| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Jul 2013 11:48:09 -0700 From: coderman <coderman@...il.com> To: Georgi Guninski <guninski@...inski.com>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: cypherpunks celebrate the fourth writing code ... ; ) "Re: [Full-disclosure] tor vulnerabilities?" On Wed, Jul 3, 2013 at 11:04 AM, coderman <coderman@...il.com> wrote: > ... > next generation low latency anonymity networks are a fun area of > research and suited to interesting attacks. you could help build and > break them when you're sufficiently sated with vague criticisms... today's homework: build a low latency, datagram capable, traffic analysis resistant anonymity network! bring your books to class, [0] start by implementing the transport stacks, then continue to measurement, path selection, directory/control consensus and distribution and remaining aspects. apply SCTP for congestion control of transparent proxy traffic. local classification of traffic allocates by protocol / use fairness instead of aggregate tcp fairness. like bittorrent or aria2 parallel traffic treated as distinct low priority unit of traffic, deferring to higher priority low latency web traffic and messaging. multi-homing / multi-path endpoints in SCTP would maintain concurrent connection with distinct endpoints, avoiding predecessor, timing, denial of service attacks present in reliable, ordered, single stream transports. edges would be screwed by correlation, unless they were full fledged participants consistently. using a UDP based transport with LEDBAT or other technique to keep broadband upstream unsaturated and unclogged (no deep queues), allowing all broadband endpoints the ability to contribute to a large shared network. [Bonus points: specify practical application level privacy preserving proxy system for common web protocols to support "exit node" support for TCP and UDP based protocols.] ORCHID IPv6 addressing with IPsec tunnels is intended to re-use existing work, including well tested auth+privacy with datagram padding in IPsec. SCTP+TLS would fit over top of IPv6 ORCHID endpoints (using IPsec SAs) to transport signalling/keying and encapsulated client traffic. part of this would also include lowest priority (lossy reliable) SRMP type delivery of useful, less immediate information to nodes. to some extent the ORCHID addresses could be thought of as hidden service names and also circuit endpoints for a given IPsec tunnel. apply petnames or gnunet shared nicknames for mapping to human meaningful identifiers. this set of: a. critical signalling and keying traffic b. high priority, interactive web traffic and messaging c. lower priority bulk traffic, downloads, streaming media d. best effort, latent bulk caching and exchange are the classful shaping groups ordered inside of opaque SFQ outbound queues at various improved/concurrent stratified dependent link padding paths of IPsec telescopes carrying intermediate hop(signalling) and bearer traffic. combining better prioritization of traffic and consistent consumption of traffic (deferring low priority packets and using opportunistic caching strategies for network information respectively) obtains the best performance out of the SFQ DLP paths with the lowest latency for priority traffic. --- 0. thing you'll want to read for this project: "Anonymity Bibliography | Selected Papers in Anonymity" http://freehaven.net/anonbib/ or by topic http://freehaven.net/anonbib/topic.html LEDBAT edge management http://tools.ietf.org/html/draft-ietf-ledbat-congestion-09 SCTP http://tools.ietf.org/html/rfc4960 IPsec telescopes http://tools.ietf.org/html/rfc4843 multicast gradients (reliable multi-cast) http://disi.unitn.it/locigno/preprints/TR-DISI-08-041.pdf ORCHID overlay addresing http://tools.ietf.org/html/rfc4410 stochastic fair queuing http://www2.rdrop.com/~paulmck/scalability/paper/sfq.2002.06.04.pdf Kernel and stacks in userspace (BSD Anykernel and Rump kernels) http://www.netbsd.org/docs/rump/index.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists