|Main Index Search Register Login Who's Online FAQ Links|
|1 Online, 0 Active||You are not logged in|
|The Server Room|
|All 2 posts||Subject: A Comparison of Anonymous Networks||Please login to post||Down|
|A Comparison of Anonymous Networks|
Network Comparisons (http://www.i2p.net/how_networkcomparisons)
There are a great many other applications and projects working on anonymous communication and I2P has been inspired by much of their efforts. This is not a comprehensive list of anonymity resources - both freehaven's Anonymity Bibliography http://freehaven.net/anonbib/topic.html and GNUnet's related projects http://www.ovmj.org/GNUnet/links.php3 serve that purpose well. That said, a few systems stand out for further comparison:
* Morphmix and Tarzan * TOR / Onion Routing * Mixminion / Mixmaster * Freenet * JAP * MUTE / AntsP2P
Morphmix and Tarzan
Morphmix (http://www.tik.ee.ethz.ch/~morphmix/) Tarzan (http://www.pdos.lcs.mit.edu/tarzan/)
Morphmix and Tarzan are both fully distributed, peer to peer networks of anonymizing proxies, allowing people to tunnel out through the low latency mix network. Morphmix includes some very interesting collusion detection algorithms and Sybil defenses, while Tarzan makes use of the scarcity of IP addresses to accomplishs the same. The two primary differences between these systems and I2P are related to I2P's threat model and their out-proxy design (as opposed to providing both sender and receiver anonymity). There is source code available to both systems, but we are not aware of their use outside of academic environments.
Stealing quite directly from the Tarzan paper, the following includes a quick comparison of Tarzan, Crowds, Onion Routing (OR), and I2P:
TOR / Onion Routing
TOR (http://freehaven.net/tor/) Onion Routing (http://www.onion-router.net/)
TOR and Onion Routing are both anonymizing proxy networks, allowing people to tunnel out through their low latency mix network. The two primary differences between TOR / Onion-Routing and I2P are again related to differences in the threat model and the out-proxy design (though TOR now supports hidden services). In addition, these networks take the directory based approach - providing a centralized point to manage the overall 'view' of the network, as well as gather and report statistics, as opposed to I2P's distributed network database and peer selection.
The following is a more detailed comparison of TOR and I2P, but in it, one of the really cool features of TOR is overlooked - the ability to outproxy onto the normal internet. That feature is a very useful one, and relevant for many situations.
However, the outproxy functionality does have a few substantial weaknesses against certain attackers - once the communication leaves the mixnet, global passive adversaries can more easily mount traffic analysis. In addition, the outproxies have access to the cleartext of the data transferred in both directions, and outproxies are prone to abuse, along with all of the other security issues we've come to know and love with normal internet traffic.
However, most people don't need to worry about those situations, as they are outside their threat model. It is, also, outside I2P's functional scope (if people want to build outproxy functionality on top of an anonymous communication layer, they can). In fact, some I2P users currently take advantage of TOR to outproxy.
Benefits of TOR over I2P
* More efficient w/ memory usage * TOR client nodes have very low bandwidth overhead * Centralized control reduces the complexity at each node and can efficiently address Sybil attacks * A core of high capacity nodes provides higher throughput and lower latency * C, not Java (ewww)
Benefits of I2P over TOR
* Fully distributed and self organizing * Packet switched instead of circuit switched o implicit transparent load balancing of messages across multiple peers, rather than a single path o resiliance vs. failures by running multiple tunnels in parallel, plus rotating tunnels o scale each client's connections at O(1) instead of O(N) (Alice has e.g. 2 inbound tunnels that are used by all of the peers Alice is talking with, rather than a circuit for each) * Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. * Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing) * Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in TOR, which are typically long lived. * I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality. * The bandwidth overhead of being a full peer is low, while in TOR, while client nodes don't require much bandwidth, they don't fully participate in the mixnet. * Java, not C (ewww)
Other benefits of I2P but not yet implemented
* Defense vs. message count analysis by garlic wrapping multiple messages * Defense vs. long term intersection by adding delays at various hops (where the delays are not discernable by other hops) * Various mixing strategies at the tunnel level (e.g. create a tunnel that will handle 500 messages / minute, where the endpoint will inject dummy messages if there are insufficient messages, etc)
Mixminion / Mixmaster Mixminion (http://mixminion.net/) Mixmaster (http://mixmaster.sourceforge.net/)
Mixminion and Mixmaster are networks to support anonymous email against a very powerful adversary. I2P aims to provide an adequate means to meet their threat model as we reach I2P 3.0 along side the needs of low latency users, providing a significantly larger anonymity set. As with TOR and Onion Routing above, both Mixminion and Mixmaster take the directory based approach as well.
Freenet is a fully distributed, peer to peer anonymous publishing network, offering secure ways to store data, as well as some approaches attempting to address the loads of a flash flood. While Freenet is designed as a distributed data store, people have built applications on top of it to do more generic anonymous communication, such as static websites and message boards.
Compared to I2P, Freenet offers some substantial benefits - it is a distributed data store, while I2P is not, allowing people to retrieve the content published by others even when the publisher is no longer online. In addition, it should be able to distribute popular data fairly efficiently. I2P itself does not and will not provide this functionality. On the other hand, there is overlap for users who simply want to communicate with each other anonymously through websites, message boards, file sharing programs, etc. There have also been some developers working on a distributed data store to run on top of I2P, but those are not ready for general use yet.
However, even ignoring any implementations issues, there are some serious concerns about Freenet's algorithms from both a scalability and anonymity perspective, owing largely to Freenet's heuristic driven routing. The interactions of various techniques certainly may successfully deter various attacks, and perhaps some aspects of the routing algorithms will provide the hoped for scalability. Unfortunately, not much analysis of the algorithms involved has resulted in positive results, but there is still hope. At the very least, Freenet does provide substantial anonymity against an attacker who does not have the resources necessary to analyze it further.
JAP (Java Anonymous Proxy) is a network of mix cascades for anonymizing web requests, and as such it has a few centralized nodes (participants in the cascade) that blend and mix requests from clients through the sequence of nodes (the cascade) before proxying out onto the web. The scope, threat model, and security is substantially different from I2P, but for those who don't require significant anonymity but still are not satisfied with an Anonymizer-like service, JAP is worth reviewing. One caution to note is that anyone under the jurisdiction of the German courts may want to take care, as the German Federal Bureau of Criminal Investigation (FBCI) has has successfully mounted an attack on the network. Even though the method of this attack was later found to be illegal in the German courts, the fact that the data was successfully collected is the concern. Courts change their minds based upon circumstance, and this is evidence that if a government body or intelligence agency wanted to, they could gather the data, even if it may be found inadmissible in some courts later)
MUTE / AntsP2P
MUTE (http://mute-net.sourceforge.net/) AntsP2P (http://www.myjavaserver.com/~gwren/home.jsp?page=custom&xmlName=ants)
Both of these systems work through the same basic antnet routing, providing some degree of anonymity based on the threat model of providing plausible deniability against a simple non-colluding adversary. With the antnet routing, they first either do a random walk or a broadcast search to find some peer with the data or identity desired, and then use a feedback algorithm to optimize that found path. This works well for applications that merely want to know what other people around them have to offer - "How are y'all doing" vs. "Hey Alice, how are you" - you basically get a local cluster of nodes that can share files with and maintain some degree of anonymity (though you don't have much control over who is in that group of peers).
However, the algorithm does not scale well at all - if the application wants to speak with a particular peer it ends up doing a broadcast search or random walk (though if they are lucky enough for that to succeed, the antnet routing should optimize that found connection). This means that while these networks can work great at small scales, they are not suitable for large networks where someone wants to get in touch with another specific peer. That does not mean that there is no value in these systems, just that their applicability is limited to situations where their particular issues can be addressed.
Are you, or have you ever been a Liberal? YES / NO
There is no such thing as anonymity, only the cost to your adversary.
As JAP has so well highlighted, centralised systems are easily compromised by the State. This is particularly so in the light of recent legislation enacted 'to fight terrorism'.
De-centralised systems with many nodes crossing multiple legislative regions are a better solution. Referring to the above post, practical current systems are:
1. 'Anonymous' proxying: Tor
2. 'Anonymous' file sharing: Freenet + Frost
3. 'Anonymous' hosting & use of services: i2p
4. 'Anonymous' irc: i2p & also invisiblenet
5. 'Anonymous' mail: i2p
His enemies called for peace, but he brought them death.
Sredni Vashtar the Beautiful.