Understanding a threat is key in choosing appropriate counteractions to take.

With this post I will try to describe in simple terms how the original source IP of a key/identity can be traced on distributed hash table networks such as Freenet and I2p. I also believe the same basic attack can be applied to networks such as Tor, Zeronet, Tribbler and others.

Most people begin using these networks because they believe to be completely anonymous while using them. Others may not care much about staying anonymous, but may want to access uncensored information. Most attackers will focus on the source of content rather than trying to identify every client/user that is requesting the content. Still the same methods essentially can be used to trace a "client" instead of a "provider".

I will focus on the basic attack described as the "Mobile attacker source search attack" on freenetproject.org and also described as the "Predecessor attack" on geti2p.net because I believe this to be the highest threat if the attacker has no other points to launch correlation attacks from and assuming that the attacker does not already control a majority of the network.

https://wiki.freenetproject.org/Opennet_attacks#Mobile_attacker_source_tracing

https://geti2p.net/en/docs/how/threat-model#predecessor

Tracing a Freenet-Opennet user/content-provider

Chk keys are described as very easy to trace since the chk of a file will always be the same. However an attacker would have to know exactly what file would be uploaded and only the slightest modification to that text file for example would create a completely different chk key.

In practice, possibly more concerning is the use of usk keys or manual updating of ssk keys. These keys are used for dynamic/updatable Freesites/Flogs, Freemail, Wot, Fms and Sone identities. Every time a "content provider" updates a Usk or Ssk an attacker can pre-calculate the key and wait to see what part of the network / keyspace the insert will come from. With identities such as Freemail and Sone an attacker can pre-calculate the key and wait to see what part of the network / keyspace the update insert and also the new info request will come from.

The Attacker would only need 1 router to participate in the network in order to begin moving closer to the source of a key but using 2 routers where router A keeps a fixed location in keyspace for reference will greatly improve the effect of this attack. Every multiplication of the attacking routers in use by 2 will likely cut the required time for this attack in half.

Router A keeps a fixed location and Router B moves closer to the source with every intercepted insert or request. Closer can be determined by logging which direction in keyspace sends requests or inserts with higher HTL (hops to live) values. If Router A and B never receive the insert or requests they are tracing then they will move in opposite directions until eventually a request or insert is received and this will be the fixed point for router A. Pathfolding naturally helps the process of moving closer in keyspace but even without pathfolding the attacking node can slowly choose to connect to closer nodes and deny further nodes without raising too much suspicion

Eventually Router B will have found a keyspace that is closest or very close to the source/victim and become the victim's peer. By logging inserts/requests of the victim's node the attacker will have statistical proof / circumstantial evidence of the source/victim IP.

Tracing an I2p Bote users / eepsites

The same methods apply here. Router A keeps a fixed location and Router B moves closer to the source with every intercepted insert or request.

The attackers routers will have to wait until they are the final hop of an inbound or outbound tunnel of the victim's insert of a lease set before they will be able to determine a closer location of the victim's source in order to track eepsites. By when running Bote an attacker can log and trace inserts and requests for a Bote ID. The attacker can recognize if a final hop was in the path of a Victim since it will show a lease set that can be associated with the victim's eppsite or Bote key.

Becoming the final hop in a requests or inserts tunnel is necessary to recognize a destination and requires very high connectivity as the attackers chances of being part of a tunnel are lower the further away in keyspace the attacker is. Only 1 out of 3 times the attacker participates in the correct tunnel will it become the last hop since average tunnels are 3 hops.

By using floodfill routers for this attack on eepsites the required time will be reduced greatly since the attacker will be able to intercept newly inserted or requested lease sets. By intercepting new lease set inserts to the netBD the attacker will be able to move significantly closer in the network before needing to worry about being the final hop in a tunnel. Only after the attacker has narrowed the victims keyspace down to a small enough area will he have to eventually become The final hop in a victim's tunnel to recognize the victim's IP.

Difficulties for attackers

For this type of attack to be effective routers must gather enough statistical evidence of the victims closeness after every move in keyspace to avoid moving back and forth between other peers keyspaces without actually recognizing the origin's location. The time required for this attack can be reduced indefinitely by using more routers across the networks keyspace. Every attacking router will become more successful but costly with the amount of resources it can provide / how many peers it can stay connected to.

One thing that conveniently protects DHT networks is that an attacker who controls less than 50% of the keyspace under attack must participate and provide valid data in order to not be dropped and flagged by honest peers. This contributes to the cost required to launch an attack.

Also Since every attacker must participate in and contribute to the network, every attack will also make the network stronger and essentially contribute to the privacy of every user that is not being targeted by that attacker.

Countermeasures

Resources

The more resources a user/victim can contribute to the network (the more peers it can satisfy) the more difficult it becomes to narrow down it's original IP. But privacy and freedom of censorship should not only be available to those who can afford it.

Dancing around the Keyspace

It will always take an attacker some time to move closer to the keyspace of a node. Therefore a victim can create and use a new node with a random location at selected intervals to make it more difficult for the attacker to get close enough to the source key in time. This can be very effective however eventually the victim's IP will be logged by the attacker more frequently than others which will eventually also deanonymize the victim although it will take much longer.

Multihoming

Multihoming is the practice of using the same applications across multiple synchronized routers. This will make it more difficult for the attacker to trace a keyspace location and will multiply the power of "dancing around the keyspace".

For I2p Multihoming is described here: https://geti2p.net/en/docs/how/network-database#multihome

For Freenet the same is possible as long as files are properly synchronized between routers and routers do not interfere with each other at the same time.

Darknet / Restricteted connections

Eventually the the anonymity of open networks will fail to an attacker with enough resources. A Trust based network can be a great countermeasure. Using Darknet connections on Freenet and using restricted connections in I2p (not yet implemented) provides a layer of security that can't be broken by financial resources alone. Depending on the required level of privacy the amount of Darknet/restricted connections should be increased. Also it is important not to forget that a Darknet/restricted connection must be trusted not to log the users data or be infiltrated by the attacker. Conventional measures must be used to verify the trust assigned to these Darknet/restricted connections. Since the trust placed in Darknet/restricted connections is subject to human logic and faults only a limited value of trust can be assigned to this layer of security. A Trusted Darknet connection may be surprisingly willing to cooperate with a superior and oppressing force to reveal a victim's identity given enough pressure.

Mesh-networking & Wardriving

To provide an extra layer of security any other form of secure networking could be used additionally to help with further obfuscating a source's IP. Wifi mesh networking can be used in areas with enough participating peers but is currently restricted to large cities due to lack of general interest. For the average user Serval-mesh, Opengarden and Cjdns may be interesting projects.

Of course open or badly secured wifi routers can be used to gain access to a desired network and with varying access points/ips will make it much more difficult for an attacker to find a victim. Still An attacker will be able to narrow down the range and general location of a victim given much more time and may eventually be able to find the victim through other corellation attacks.

Freenet With I2p or Tor

As described in the Freenet-Project wiki, tunnels are believed to improve the security of Freenet - Opennet "a lot".

Doublec has described a method of using Freenet with Onioncat for Tor or Garlicat for I2p to further anonymize Freenet users.

https://bluishcoder.co.nz/2016/08/18/using-freenet-over-tor.html

USK@1ORdIvjL2H1bZblJcP8hu2LjjKtVB-rVzp8mLty~5N4,8hL85otZBbq0geDsSKkBK4sKESL2SrNVecFZz9NxGVQ,AQACAAE/bluishcoder/-30/

While Darknet connections and Hybrid nodes seem to be working correctly there are still some issues creating an Onioncat or Garlicat Opennet. Using nodes with only Onioncat/Garlicat seednodes might help.

There are different types of attackers. Some will have average resources available such as criminals, corporations or other civilian enemies and those who have extraordinary resources available such as law enforcement and military. Depending on the attacker the resources available for correlation attacks the time required for target tracing can differ significantly.

Optimally every user should be able to calculate the time and resources required for an attacker to trace a victim so that every user could be warned when their identity is no longer secure.

Node Trust

Assigning trust values to nodes based on the value of the contributed content of the node operator should increase protection from malicious nodes as long as this can be done without compromising the node operators privacy. In practice this might be accomplished by exchanging node references with trusted identities found through Fms and Freemail but still assigning low local trust values when choosing these peers as new Opennet connections.

Related Links

Freenet overview: https://freenetproject.org/
Freenet threat model: https://wiki.freenetproject.org/Security_summary

Tor and I2P comparison: https://geti2p.net/en/comparison/tor
I2p threat model: https://geti2p.net/en/docs/how/threat-model

Other Cool Projects

IPFS: A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.
https://ipfs.io/

Zeronet: Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network
https://zeronet.io/

Tribler: Privacy using our Tor-inspired onion routing. Search and download torrents with less worries or censorship
https://www.tribler.org/

Retroshare: Retroshare creates encrypted connections to your friends, completely decentralized.
http://retroshare.net/

Tox: Open source and encrypted skype alternative. Works on desktops, Android and IOS
https://tox.chat/

Final Words

We need anonymous networks for truly uncensored information exchange. Whistle-blowers and victims of oppression rely on them to fight inequality and tyranny. I believe the pros outweigh the cons when it comes to online anonymity.

I wrote this essay to make it easier for myself to understand the security of Freenet and I2P. The huge amounts of information on the respective sites were to much for me wrap my head around, so I head to break it down to something shorter I could understand. Please do point out if you find any mistakes or if I missed something important.

Comments are always welcome. Good luck out there Friends! @camb

I wrote this essay and claim no copyright. You may do what you like with it and consider it "public domain" content.