[117983] in Cypherpunks
Freedom Network commentary
daemon@ATHENA.MIT.EDU (Secret Squirrel)
Fri Sep 17 02:19:58 1999
Date: 17 Sep 1999 05:54:46 -0000
From: Secret Squirrel <secret_squirrel@nym.alias.net>
Message-ID: <085bc6b0f30b72785d54a9ee73b699ed@anonymous>
To: cypherpunks@toad.com
Reply-To: Secret Squirrel <secret_squirrel@nym.alias.net>
This is a quick and dirty analysis of the freedom network architecture.
Quick and Dirty because of incomplete information and wide assumptions.
However, it would pay to see a dialog on this list if any of us plan on
using this tool. I did a search and did not see any previous discussion
of this topic. If there was and I overlooked it, please direct me to the
correct week in the hyperarchives.
assumptions of unclear parts of white paper:
1. Any AIP on the last hop can act as a wormhole.
2. packets are in clear text while they are on an AIP being prepared
for the next hop; they are in cypher over the wire only.
3. the create command is in the clear from the client to the first AIP
when creating a route
4. NSA controls all trans-oceanic interchanges (e.g. mae-west) and
possibly other strategically important network choke points.
Assumption based on recent echelon scandal.
5. When padding, padding is added to fill packets to the maximum size
of 6 hops, otherwise it would be possible to tell how many hops the
client wished to use.
possible forms of attack:
1. Hostile AIPs- A hostile AIP could be introduced to the network
either as a volunteer or as an existing AIP that gets compromised.
2. Forced routes-
a. One way to force a route is to interrupt freedom net
communications. The latency feature states whether an AIP is
available. If the connection travels over an ATM connection,
retransmit on packets can be modified. Then the internal latency
variable will not match and the connection will break. AIP servers
could be subjected to a simple DoS attack.
b. The severs dont need to be attacked directly. Routers are
vulnerable. Any router still using RIP can be hacked. A new route can
be inserted that will cut links between AIPs or force a particular
route. If the AIP cloud is widely distrubuted,
traffic will be flowing over NSA compromised choke points eventually.
3. traffic analysis-
a. three types of packets: start, middle, end. The start packet is distguishable
by the CREATE command.The middle packets are ciphered.
the end packets are in the clear. A compramise of any AIP will make the
last hop. next hop and final destination knowen. Furthermore, the paper
implies that the client chooses the route. This would mean that a
compramised router not only make the next, last, and final
hop known but all hops after that one (and if the implementation was
really brain dead all the hops prior). because the protocol keeps an Anonymous
Connection ID (ACID) there would be a way to trace packets belonging to a
certain connection. unless these ID's are unique to each hop.
Combining all these:
This attack is designed to minimize the amount of necessary hostile
resources for total compromise of the freedom network. Force a
predictable pattern to the randomness of the AIP cloud. IF the cloud
as a circle, we have coincentric circles alternating between safe and
hostile AIPs with hostile as the center and friendly as the outer
ring. With 6 hops maximum, we need only 2 layers of hostile AIPs, for
33% compromise. The circle gets "denser" toward the center, in 3space,
like a funnel (black hole). The routes are designed in such a way that
the traffic is forced to travel through the core of the circle, the
compromised AIPs. Because of the alternation, each hostile AIP can see
the source and the destination for the clients route because the
packets are in clear text while the decrypt/encrypt happens on the
hop. (interpret the white paper to say that cypher is only on the
wire). with the ability to force a route and an ACID it would be possible to
trace back a session in real time. plus the software defaults
to choosing a first hop topologically close (making it easier to force a first hop).
forcing a first hop means that the system provides no anonymity.
Q+23
