|Subject:||Re: [GNUnet-developers] Camouflage|
|Date:||Thu, 29 Nov 2012 20:19:44 +0100|
Another problem I see is: if you are using K as a seed to generate a consistent set A, it could be possible to just collect a large set of HELLOs "B" and see if any Ki in B generates a large subset of B. Then the Ki must be real and all the generated HELLOs, fake, and you are busted.
On 29 November 2012 19:53, Christian Grothoff <address@hidden> wrote:
On 24 November 2012 13:56, LRN <address@hidden<mailto:address@hidden>> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
This is the idea that i've been thinking on.
It should be possible for GNUnet node operator to hide the fact that
his machine runs a GNUnet node.
Ways to achieve this:
1) Fake HELLO messages.
AFAIU, right now anyone can collect HELLO messages (by running a node,
or by querying a hostlist server), and then claim (with certain degree
of sureness) that GNUnet nodes run on all addresses listed in these
messages. Companies that track torrent users do this for BitTorrent.
They may then proceed to actually connect to listed addresses to
verify them, but that is quite another story.
The solution is to spread fake HELLOs with fake public keys and fake
A node should use its private key (key K) as a seed to generate a set
fake of addresses (set A). Then use K and A themselves to generate
fake public key (key F) for each A, thus getting a complete HELLO
message. The use of K as a seed ensures that the node will keep lying
about the same set of addresses (how large that set should be is an
open question) with the same keys, making the fakes more believable
(observer might think that these are real nodes, maintaining their
real HELLOs over time; failure to validate any of them might be blamed
on firewalls, etc).
Address sets will intersect (A1 and A2 generated from K1 and K2 may
share some elements), obviously, although that might not be true for
I expect that address generator will apply some rules to generate
believable addresses (i.e. don't generate invalid IP addresses, like
As an extra, a node could validate generated addresses and do
non-agressive portscanning (or something similar - we're not speaking
only of tcp) on them, to be able to add ports (or other parts of the
address) that look believable to observers.
AFAIU, right now nodes won't gossip about fake HELLOs (i.e. a node
will never tell another node about a HELLO it got, unless it validated
that HELLO). That might need to be changed to allow nodes to choose a
random subset of invalid HELLOs and gossip about them as well.
Otherwise only the node that generated them will be able to spread them.
Not sure about hostlists.
Extra yummy feature - add user-configurable fake templates, which
could have addresses only, or addresses and private keys. GNUnet node
will use templates from time to time (configurable) instead of
generated addresses, and will generate missing template elements.
It would be neat to be able to tell the world that 18.104.22.168 
runs a GNUnet http_server transport on port 80...
This is also too complex
|[Prev in Thread]||Current Thread||[Next in Thread]|