lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAJVRA1T-jU4Y3MDH7PWcxnJUKqCcLifrFSdUJEEecPYGe7YTvQ@mail.gmail.com>
Date: Thu, 4 Jul 2013 11:48:09 -0700
From: coderman <coderman@...il.com>
To: Georgi Guninski <guninski@...inski.com>, 
 "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: cypherpunks celebrate the fourth writing code ...
	; )

"Re: [Full-disclosure] tor vulnerabilities?"
On Wed, Jul 3, 2013 at 11:04 AM, coderman <coderman@...il.com> wrote:
> ...
> next generation low latency anonymity networks are a fun area of
> research and suited to interesting attacks. you could help build and
> break them when you're sufficiently sated with vague criticisms...


today's homework: build a low latency, datagram capable, traffic
analysis resistant anonymity network!


bring your books to class, [0]

start by implementing the transport stacks, then continue to
measurement, path selection, directory/control consensus and
distribution and remaining aspects.

apply SCTP for congestion control of transparent proxy traffic. local
classification of traffic allocates by protocol / use fairness
instead of aggregate tcp fairness. like bittorrent or aria2 parallel
traffic treated as distinct low priority unit of traffic, deferring to
higher priority low latency web traffic and messaging.

multi-homing / multi-path endpoints in SCTP would maintain concurrent
connection with distinct endpoints, avoiding predecessor, timing,
denial of service attacks present in reliable, ordered, single stream
transports.

edges would be screwed by correlation, unless they were full fledged
participants consistently. using a UDP based transport with LEDBAT or
other technique to keep broadband upstream unsaturated and unclogged
(no deep queues), allowing all broadband endpoints the ability to
contribute to a large shared network.
 [Bonus points: specify practical application level privacy preserving
proxy system for common web protocols to support "exit node" support
for TCP and UDP based protocols.]

ORCHID IPv6 addressing with IPsec tunnels is intended to re-use
existing work, including well tested auth+privacy with datagram
padding in IPsec. SCTP+TLS would fit over top of IPv6 ORCHID endpoints
(using IPsec SAs) to transport signalling/keying and encapsulated
client traffic. part of this would also include lowest priority (lossy
reliable) SRMP type delivery of useful, less immediate information to
nodes. to some extent the ORCHID addresses could be thought of as
hidden service names and also circuit endpoints for a given IPsec
tunnel.  apply petnames or gnunet shared nicknames for mapping to
human meaningful identifiers.

this set of:
a. critical signalling and keying traffic
b. high priority, interactive web traffic and messaging
c. lower priority bulk traffic, downloads, streaming media
d. best effort, latent bulk caching and exchange

are the classful shaping groups ordered inside of opaque SFQ outbound
queues at various improved/concurrent stratified dependent link
padding paths of IPsec telescopes carrying intermediate
hop(signalling) and bearer traffic.

combining better prioritization of traffic and consistent consumption
of traffic (deferring low priority packets and using opportunistic
caching strategies for network information respectively) obtains the
best performance out of the SFQ DLP paths with the lowest latency for
priority traffic.

---

0. thing you'll want to read for this project:

"Anonymity Bibliography | Selected Papers in Anonymity"
http://freehaven.net/anonbib/
 or by topic http://freehaven.net/anonbib/topic.html

LEDBAT edge management
http://tools.ietf.org/html/draft-ietf-ledbat-congestion-09

SCTP
http://tools.ietf.org/html/rfc4960

IPsec telescopes
http://tools.ietf.org/html/rfc4843

multicast gradients (reliable multi-cast)
http://disi.unitn.it/locigno/preprints/TR-DISI-08-041.pdf

ORCHID overlay addresing
http://tools.ietf.org/html/rfc4410

stochastic fair queuing
http://www2.rdrop.com/~paulmck/scalability/paper/sfq.2002.06.04.pdf

Kernel and stacks in userspace (BSD Anykernel and Rump kernels)
http://www.netbsd.org/docs/rump/index.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ