Bote-ratcheting

Aus i2pwiki.mk16.de
Zur Navigation springen Zur Suche springen

Description[Bearbeiten]

Bote distributes messages in a DHT (distributed hash table), indexed by the recipient's public key. Since this key doesn't change, and the peer's ID's don't change (otherwise they would be storing data far from their key after a restart, and the recipient wouldn't know to request it from them), messages to a single recipient will tend to be stored on the same fewest nodes. An attacker who could move to a location in the keyspace (trivial to do, see the work on hardening the netDB) could make deductions about a certain user - how often they're contacted, when (to a certain extent), and how often they check their mail.

The public key (address) is public, like an email address. You may want to keep it fairly private, to avoid unsolicited mail, but it doesn't need to be kept a secret by any means. Lots of users will publish their address on their homepage, in social networking profiles, etc. This means that it's easy to correlate psuedonyms with addresses, and so start to discover additional information about the user.

Using the default settings of not sending through relays, the few peers nearest to the recipient's key will be contacted whenever a message is sent. The recipient will check every half hour when they're online. This means they can work out, to some extent, when the user's correspondents and the user are online. Using a non-default check interval makes the recipient stand out, for little gain. The attacker can correlate uptimes with half hour resolution, based on first seen check and last seen check in any given time.

The attacker could start making more aggressive movements against the user - if they control the area of keyspace around them, they can silently drop the mails without anyone knowing - messages are sometimes lost naturally due to the churn of the network. Either the same, or a diferent attacker could also spam the address, resulting in fewer legitimate messages fully getting through, and increased computation and network usage for the recipient. This makes it more difficult for them to recieve messages from other users, and may slow down their i2p and/or bote so as to make it unusable.

I propose users increase their resistance to these attacks using a method of multiple identities, to make it impossible to discover their true address.

The user has a primary address, possibly a vanity address. This is the one that they publically share, post in forums, etc. When someone wants to contact the user, they send a message to this address. The user creates a new address (a virtually free operation), and replies from the primary address with the newly created address. In this way, it's signed by the primary address to confirm its authenticity. The actual reply to the message may be sent from either (or both) addresses. Now whenever the second user wants to send a message to the first, they use their own, private address for the user. This won't be known to anyone else, so no-one will be able to correlate the address with the username and analyse or attack it. If the correspondent does tell anyone else their private contact address for the user, then it's their own ability to send messages that they're violating.

This means that sent messages will be more evenly distributed around the keyspace, increasing the reliability for everyone.

Alternatively, or in addition, users can generate new keys for themselves regularly. This can be as often as every message or two (in the case of having one person know that key) or every month or several months. They should then use this address, retiring the old one but keeping it in case of any delayed messages coming through. The first is probably simpler and more secure to do.