摘要
随着人们隐私保护意识的提高,匿名通信系统获得了越来越多的关注.I2P(invisible Internet project)是当前应用最广泛的匿名通信系统之一,与Tor(另一种非常流行的匿名通信系统)网络类似,I2P采用大蒜路由的方式隐藏通信双方的通信关系,即通过使用包含多个节点的隧道,使得隧道中的任意单一节点都不能同时获知通信双方的身份信息.然而,如果能够共谋同一隧道的两端节点或是能同时观察到I2P通信链路进、出I2P网络的流量,攻击者依然可以通过流量分析的方法对通信的双方进行关联,进而破坏I2P网络的匿名性.通过分别从I2P网络内部攻击者和传输路径上外部网络攻击者的角度,对当前I2P路径选择过程中可能面临的共谋攻击威胁进行分析,结果显示,I2P网络当前的路径选择算法并不能有效地防范内部攻击者和外部网络攻击者,I2P网络的匿名性仍然面临着巨大的共谋攻击威胁.
With the growing concerns for privacy, anonymous communication has been getting more and more attentions. One of the most popular anonymous communication systems is the invisible Internet project (I2P). Similar with the onion router (Tor, the most popular anonymous communication system), I2P uses garlic routing to protect the identities of both sides of a communication. The implementation of garlic routing in I2P is called tunnel, and a tunnel usually contains three hops, so every single hop in the tunnel can't get the identities of both the sender and recipient. However, if an attacker can compromise the two endpoints of a tunnel or can simultaneously observe the traffics entering and leaving the I2P network, the attacker can use traffic analysis to correlate the sender and recipient of an I2P communication. This paper makes an analysis of security in I2P's path selection from the perspectives of both an internal attacker and a network attacker. The results show that there still exist potential threats against I2P's anonymity given the current I2P's path selection algorithm.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2014年第7期1555-1564,共10页
Journal of Computer Research and Development
基金
国家自然科学基金项目(61100174)
国家"八六三"高技术研究发展计划基金项目(2012AA013101)
国家科技支撑计划基金项目(2012BAH37B04)
中国科学院战略性先导科技专项课题(XDA06030200)
关键词
匿名通信
安全
I2P
节点共谋
自治系统
IXP
anonymous communication
security
invisible Internet project (I2P)
node compromise
autonomous system (AS)
Internet exchange point (IXP)
