OneSwarm Forum » General

add community "friends" + limited mode = security ?

(6 posts)

  1. nandayo
    Member
    Login to Send PM

    Hi all,

    I have a noob question : if I decide to add "friends" I don't really know (eg. 1S community), and if I put all these people to limited mode, is it secure regarding organisms whose goal is to find illegal downloader.

    To be more precise : if into this friend list, there is someone that is a "false friend", whose goal is to detect if someone is downloading the last CD of some superstar, will it be possible for him to know if I download it or not ?

    For example, I imagine that if this "false friend" share only illegal files, then everybody that will request him some files can be suspected to be a pirat...

    I am right ?

    Thanks ;)

    Posted 8 months ago #

  2. Olive
    Member
    Login to Send PM

    They will know that "illegal" files go through your computer but not if you are the source or destination.

    Posted 8 months ago #

  3. Rafa
    Member
    Login to Send PM

    Hi Nandayo

    All the answers about these questions will be found in the (F..^W) manual, read it ... (rofl)
    (See "B - Supplemental security analysis" - page 17 @ http://oneswarm.cs.washington.edu/f2f_tr.pdf )

    An let our Devs work now ! :D

    /1S-Fr.net
    Rafa ;)

    Posted 8 months ago #

  4. nandayo
    Member
    Login to Send PM

    Well, no, all those questions are not precisely answered in the manual, or maybe we are not talking about the same manual...

    Thanks for the article : it seems to be really more complete :-)

    Posted 8 months ago #

  5. nandayo
    Member
    Login to Send PM

    This article is really interesting, especially the Annex B indeed.

    I would juste have a question, to be sure : concerning the case "Untrusted Peer + local wiretrap", you all agree that the attacker must be able to monitor the network traffic in real time, right ? (I'm rather sure but I would like to be totally sure !)

    I mean : a person that can ask to the ISP some informations about us cannot be considered in this case, right, they must be able to monitor our network in real time ?

    Thanks to all dev of this awsome soft ;)

    Posted 8 months ago #

  6. isdal
    Administrator
    Login to Send PM

    The "best" attacks from "Untrusted Peer + local wiretrap" requires that the attacker is able to inject packets. Basically the attack works by spoofing tpc rst packets to disconnect all your friends except the one they control. If you respond to any searches after that they know that you must have that data since you can't have forwarded it to anyone.

    If they only have packet logs things are harder, basically they need to start a download from you, then stop it, then start it and so on to create a traffic pattern. After that they can look in the log to see if the difference in upload-download rate for you follows that pattern at that specific time. This attack is much harder since:
    1: it requires that you have enough spare capacity that you can serve their request with high enough speed that the pattern appears over the normal traffic/forwarding noise.
    2: they can only "test" one file at the time, text search packets are too small to register with this method.

    For OneSwarm to protect against the traffic pattern attack would require us to send dummy data all the time which would cause significant overhead (making us reluctant to do it). Also, this attack works against all anonymity systems where users only store data on their disk that they previously downloaded (including annonymous VPN services).

    As far as I know ISPs are not keeping detailed enough logs for this attack to work yet. They need to store not only flow information (ip A is talking to ip B), but also each individual packet header + timing information.

    Posted 8 months ago #

RSS feed for this topic

Reply

You must log in to post.