I believe that pcaching applies to local requests too... so why not just let freenet take care of itself and stick to plausible deniability? You could just have been the first person in line for the insertion of said key or whatever...
--B On Wed, 10/15/03 at 18:14:21 -0700, Martin Stone Davis wrote: > AFAIK, it is possible right now to discover whether a node has requested > a particular large splitfile by measuring how much time it takes the > node to search for each part of the splitfile. > > To prevent such "timing attacks on the datastore", I thought at first > that a solution would be > > SOLUTION #1: that the the node itself would flag any keys that the > operator has requested as "requested only by me". Then, if the node was > asked later for a key that held such a flag, it would pretend that it > didn't have it, search for the key on other nodes, and then reset the > key's flag if it found it on another node. > > However, Iakin (I believe) pointed out that this is a bad idea because > we don't want freenet itself to break it's own anonymity: we don't want > someone to be able to inspect the operator's hard drive and say "ah ha! > you requested this key!". > > He suggested instead (if I understood correctly) > > SOLUTION #2: that keys that we request would somehow be moved into a > separate, encrypted store, and never placed in the main datastore. > > However, isn't there a problem with that as well? > > Say that over a long period of time, node A requests keys K1-K1000 from > node B. K1-K100 were requested by the operator of node A, while > K101-K1000 were requested by nodes connected to node A. Also, K1-K100 > are all related to documents describing plans to overthrow the evil > government of AAIR (it's a tropical country which depends mostly on > tourism). Node B is run by (you guessed it) the AAIR. At the same > time, the AAIR is running another node C, which mounts a timing attack > on node A to see whether it has keys K1-K1000. Under either solution #1 > or #2, node C would see that node A takes longer to find keys K101-1000 > than it does to find keys K1-K100. But since the AAIR know that node A > requested all of the keys, it also knows that the operator of node A > requested keys K1-K100 and is trying to hide that fact. > > Note that in the above scenario, K1-K100 don't have to be part of the > same splitfile. They just have to be of similar-enough subject matter > that the operator of node A would appear to have requested it IF someone > were to inspect his datastore. > > > I'm having a lot of trouble coming up with a good solution. Thoughts? > > -Martin > > > _______________________________________________ > Devl mailing list > [EMAIL PROTECTED] > http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
