signalling level voip privacy & p2p (Re: [p2p-hackers] Is P2P SIP
Poised to Out-Hype Skype?)
Adam Back
adam at cypherspace.org
Tue Aug 23 09:59:43 UTC 2005
In [2] Anton Stiglic, Ulf Moeller and I describe both Wei Dai's
pipenet, and zero-knowledge systems freedom network and how they stand
up to various attacks.
Certainly these systems, like the ones cited in the p5 paper you
reference (and the p5 algorithm itself) benefits from the fact that
with a p2p system there are multiple actors. ie The user
intentionally does not have to trust a single anonymity provider (as
would be the case eg with something more centralized, like
anonymizer.com's web browsing system.)
Wei Dai in pipenet for example proposes mixing connection
establishment packets.
Also cebolla [3] has a related passive adversary view (though not
global passive adversary as in p5).
However our observation in [2] is that perhaps the passive adversary
is not that realistic a model. When even regular users can introduce
latency etc, it seems reasonable to assume that someone with the
resources to mount a network global passive attack, can also inject
in-protocol noise. (I have not read the p5 paper properly yet, but I
see it has some descriptions of such attacks and how it resists, but I
find it unlikely that it resists both the DoS/starvation attack we
describe applying to pipenet and the cheap timing correlation attacks
we describe as applying to systems like the freedom network).
An interesting area tho I think for signalling because it is low
bandwidth, and somewhat tolerant of latency is to use concepts like
PIR (private information retrieval), where it is possible for example
to implement computationally secure single database PIR. That
together with per caller handles -- eg if receivers have different
call identifiers for different callers, established by prior
arrangement, perhaps they can signal via a PIR like system even with a
single central server.
Adam
[2] Apr 01 - "Traffic Analysis Attacks and Trade-Offs in Anonymity
Providing systems", Information Hiding 2001, Adam Back, Ulf Möller and
Anton Stiglic
http://www.cypherspace.org/adam/pubs/traffic.pdf
[3] http://www.cypherspace.org/cebolla/
On Mon, Aug 22, 2005 at 10:46:14PM -0400, Saikat Guha wrote:
> On Mon, 2005-08-22 at 09:51 -0400, Adam Back wrote:
> > You are talking about current protocols -- and even with current
> > protocols I think p2p does because without a central server it is
> > harder to tap -- you have to tap enough points to catch the call
> > negotiation you are interested in.
>
> Agreed. Although in some cases, as few as two tap-points can be enough
> (as demonstrated in the article I linked earlier).
>
> > Also at zero-knowledge systems they had a pseudonymous mail system.
>
> On the topic of anonymity, the only p2p network that is immune to packet
> correlations that I am aware of is P5 [1] -- where peers send noise
> (that models real data) when they don't have real data to send. The same
> approach can be extended to centralized approaches where endpoints
> randomly initiate fake calls and send noise to hide the real calls. Both
> approaches trade off level of anonymity for communication efficiency and
> have equivalent privacy properties.
>
> Barring the # of taps argument (which is mitigated by recent techniques
> as pointed out earlier), I'd appreciate pointers to p2p systems that
> represent a genuine security/privacy/anonymity advantage that cannot be
> applied to centralized ones.
>
> [1] http://www.cs.cornell.edu/People/egs/615/p5.pdf
More information about the P2p-hackers
mailing list