This wiki is now locked - both user registration and edits (except by admins) are disabled. We're currently migrating all the content to our new wiki. If you have time, please register and help us out!

You can still view the source code of every page. Once a page has been copied over to the new wiki, please add a link to it to MigratedPages (the only page which is still editable), to notify the admins to go and blank it.

FreenetWiki : OpennetAttacks

• Categories
• PageIndex
• RecentChanges
• RecentlyCommented
• Login/Register
• Search:
• Your hostname is 38.107.191.86

Attacks on opennet

Opennet is insecure. We have tried to make it as secure as possible, but the basic premise of opennet is inherently less secure than darknet.

First off, you can harvest opennet. This means you can block the entire network at a national firewall, or find all the nodes currently in your jurisdiction and go bust their owners. This alone is enough to make opennet unsuitable for hostile environments.
Countermeasures:
- None! All you can do is live in a country where Freenet isn't illegal / attacked by ISPs.

Another interesting attack is a global key-based search. Basically you assume that routing works (it does most of the time, or Freenet won't scale), and use that to calculate the set of nodes that could have made the request. Slowly you narrow down the possible areas of the network, and connect to nodes closer and closer to your target, until you have found it.
Countermeasures:
- Premix routing or rendezvous tunnels should help a lot.

If you have enough bandwidth you can connect to all nodes at once and watch the traffic between them with near 100% accuracy. However, you would need a lot of bandwidth to do this. What you would do more likely is harvest the network, then connect to a bunch of nodes at a time: you don't need to connect to every node at once.
Countermeasures:
- Any ideas?

The above of course relies on the fact that you can do correlation attacks on your peers. If premix routing is deployed, you can't. However, it's not clear that premix routing will work well on opennet. On a darknet, connections represent (possibly marginal) external trust. Sybil is difficult: it is unlikely that you have many connections to the same person but believe them to be different people. It is of course possible but it's hard. Getting connections to you, to your friends etc is difficult even if you don't try to Sybil. So we can use the local connections to work out the set of further out nodes which are likely not to be run by the same attacker, hence hopefully only collusion between your friends will break premix routing. However on an opennet, there is no trust at all in a connection, except that in one direction a request was successful (and for longer lived peers, in both directions). Sybil is almost trivial: an attacker can get connections to you, and to your neighbours, without too much difficulty. So we would have to use a global premix scheme. The problem with this is that global peer selection is likely to also be vulnerable to Sybil, and make harvesting much easier... Other networks e.g. Tor, I2P use global premix routing, so something should be possible, with limited security guarantees (usually with a single global node list). Premix routing on opennet, in conclusion, is an unsolved problem.

Another form of Sybil attacks (pretending to be a large number of separate nodes when you're really only one node), is routing table takeover. You connect to an opennet node, and send a series of requests for content which you know to be in that node's datastore. When the request succeeds, you can path fold with that node using an alternate identity. If the path folding request comes from a different node than the one you want to connect to, you simply don't connect to it. If the node is NATed then it won't even cost you any bandwidth. If it isn't NATed you can send it a bogus IP address and then connect directly if it's the node you're after - but fortunately for the network you don't know whether it is or not in advance.

Given the current connection heuristics, the node will only dump a connected node every 10 successful requests, so as you grab more and more connections, you will have to make some requests which the node can't locally answer. Because your requests are almost always successful, you will do more path folding with the node than the other nodes trying to connect to it, whose requests are mostly unsuccessful, so you will eventually be able to take over all of its connections.
Countermeasures:
- The rate at which path folding occurs with other nodes must be greater than the rate at which path folding occurs with the attacker. Increasing the chance of a request from another node succeeding will help (but how to do this????), as will increasing the number of other peers.
- Allowing nodes to reconnect after downtime *might* help to get out of such situations, but only if they can displace connected nodes - which is probably a bad idea.

Other attacks may be easier, for example, DoSing the network through a large number of requests - if you can get connections easily (by announcement, by reconnecting to nodes you've been dropped from, and by path folding from your other nodes), you can exploit any initial trust which the load limiting algorithm gives you as a new connection.
Countermeasures:
- Don't give new connections much initial trust.

Most of the above attacks can be solved by changes in the rest of the node. However the basic vulnerability of harvesting cannot be solved, because by definition opennet is open.

See also

FreenetZeroPointSevenSecurity
Actual Attacks
Darknet Attacks
Cancer Nodes

• [Source]
• [History]
• 2009-12-19 18:06:40
• Owner: MatthewToseland

Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki