Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Censorship

InvisibleNet Presents IIP 176

Posted by michael from the op-sets-ban-on-*.invisiblenet.net dept.
An anonymous submitter writes: "A new and ever growing project has launched into the alternative network realm, changing the pace by focusing directly on speech, rather than file sharing. The Invisible Irc Project, a peer distributed secure and anonymous internet relay chat network has popped up at some of the recent conventions this past year. The creator, and project leader, known as 0x90, has been seen at CodeCon 2002 introducing it to the public, at that time in more of a primitive state, and today, almost a year later, the software has noticeably been more usable by the masses. 0x90 just gave a talk at ToorCon 2K2 on designing a robust & secure Peer-2-Peer framework, and their InvisibleNet site just released new software along with a two part interview that was taken in July. A good read that details the depths of their project, including the state it is in now, and the future vision of a privately distributed steganographical crypto-net. I have tried out the software and it is very easy to set up, and it supports the freenixes, OS X, and Win32 machines. You can use any irc client with it seemlessly, and the cryptography is handled transparently within your "IIP" node. It's GPL so peer review is welcome, as it also states this on their site. It appears to have a nice community of users with a range of discussions. So if you have a bit of time on your hands to engage in some chatting online, give this a try. It's alternative, creative, and possibly a standard setting step to securing IRC as we know it."
This discussion has been archived. No new comments can be posted.

InvisibleNet Presents IIP More

InvisibleNet Presents IIP

Comments Filter:

  • Looks very promising (Score:3, Insightful)

    by ymgve ( 457563 ) on Friday October 04, 2002 @08:40PM (#4391492) Homepage
    I tried it, and it worked very well right out of the box. I am really looking forward to seeing them develop the InvisibleNet platform further - it might even become a serious competitor to what FreeNet is now.

    • Re:Looks very promising (Score:4, Insightful)

      by Puggles ( 126272 ) on Friday October 04, 2002 @09:18PM (#4391624) Homepage Journal
      It's performing very well out of the box right now, but IIP is about to have its scalability tested, Slashdot style.

      Here's to hoping the whole thing doesn't come tumbling down.
    • I've worked in VPN and P2P space for past few years and have been poking around the similar ideas for quite some time.

      The basic idea is very simple - you create trusted network of anonymous -proxies- and if node sees the traffic coming from the peer it's just unable to tell if it belongs the peer or some proxied node behind it. Hense the anonymity is built into the infrastructure.

      While looking at this, I got as far as putting together formal design document and protocol spec, and passed them around for the "peer review". The common problem everyone pointed out was the fact that this approach will not scale. It might be fine for IRC traffic, but it cannot and should not be applied to bulk data transfers. This is something InvisibleNet still has to realize.

      It's good that they have a momentum, which may (or may not) allow them to overcome principal problems of the architecure.

      • This is something InvisibleNet still has to realize.
        IIP2 is in the works which aims to include a completely different architecture. It will most likely be totally peer-to-peer (as in no distinction between clients, proxies, and servers; all nodes will share all roles) and incorporate a lexical routing system (addresses derived from channel or user names and routed accordingly).

        Initial data gathered suggests that it could scale well, preserving low latency and reasonably high throughput.

        Unfortunately, with this model, there are a few anonymity concerns -- the current issue being pondered is node discovery (how to keep an attacker from learning large numbers of nodes) and how to anonymously route messages back to the user. But don't worry, it's being worked on.

        • IIP2 is in the works which aims to include a completely different architecture. It will most likely be totally peer-to-peer (as in no distinction between clients, proxies, and servers; all nodes will share all roles) and incorporate a lexical routing system (addresses derived from channel or user names and routed accordingly).
          [snip]

          It's all good, but you have to realize that there is no anonymity without proxying, and there no proxying solution without scalabilty problems. As simple as that.
    • Actually I've been using it this past summer and when it worked it worked well. It had this annoying habit of going down about every 2 or 3 days. And it also isn't a "competitor" to freenet--it's a "companion". You surf the FreeNet boards looking for posts about new files going up and then log into IIP and DL. Worked alot more efficiently than just FreeNet alone cause half the time you'd get only partial files downloaded using the standard FreeNet keys. So when joined together FreeNet was used to announce the new (usually temporary) chat rooms, IIP into the room, get your stuff, and then get the fuck out. You'd also see all the posts going up about IIP going down and then everyone posting when it came back up. IIP and FreeNet were a pretty good combo in my book and I hope this new version will work as well as the old one but have a better amount of stability. This new version could very well be a better solution to encrypted data exchange.
  • Now instead of nuking an entire irc server to take down a channel all I gotta do is smurf a node, while being able to download mp3s, and get spam messages to view explict websites. What a great idea :)

  • horray something to download! (Score:5, Funny)

    by Mage Powers ( 607708 ) on Friday October 04, 2002 @08:44PM (#4391513) Homepage
    I gotta love slashdot, just before I decided to cave in and do homework, theres a post on slashdot involving downloading, irc AND encryption!


    • > I gotta love slashdot, just before I decided to cave in and do homework, theres a post on slashdot involving downloading, irc AND encryption!

      Tell your mom to turn off the nanny filter - a couple of goatse links will have you back on your homework in no time.

      • Is this insulting or just a bad joke? I don't get it.

        If intended to be insulting: In addition to those who may be under some sort of "nanny filter" adults often also do homework. Though some don't bother and instead attempt to make themselves look more intelligent by implying that improving yourself through study is somehow childish.

        If not intended to be insulting: That was lame.
    • I have moral issues with doing homework on a Friday night.

      You should too.

  • All this encryption ... (Score:4, Insightful)

    by Xenographic ( 557057 ) on Friday October 04, 2002 @08:45PM (#4391519) Journal
    ... still won't help if you tell people who you are.

    Your nick + the personal information you give out, even inadvertently, is more than enough to let people figure out who you are. You can build rather complete profiles of most people, even the security concious, from nothing but public information. I should know...

    • Re:All this encryption ... (Score:3, Insightful)

      by Anonymous Coward
      Very true. The very best way to protect your anonymity is to have several 'standard' alternate identities (e.g. *give* them personal information; several different sets thereof & reuse some of them more than once so they can't find the real information for all of the gibberish...)

      It's probable that no one cares who you are, but if they do, well...
    • `` ... still won't help if you tell people who you are.''
      Yes, it will. The purpose of encryption is not to conceal who you are, but to conceal what you are saying. More correctly, it's goal is to ensure that only the people you send a message to will be able to understand it.
      • The problem is, that with anonymous people, you don't know just who you're talking to.

        Why do you think there's an old 'hacker proverb' of "every third one is a fed"?

        Yes, they do still keep their eyes on the "hacker community"; even those who aren't doing anything illegal. Don't take my word for it; use FOIA to request your files--the addresses & instructions you need to do so can easily be located online.
      • Still doesn't help much when the person you're talking to is the informant ;)
    • Quite true. As sure as my name is George W. Bush, President of the United States, I contantly worry that my 1337 hacking s7!11z will be be uncovered. Luckily I've got this encryption thingymigig on my laptop that protects my identity.
    • You're right...but that's the psychological/sociological aspect of identity security.

      It sounds like this network at least secures the technological aspects of privacy. If you post messages describing what kind of car you drive, what your house looks like, and where you hang out on Friday nights...well, that's your problem if someone pieces that together.

  • MY NAME IS 06x0 (Score:1, Funny)

    by Anonymous Coward
    I am 06x0 and I challenge you to a duel, 0x90! You see, we are like brothers. If you stand on your head while reading my name, you see your name! However, only one of us can exist. So you must die! There can be only one!

    --- 06x0

  • Clever, 0x90, but I'm changing my name to 0x120... (Score:4, Funny)

    by craigeyb ( 518670 ) on Friday October 04, 2002 @08:46PM (#4391524) Homepage

    ... that way I'll be "too gross."

    This sig is false.

  • DCC and CTCP disabled (Score:5, Insightful)

    by MiDS ( 319746 ) on Friday October 04, 2002 @08:50PM (#4391535)
    Keep in mind that DCC and CTCP are disabled due to anonymity reasons, you can't use the current IIP network for filetransfer.
    But ofcourse you can paste freenet keys and urls.

  • Don't you know who's really using this?!?!?!? (Score:5, Funny)

    by doublem ( 118724 ) on Friday October 04, 2002 @08:51PM (#4391538) Homepage Journal
    <humor>

    Terrorists! All those IRC Crypto people are terrorists!

    All real, patriotic citizens are more than happy to let the government see, read and catalog everything they do.

    All those "Privacy" nuts have something to hide.

    I'll bet this 0x90 is learning to fly a plane while building bombs, writing free encryption programs, laundering money for the mob, selling drugs to toddlers, writing a violent video game, and *gasp* TRADING MP3S while on IRC with his fellow communist baby eaters!

    </humor>

  • Secret channels and practical uses? (Score:5, Insightful)

    by Istealmymusic ( 573079 ) on Friday October 04, 2002 @09:00PM (#4391567) Homepage Journal
    I've been using IIP for the past couple months now, but have yet to see a any interesting useful channels. /list only shows -s (non-secret) channels, I'm sure there has to be something more interesting out there... Anyone have any more information?

    On a related note, on IIP you can /mode #channel +a to make even the nicknames anonymous. Yours still shows up in your own client though, but others will see you as "Anonymous". Pretty useful, but otherwise theres not much activity on IIP. The technology is there, wheres the application?

  • mircryption - strong encryption suite for mIrc (Score:2, Informative)

    by Anonymous Coward
    there are several extant irc encryption tools that work over normal irc servers.

    one nice open source one (only runs on win32 with mIrc irc client):

    http:\\mircryption.sourceforge.net

  • Invisible IRC (Score:5, Funny)

    by blake213 ( 575924 ) <blake@reary.gmail@com> on Friday October 04, 2002 @09:02PM (#4391577) Homepage
    It's great! When the boss comes around the corner, you don't have to minimize the window! Screenshots of Invisible IRC are in the link below.

  • It worked Right away (Score:4, Informative)

    by Buzz_Litebeer ( 539463 ) on Friday October 04, 2002 @09:05PM (#4391584) Journal
    I find it a bit slower on the outset then regular IRC, but completely painless to run. Only a little more time to tell if it crashes because of the ./ effect. They also have a chanserve, nickserve named "Trent" if you are wondering, I havent tried to create a channel yet, but we shall see how it works.

  • very intresting (Score:3, Funny)

    by Anonymous Coward on Friday October 04, 2002 @09:07PM (#4391592)
    i just tried this, its very cool.

    although a bit laggy, and can get confusing on +a channels, where everyone is anonymous, heres an example

    sup?
    ello
    this is working?
    no
    you broke it!
    no ok
    wtf
    who are you?
    im anonymous
    nobody loves me :(
    I love you

    and with everyones host being anon.iip it must be hard to ban people, but its a very intresting idea
    • Why is there a need to ban people? I understand why there should be a function where people can ignore certain users, but I see banning used mostly to stifle those who disagree with ops. It is completely unnecessary and stifles the free flow of discussion.
      • Because some people are assholes. There are those who flood channels (not only with text but nick changes), insist on using profanity after being asked to clean up their language, and otherwise make the "IRC experience" worse for everyone else.

        Making /IGNORE the only interface for controlling these people puts the burden on each individual user (and in a busy channel that can be many, many people) to eliminate these impediments to conversation. Responsible chanops stop this from happening.

        One might as easily ask why Usenet needs moderated groups when killfiles exist -- and if you need to question the existance of those, I daresay you've not used usenet much.

  • Nickserv / Chanserv clone called Trent (Score:3, Informative)

    by MiDS ( 319746 ) on Friday October 04, 2002 @09:12PM (#4391605)
    We have a nickserv/chanserv clone called Trent

    For help: /squery trent help
    To register your nick: /squery trent nickreg password
    To identify: /squery trent identify password

    See also the IIP manual [invisiblenet.net]

  • Is this such a good thing? (Score:1, Interesting)

    by uq1 ( 59540 )
    /me prepares for flamebait ratings.

    Is this really such a good idea, keeping in mind the terrorist attacks last year? Bare with me, I do have a point.

    I'm one for privacy and also for secure ways of doing things on the internet, BUT, and its a BIG BUT, think of the other uses this could have, especially for terrorists. This sort of thing could give more fuel to the fire for governments to try to crack down on the internet and create more of a big brother state where they are able to monitor everything and encryprion is outlawed.

    On the other hand, think about the earlier post today from Chris Tresco, where he says that encryption is only as strong as your weakest link. What if one of the machines along the way was compromised? Could it be used to monitor data and then be analysed to connect the dots so to speak?

    None-the-less, I think it's an interesting project and wish them the best of luck.

    • Re:Is this such a good thing? (Score:5, Interesting)

      by jdclucidly ( 520630 ) on Friday October 04, 2002 @09:21PM (#4391631) Homepage
      I worked on the project for some time so I have some accedotal evidence to support IIP.

      Some time ago, a very generous individual set up a #scientology channel for people who needed to find refuge from the cult and to critque it in a public forum. (Think censorship of xenu.net).

      Other times it's been an excelent forum for discussion of topics such as this ... or a place for critque of the American government's actions post 9/11. I don't know about you, but if I were an American and I sympathized with the Middle-East view of the western world, due to the Patriot Act, speaking my mind in a public forum where I can be traced is the last thing I would want to do.
    • [i]Bare with me, I do have a point.[/i]

      I'm most certainly not going to bare anything! And you shouldn't either!

      But anyhoo...
      [i]
      think of the other uses this could have, especially for terrorists. This sort of thing could give more fuel to the fire for governments to try to crack down on the internet and create more of a big brother state where they are able to monitor everything and encryprion is outlawed.
      [/i]
      Terrorists, by being terrorists don't have to give up their freedom of speech. If governments want to monitor terrorist activity by randomly sifting through internet traffic... it's the goverments that are infringing upon your rights - On the other hand... if they are targetting a particular individual, and trying to access his information, they can prolly do it just as easily using a key logger or something like that... I daresay that these terrorists haven't been using Windows Update on their registered copy of Windows 2000. Also, the government could use M$ to work with them in adding confidential security holes in all copies of Windows YP so that they can get easy access to the system if needed.

      blah! I'm drunk anyhow.. so I hope that all that made some sorta coherent sense - Also, I'm sick of 90% of internet traffic having to go through the bleedin US (no offense) ....
      DECENTRALIZATION!!!!!!!!!!!!! should be the highest priority!!!!!!!!!!!!!

      Hats off to IIP...
      -SirDude
      Hats back on now...

  • Scalability? Resistance to Attacks? (Score:3, Interesting)

    by billstewart ( 78916 ) on Friday October 04, 2002 @09:18PM (#4391623) Journal
    How scalable is this system? The Codecon transcripts said you were just starting to work on the project at the time, and hadn't done much with it - but it's often hard to change scalability much past the beginning of a project. Unfortunately, the documentation on the web page is still pretty much bottom-up, not top-down, and having just heard about this today I haven't downloaded and played with it yet. Does every message on every channel go to every relay, or do relays only carry all channel creation announcements and then only carry user messages if they're on a path to somebody who wants to receive the channel? Are you doing flooding, or some kind of spanning tree, or some other way to minimize or maximize various traffic measures? If somebody's sending a big file, does it only go to one recipient, or are you multicasting it to a group, and does a recipient need to have acknowledged willingness to accept a file before you transfer it to him/her, or does it just go scream&leap its way across the network?

    Resistance to Deliberate Attacks is often strongly related to scalability. Sure, there are other ways to attack systems - find bugs in the code, or do social engineering attacks like posting Scientology documents and Metallica songs and ratting out any identifiable network operators. But attacks on the network's scalability can be really hard to fix, because they abuse things the system _is_ supposed to do rather than things it isn't. Have you looked at what parts of the network are easy to overload with data volume or small-message quantity or CPU-burning public-key crypto calculations or other critical resources?

    .

    .

    Oh, also, Invisibility is Cool, huh huh, huh huh, Invisible, yeah cool.

  • There are some chat networks which obfuscate IP addresses on command like Slashnet and Sorcery.Net but this is a better solution. After having suffered an attack while in channel on a notorious "open" IRC network, one which displays naked IP addresses, IRC has suddenly gotten less fun. This might put the fun back into it.
  • Doesn't Trillian do secure chat?

    Through the AOLIM protocol... I take it this is much more secure though?

    • Re:Trillian (Score:2, Informative)

      by Anonymous Coward
      Trillian is not secure at all, the SecureIM feature is a joke.

      It's susceptable to man in the middle, and many other problems.
      • Can you elaborate or point to some more information? I use that feature (though I'm not exactly exchanging nuclear secrets with Bin Laden, it would be nice to know how secure it's not).
        • it's 128 bit blowfish with Diffie Hellman key negotiation. Diffie Hellman by itself can be MITM'd (man in the middle'd).

          Now, the MITM threat can be managed by a couple means. There is a superset of DH that uses signed keys to avoid MITM. You can also secure the network between the 2 communicating parties.

          SecureIM does not use the more secure superset of DH, so it can be MITM'd. The networks that trillian supports secureIM over are AOL and ICQ (both owned by AOL). This means that the US government could compel AOL to automate MITM attacks against secureIM. I wouldn't doubt if this was built into dcs1000/carnivore, echelon and other similar schemes.
          • Thank you! A successful MITM could
            be perpetrated by anyone in a position to substitute
            the components of the shared key: AOL, or the ISP at
            either end (including the carnivore box at the ISP).


            And, while I'm no number theorist (or a mathematician,
            for that matter), I don't see any way that either end
            could verify the shared key was generated by his/her
            secret parameter without knowing the other's secret
            parameter, which would be as bad as sending a symmetric
            key in the clear, it appears. This document [rsasecurity.com]
            for illustrates the attack you described.

            So what the world needs
            is a chat program that will still use AOL/ICQ as
            a transport, be easy to use, and support the use
            of gpg keys out of the box, it seems.

  • M: Agent 007, you've got stop 0x90!
    007: Er, what's his name, Q?
    M: 0x90, the man is involved in all kinds of cracker activity
    007: Um yes, just working on the pronunciation...

  • distributed irc? (Score:5, Insightful)

    by ergonal ( 609484 ) on Friday October 04, 2002 @09:46PM (#4391712)
    IIP claims to be peer distributed, but does that mean there's no primary target for packet kiddies to inflict their hundreds of megabits of anger upon? If so, this indeed would be an ideal solution to the massive DDoS problems facing the big IRC networks lately (DALnet in particular).

    I think the primary focus of IRC development at the moment should be on inventing methods to stop the packet kiddies, otherwise IRC's lifetime looks pretty bleak. Maybe distributed IRCing is the way to go?

    • From 0x90 himself: (Score:4, Insightful)

      by Istealmymusic ( 573079 ) on Friday October 04, 2002 @10:03PM (#4391766) Homepage Journal
      <ArdVark> so what happened?
      <ArdVark> where did all the /. people go?
      *** crappy has joined #anonymous
      <echelon> <nop> not really I turned off the server
      <echelon> <nop> there is still semi centralization
      *** hobbs has joined #anonymous
      <echelon> netsplit ;)
      *** iip has joined #anonymous
      *** anonymoose has joined #anonymous
      <ArdVark> netsplit? no
      *** echelon sets mode: -o Aprogas
      *** echelon sets mode: -o Chocolate
  • That's all I want to say.

    oh and

    Bravo

  • Reading the docs briefly tells that this works by connecting through "proxies" before the actual servers. The proxies will provide the anonymity because they don't know what the transferred data is and servers don't know what the client's IP is, only the proxy's.

    I guess this is fine as long as anonymity is all you want, but I don't see this getting mass attention. It's just yet another IRC network. Don't know about you but I'm sick of having different IRC networks, it'd be so much easier to just connect to "IRC" and be able to talk to everyone. Allowing everyone to run servers which all could talk to each others would effectively do this, just like SMTP protocol with emails. There's a few projects that have been meaning to do this, but none of them is anywhere close to a working implementation AFAIK.

    Some links: irc+ [irssi.org], irc++ [holoweb.net]. Also jabber does pretty much the same, but it seems much more about instant messaging than containing all IRC's functionality.

  • Forgive me if I'm wrong, but isnt displaying an ad for shopIP [shopip.com] on their SourceForge hosted site in violation of the SourceForge user agreement?

    I don't advertise for anything on my own sf project page just because I read that you're not supposed to profit from your SF web space....

  • CS-IIP protocol (Score:3, Insightful)

    by apankrat ( 314147 ) on Friday October 04, 2002 @11:50PM (#4392107) Homepage
    IIP 'security protocol' seems to be pretty amamteurish piece of design. I might be excessively picky, but here are some points anyway:

    * Excessive use of pubkey cryptography (two DH exchanges ? How about regular Master/Derived key approach ?)

    * Home-brewed replay protection (see SSL/ESP for design ideas). In particular, having no explicit sequence ID in the packet may potentially allow for the replay or packet reuse.

    * No packet hashing to allow discarding malformed packets without decryption (see SSL/ESP for design ideas).

    * Unproven key rotation algorithm, which seems more of 'obscurity through security' thing than anything else.

    * No sign of declared on the main page Perfect Forward Secrecy (PFS) in the published specs.

    * Complete intolerance to minimal payload twitches (bitflips), ie heavy inter-packet dependency.

    The bottom line is the protocol is very rare and can use a lot of much needed peer review.

    The fine print is WHAT IS WRONG WITH SSL ?! SSL already has all the goodies (replay, rekey, authentication, etc) and it's stable and proven. It's not like IIP-CS allows to work over unreliable media or something, it's still layered over sessioned, reliable transport (TCP) ... So why to reinvent the wheel ?

    • A few more reasons this is not secure (Score:4, Insightful)

      by Jim McCoy ( 3961 ) on Saturday October 05, 2002 @01:30AM (#4392307) Homepage
      The creators of IIP seem to have fallen for the seductive "if we keep adding cool things we read about in Applied Crypto it will magically become anonymous/secure" fallacy. There has been a lot of good research and test implementations done on real anonymous networking over the past few years, unfortunately the creators of IIP seem to have been unaware of all of it. I will not waste too much time ripping on this because it is a noble (albeit doomed) effort.


      One example of why this system does not offer the level of anonymity/security it is claiming is the mistaken belief that adding random "cover traffic" prevents traffic analysis. For some reason amateurs seem to think that if you add a few random bits of message traffic and delay a few messages between nodes then this "noise" will make observation and message correlation harder for an attacker. This is incorrect. The simple example that should help the /. crowd understand this is that an attacker can simply view the entire internal network as a black box and do statistical analysis on the inputs and outputs of this black box. There is only one way to prevent this sort of statistical analysis -- fixed bandwidth (or at least constant traffic) pipes. For a recent paper on this subject check out this paper [bbn.com] that describes some of the techniques.


      There are several lists out there populated by people who actually know what they are doing when it comes to this stuff and simply lack the time/initiative to code up what they know. If the creators of IIP had simply asked a few pertinent questions they would have learned a lot and saved themselves a lot of frustration given that most of this will have to be completely re-coded if it is actually going to live up to the claims being made by this project.

      • Re:A few more reasons this is not secure -by 0x90 (Score:1, Interesting)

        by Anonymous Coward
        We have an option implemented called the steady protocol, this is a constant bandwidth mode, and is easily done by replacing the spurt in your node.ref to steady when acting as a relay. We are very familiar with this method, and are working similarly to a DC-Net in the future. Also, the study of onion-routing, and other methods are in consideration. This is a bold project admittedly, and any help is furthur welcome.

        Thanx.
        0x90

        • Re:A few more reasons this is secure - 0x90 (Score:1, Interesting)

          by Anonymous Coward
          Also, given world wide distribution of nodes, the high improbability of being able to gather and analyze that data (encrypted as such) as well, is rare, so as the network gets bigger, there is a lot of data to analyze, and this is highly unlikely to be able to trivially track.

          0x90

          • Re:A few more reasons this is secure - 0x90 (Score:4, Insightful)

            by Jim McCoy ( 3961 ) on Saturday October 05, 2002 @03:54AM (#4392533) Homepage
            Not true. Take a quick scan of recent work by Albert-Laslo Berabasi et al. regarding the structure of the internet (there was a recent paper in the Proceedings of the NAS and he published a book on this titled Linked [amazon.com] that every slashdot reader should check out) which shows that there are a few key nodes which handle a bulk of the traffic. You have to stop thinking about this network as if it was a random network. There will be well-known, stable nodes that will become preferred nodes and relays within the network -- an attacker will start by watching these nodes. If that is not enough the attacker will watch the major routers and relay points within the net using these well-known nodes as the hook to find additional nodes. It does not matter how widespread your nodes are for these sorts of attacks; in fact, wide geographic distribution of the nodes makes the traffic analysts job easier because this will force more of the packets through major interconnects (and into view of the observer) instead of keeping them localized.


            It does not matter that the traffic is encrypted in this case. An attacker is not necessarily interested in getting the contents of the messages, they will start off wanting to know who is talking to who. For this it is not necessary to break the encryption, you treat the whole network as a black box and apply some signal processing tricks to get the conversation flows. [Sorry if all of this sounds negative, but you have decided to tackle a very hard problem that lots of very smart people have been thinking and tinkering on for more than a decade...]

            • Re:A few more reasons this is secure - 0x90 (Score:1, Interesting)

              by Anonymous Coward
              Your thoughts on Quantized Blocks of Messages, where they are timed message inputs and are displayed all at once on a channel? Would this be a good method to avoid time delay attacks. Also can you give me your email address. just get our email at the iip site.

              THnx.
              0x90
            • Call this a dumb question but...

              How the heck are you going to watch the big routers? Don't you need access to them?

        • For starters a DC-net is not what you want here because of the communications overhead it creates (the latency would kill you unless you made your DC-net rings rather small, which would introduce other problems...) Additionally, while a DC-net seems trivial because Chaum did such a good job at describing the basics of how it works, in practice it is very, very difficult to create a DC-net which resists internal attacks. DC-nets have the wonderful property of ensuring sender and recipient anonymity but this same property makes it hard to prevent jamming attacks and node collusion. The protocols which were built on top of DC-nets to prevent these problems turn a system which seems trivial to code in the simple example Chaum gives into something that is a PITA to actually get done right. If you really want to do a DC-net I would suggest you dig up a ref to an old cypherpunks posting I sent out way back when regarding applying reputation metrics as a mechanism for controlling these attacks within DC-nets.

          The onion routing work suffers from the same problem IIP does, it does not enforce constant bandwidth connections so it is not difficult to discover routes based upon statistical analysis. If you want a model to examine, I suggest you check out Wei Dai's pipenet for a general model and be sure to look at the work Roger Dingledine and others have been doing with MIX-cascades.

      • Re:A few more reasons this is not secure (Score:1, Insightful)

        by Anonymous Coward
        Which lists?

        • Re:A few more reasons this is not secure (Score:4, Informative)

          by Jim McCoy ( 3961 ) on Saturday October 05, 2002 @04:05AM (#4392552) Homepage
          You should be subscribed to coderpunks (coderpunks@toad.com) to get access to a large group of top-notch crypto people. The next list that is a necessity is the nym-ip list (nymip-res-group@nymip.org), which discusses anonymity networks. You should also be checking out proceedings of the Information Hiding workshops, Privacy Enhancing Technologies workshops, and hunt down the other research work by presenters at these conferences.
      • One example of why this system does not offer the level of anonymity/security it is claiming is the mistaken belief that adding random "cover traffic" prevents traffic analysis. For some reason amateurs seem to think that if you add a few random bits of message traffic and delay a few messages between nodes then this "noise" will make observation and message correlation harder for an attacker.

        It is true that adding random noise into the channel won't completely thwart traffic analysis. However, I think you're considering this from the point of view that the goal is to keep the node associations from the attacker (a talked to b, b talked to c, c shows up in manila with a submarine full of gold) or that the intent is to provide anonymity to the users.

        I don't think this is the case. IIP rotates keys between nodes every 52 blocks using Diffie Hellman. You are correct that an attacker can exist within the iip network and use the messages in the channel to do the traffic analysis. Diffie Hellman can be MITM'd, so it is smart to make it difficult to predict when the negotiation takes place. If the amount of blocks that traverse between the hosts can not be guessed by hanging out in the chat and counting how many times they exchange info, you make it more difficult to attack the key negotiation.

        Furthermore, from the security in depth department, the data is encrypted for point to point communication, so even if the key exchange at the node level is MITM'd, they still only get cyphertext.

        The creators also recognize that the anonymity isn't perfect. Until they can get that working, they've set it up so people have plausible deniability. A malicious node can find the IP's it's connected to, but it never knows if those are end users or another node in the network. So even though you've been identified, you can still deny that you are actually you.

        I understand and agree with you about how chaffing data does not provide anonymity or good steganography for the communications. However, I don't think that is why it's used in IIP. It's used to make Diffie Hellman exchanges a moving target. Anonymity, stego and plausible deniability are provided by other means.

  • Linux RPMs of the tool can be found at http://www.stearns.org/iip/ [stearns.org]. Also, there's a public server at wstearns.stearns.org:6667
  • It's great that Slashdot has been reduced to stealing their copy from Kuro5hin, word for word [kuro5hin.org].
  • There are 2 schemes that I've seen for chat crypto. One involves using diffie hellman to negotiate keys between strangers automatically. this is convenient because key negotiation is automatic, and all a user has to do is click a checkbox to get it to work. trillian does this to negotiate blowfish keys. Problem is that it can be MITM'd. The other method I've seen is to use GPG or another openPGP implementation. This can be more secure, as a user can use more secure means of key exchange (burn onto cdrom and hand to your friend) but can be a real pain for people to set up and has all the other quirks of gpg. Fire uses that one.

    What IIP does is meld these two schemes in a chocolate-peanut butter kind of arrangement. Inter network node communication uses the first method, but then it layers on the end to end properties of the second (albeit with a second DH exchange).

    It also mitigates the client issue. Right now, mac and windows users can't exchange secure IM's because trillian uses one scheme and fire uses the other. IIP bridges this gap for everybody by simply proxying IRC.

    So yes, IIP is a hack and you may regard it with a bit of scrutiny. However, you should step back and see how this protocol is similar/different than others in the context of its goals. I think they've done a good job using peer reviewed cryptosystem components when they were available to fit requirements and incorporated some of the better aspects of cryptographic solutions that are around to solve similar problems.

  • There are three possibilities: Pioneer's solar panel has turned away from
    the sun; there's a large meteor blocking transmission; someone loaded Star
    Trek 3.2 into our video processor.

    - this post brought to you by the Automated Last Post Generator...

Slashdot Top Deals

Things are not as simple as they seems at first. - Edward Thorp

Close