On Sun, 30 Jul 2000, you wrote:
> I'm jumping into this thread mid-stream, so if I'm missing
> something, let me know (flames to /dev/null). I may be
> completely off-base here...
The discussion is a little pointless as pertains to Freenet in its current
form. Freenet is a not a true mixnet - while requests are sent through many
hops, the key (in it's obfusiated hash form) that is being requested is visible
to each node (otherwise they could not route them). In fact, Freenet does not
even provide the weaker "crowds" type anonymity, since there are several
indications that may indicate that a node is early (meaning client is just a
few hops back) rather then late in a Request chain.
Freehaven is a different project which shares some of our goals, but is
intended to work as an Eternity service (data never dies) rather then Freenet's
popularity driven lifetimes of data. Freehaven does not share our goal of
creating a general purpose high performance network, which has allowed them to
be paranoid in ways that we cannot afford. For example, the central Freehaven
network is in reality little more anonymous then Freenet, but the Freehaven
design perscripes that all user interface with the network should go through a
Mixmaster type mixnet - technically, we could of course say that as well (and we
have even discussed building an onion routed mixnet into our own nodes) but it
is not realistic given the discrepency between the Mixmaster and our goal of
Web level performance.
> > 1) Carnivore is installed in a number of major ISPs.
>
> So use minor ones like the "free" networks available in
> many metropolitan areas. If you're exceptionally paranoid
> and/or up to no good, you can bring a packet sniffer to your
> local university and fire 'er up. Port 110 is usually a
> good bet. *cough* Not that I'm advocating cracking;
> I am illustrating a point - unless you are tapping the
> phone lines, listening in at the ISP will do you little
> good. Carnivore is engineered for stupid criminals.
>
> <PARANOIA>
> Or maybe it wasn't designed to monitor criminals....
> </PARANOIA>
Carnivore is apparently just a scary name for an NT5 box running some modified
store-bought software ("Etherpeek" , I have this off cypherpunks so I can't
vouch for it). If the email reading capability that has been discussed is the
only thing it is use for, then I would agree that it is somewhere between for
dumb criminials and a joke (and certainly not an invasion of privacy -
plaintext email is not private).
However, nothing really says it is - at heart, if the American regime can get
carnivore boxes installed at the major isps, then they have acquired a PoP on
the access lines of large part of the nets population. And since Carnivore is
a black box that just listens, you can't actually know what is being done with
the TA data that the network of carnivores have access to. Not even Echelon
(which mostly listens on sattelite and long distance com AFAIK) has this sort
of capacity (Echelon is operated by the NSA and Brittish sigint under the UKUSA
agreement - anybody find is suspicious that the UK just passed a law to require
the deployment of a carnivore like system there too?)
> > 3) Traffic analysis is poorly understood outside the NSA
>
> Hrmph. Packets originating on Port 110 with a length of 63
> and 85 will most always contain the USER and PASS commands.
> Everything else is blocked at the MTU size. Yes, you'll
> pick up some noise, but a manual grep through the logs for
> USER and PASS along with a awk to reorder the contents so
> the timestamp is first does wonders. Why people don't use
> encryption is beyond me on public networks... I SSH or
> PPTP tunnel everything of importance. Traffic analysis
> isn't a hard-to-grasp concept, once you know what you're
> looking for and how the data is structured.
I'd have to agree, I don't think that the difference of understanding of
traffic analysis between inside the NSA and outside is that extreme. Traffic
analysis falls into a the area of easy to understand, difficult to pull off,
IMHO. It isn't exactly difficult to understand that without access to any of
the sematics you study the timing, size, source, destination, and other
properties of the traffic to try to identify it. Nor is it difficult to
understand that TA attacks are possible of much greater complexity then
matching packet lenghs like above, or watching a mix node to see something
enter and leave at the same time - that for services that run over longer
periods of time statistical analysis can be made of just about any data ties
traffic together.
Actually being able to pull of such an analysis is something I have no doubt
that the NSA are a million times better at then we are, however.
> > 4) Traffic analysis is rumored to be better understood inside the NSA
>
> That's their job; It's no rumor. You can also invalidate traffic
> analysis by sending in blocks of the same size at regular intervals,
> Say, 100 * 1500 length packets per hour. If you put the cipher in
> feedback mode (tcp/ip so you don't lose packets, obviously) the
> contents will be scrambled beyond the ability of the NSA to monitor
> more than a few nodes at a time. Invalidate your keys at regular
> intervals (like kerberos) so you cannot issue a replay-attack on
> the remote host. Anyway, blah blah blah.. let a real crypto
> expert take the podium on this. :)
>
> The point is if you rearchitecture things to move in batch jobs
> at regular intervals and queue requests it's impossible to see
> where the data is going. After 1 or 2 hops, it's purely guess-work
> to determine where the data is coming from and going to. I'm assuming
> other nodes would aggregate traffic. I'm assuming one of the
> goals of Freenet is plausible deniability - nobody can ever prove
> a particular piece of data ever passed your node. If that is a
> design goal, this will need to be implimented at some point if
> you care about traffic analysis. You also need to take care to
> pick a sufficiently large key size and cipher mode so as to make
> cryptanalysis more difficult.
However, you are forgetting that one goal of Freenet is usability. There is
simply no way we could build the structure around batch jobs and dummy traffic.
Batch jobs are simply to slow, and while we can add some dummy messages, we can
just not expect people to volunteer to run Freenet nodes if we are covering the
entire capacity available the whole time.
> > 5) We glimpsed at the conference that often a couple of compromised
> > nodes are sufficient to trace source/destination of remailer mail.
>
> Which is why you use multiple remailers...
>
> > 6) Carnivore precisely link-level compromises mix nodes. It does nothing
> > more, nothing less.
>
> If you want to get creative.. create an abstraction layer in a freenet
> server away from the network. You'll need to run it as root to do this,
> but under linux you can bind the server to practically every port from
> 1024:65535, and then tell the kernel to release each port as needed.
> I know a program called Abacus PortSentry does this. You could arrange
> several types of handshakes so Freenet could, in effect, function on
> any port and on any protocol - TCP, UDP, ICMP.. it wouldn't matter. Of
> course, it's a simple matter of programming to do this.. *cough* :)
We been there before. We have even discussed masking Freenet under different
high level protocols like HTTP, FTP, SMPT etc. I am weary of this sort of
obscurity design though.
> That would throw monitoring things at the link-level off.
It would make it more difficult, but certainly not through it off.
> The next
> logical step, then, would be either Tempest or penetrating the host's
> security and installing a daemon / TSR into memory to monitor key
> data segments in the FreeNet server. Atleast, that's what I'd do...
We want 100 000+ Freenet nodes running. This is not a mode of attack (against
Freenet - it is by far the best way to attack many things) that has me up at
night.
> > 7) The FBI may well be interested in being able to follow mix traffic.
>
> So are alot of other groups. Some of them don't work for the government.
> Some of them are on this list. :) Keep in mind the people best able to
> defend against a threat like that are the people building Freenet.
>
> Carnivore stops stupid criminals. Not intelligent ones. I think I can say
> with a fair level of confidence most of the people developing freenet
> aren't slouches. :)
I don't know about your defenition of Slouch, but of like 30 developers with
cvs access we have only 4-5 doing any work.
> So don't worry about Carnivore. You can't stop it, but you can route
> around it by properly architecturing your protocols and servers.
Those who wish to spy on the people know that widespread crypto use is coming.
They know that large scale active attacks (MITM) and TA are the way of the
future. When those same people come and say they want a POP at every ISP, I do
worry.
>
> --
> Signal 11 -o- BOFH, malign.net
> Who cares how corrupt our leaders are as long as they're tough on crime?
>
> P.S. At this point you're either blown away at this response or you
> think I'm a complete idiot. Either way you're probably right...
>
>
> _______________________________________________
> Freenet-dev mailing list
> Freenet-dev at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/freenet-dev
--
\oskar
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
