Security Research
by Alexander Sotirov
Resources
Latest posts
- Assured Exploitation 2011
- You Should Work for Symantec
- CSAW final challenge
- CSAW reversing challenge
- Darknet design
Archives
Follow
Contact
Meet me at
-
CanSecWest
Vancouver, Mar 9-11
-
Infiltrate
Miami Beach, Apr 16-17
Darknet design
Aug 2, 2010
Back in 2007 I spent some time playing with a design for a file sharing darknet. It was never implemented, but I recently found my notes from that project and decided to post them here in the hope that someone might find this useful.
network size
small darknet
10-50 users
full trust model
but how do you prevent it from getting too big?
it will degenerate into large scale unless you do friend of a friend
multiple darknets
5 x 10-50 users
each user is a member of multiple networks
no cross network identity or trust
large scale friend of a friend network
each user can see only their friends and friends of friends
user identities
user id
user SSL certificate
node identities
IP address
node SSL certificate
all the above information is signed by the user SSL certificate
services provided by the darknet
file sharing - GET requests over HTTPS
messaging - XML-RPC over HTTPS, either direct or broadast
trust model (chosen by each user)
everybody - as long as they are part of the network
friends - only friends on your trust list
friends of friends - single hop or multiple hops
join algorithm
Alice invites Bob into the network
Alice generates an invite key containing:
SSL certificate for Alice
temporary client SSL certificate for Bob, signed by Alice
IP address of Alice's node
expiration date
Alice sends the invite key to Bob over an external secure channel
Bob creates a new identity
Bob connects to Alice using the temp SSL certificate from the invite key
Bob authenticates Alice using her SSL certificate from the invite key
Alice authenticates Bob by verifying his client SSL certificate
if the invite is expired, Bob needs a new invite key
Bob picks a user id and sends it to Alice
if the user id is already taken, Bob has to try again with a new id
Bob creates a permanent user SSL certificate and sends it to Alice
Alice broadcasts the new user id and certificate to all other nodes
Bob reconnects to Alice using his permanent client SSL certificate
Bob gets the IPs and certificates of neighboring nodes from Alice
limited visibility of IPs
connect only to servers you trust (need at least one, see join algorithm above)
send your IP only to servers you trust
your IP is forwarded to other servers only:
if your trust model is everybody
forwarded to everybody
if your trust model is friend of a friend
forwarded to their friends
if your trust model is friends only
no forwarding
threat model
privacy
get IPs that a specific user is communicating with
attacker: ISP
defense: random ssl traffic, no defense for high speed traffic
get full user list
attacker: rogue/compromised node
defense: a node can see only friends of friends, not beyond that
get full server list
attacker: rogue/compromised node
defense: a node can see only friends of friends, not beyond that
get shares/files of user
attacker: rogue/compromised node
defense: per share permissions
get records of transactions
attacker: ISP
defense: ssl
disrupt network
traffic filtering
attacker: ISP
defense: ssl on port 443, dedicated servers
traffic throttling
attacker: ISP
defense: ssl on port 443
DoS against network
attacker: rogue/compromised node
defense: none