Opened 3 years ago

Last modified 2 years ago

#1867 assigned enhancement

Bote: Making tracking by other nodes more difficult

Reported by: sarji Owned by: str4d
Priority: minor Milestone: eventually
Component: apps/plugins Version: 0.9.27
Keywords: I2P-Bote Cc:
Parent Tickets:

Description

Right now, the destinations is send and saved plain text. This enables two attacks, which I want to address here:

First of all, it allows other nodes to collect destinations (e.g. for spaming). This issue can be tackled by using a secure hash instead of the plain destination. Because secure hash fucntion are practically irreversible, other nodes won't be able to obtain the destination.

Secondly, other nodes are currently able to monitor how many mails a certain Bote identity gets. I have had two ideas to make this more difficult:

  1. Instead of having just one possible hash per Bote identity, everyone has several hashes, for example by salting them. When sending a mail the client chooses a random salt in the desired range (maybe 4 or 8 bit; the requested salt length could be stored as additonal information in the Bote destination) and uses it as the destination tag of the mail envelop. The receving client then requests all mails saved with his hashes (this should be done to different times for each hash to make timing-attacks more difficult). The nodes will not be able to know the actual number of received messages as they only see a subset of them.
  2. It might be diserd to have hash collisions (they can be achieved by truncating the actual hash). When several identities have the same hash, a spying node won't be able to say if the message were all meant for the same persone or for several different. When a client wants to obtain his mails, it downloads all mails saved under the hash and then trys to decrypt them. All mails meant for the identity will be decrypted correctly while all others just result in gibberish (or an error).

Subtickets (add)

Change History (2)

comment:1 Changed 3 years ago by zzz

  • Owner set to str4d
  • Status changed from new to assigned
  • Summary changed from Making tracking by other nodes more difficult to Bote: Making tracking by other nodes more difficult

comment:2 Changed 2 years ago by str4d

Migrated to https://github.com/i2p/i2p.i2p-bote/issues - I will close these tickets as things are resolved rather than right now, but please make future comments on GitHub?.

Note: See TracTickets for help on using tickets.