I know... should be free of charge of course)

>
>>>  Or maybe it is just a question of patience
>>> at the expenses of Tor's relay donors.
>> Maybe if one day we can add Tor nodes apart from the centralization
>> system (like inside browsers as Convergence is proposing), if not it has
>> to be separated
> But then you are not using potential synergy of multicast and onion
> routing. If thousands of people are participating in a distribution
> tree, is it really necessary to have full-fledged OR between each 
> distribution point? I think the anonymous multicast papers have
> figured out more efficient ways.
>
>

Is gnunet really multicast? The distribution tree is composed of rdv
points and messages from one point to another go through different paths
composed of rdv points

-- 
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Design of next-generation Tor systems
  - From: carlo von lynX

Prev by Author: Re: [tor-talk] Anyone got the sourcecode for "CensorSpoofer"
Next by Author: Re: [tor-talk] Practical deanonymization using CPU load covert channels
Previous by thread: Re: [tor-talk] Design of next-generation Tor systems
Next by thread: Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer
Index(es):
- Author
- Thread