34C3 - TUWAT - Talks - Part 6
Post date: Apr 8, 2018 7:02:08 AM
- Tightening the Net in Iran. Interesting topic. Yet - Internet censorship - on different levels is being done in most of countries. They call their Internet as Filternet. That's funny. Cyber Crime Law. Logging all network traffic. Nice samples of different versions of the censorship page being shown. Localized content for absolute access and content control. Incentives for developers to create local / national apps. Removing apps which do not co-operate with censorship. Telegram is very popular app in Iran.
- Growing Up Software Development - Nice programming lessons,yet nothing new. Pretty joyable stores after all.
- Humans as software extension - Bit strange talk, let's see if there's anything actually interesting. - Using humans as bots. Quite interesting concepts, but nothing new really.
- How Alice and Bob meet if they don't like onions - This should be pretty nice Survey of Network Anonymization Techniques. Let's see if it got any new information. Interestingly JonDonym is something I haven't heard or noticed earlier. But it seems to trying to be commercial Tor, so no thank you. Some alternate networks mentioned. They also mentioned older networks like Freenet, GNUnet, I2P, Tor. I haven't heard either, like The Loopix Anonymity SYstem and AN.ON Next Generation. I think I've checked out the Vuvuzela network in past. Side track: USENIX Security 2017 talk about Loopix. Talk also mentioned Freenet caching and distributed storage, which is one of the features, I really liked about it. They also mentioned GNUnet's F2F mode. They also mentioned that none of these services protect against global passive observer. Freenet and GNUnet provide plausible deniability. My brain hurts, amount of hype bs... About Q&A section and especially the Q part, not A part or the talk itself - IPFS uses blockchain, argh! GNUnet and Freenet are quite similar to IPFS. No, this is just what I hate about some things. Please check your timeline. IPFS is quite similar to GNUnet and Freenet, not the other way around. How about just saying content addressable distributed storage, which is way older concept than Freenet / GNUnet and so on. Too hard for you guys, is it, really? Cached with blockchain algorithm, what kind of ... my mind is blown. Now please someone, could you explain Blockchain caching algorithm, please. Because me or anyone else, isn't aware about it. - This is exactly what put me off with IPFS originally, straight out lies and hype. How about sticking to the facts? Nothing wrong with the technology, but I'm extremely allergic to unproven marketing hype and clams which could be defined to pure lies without technical proof and documentation how it's achieved. Back to the talk, in the Q&A section they well explained the Relationship Anonymity which can reveal users identity to global passive observer. Just like the water "bubbles" in water hose in the cartoons. Flows in and flows out. If statistics isn't enough alone. Using active (indirect) measures, you can cause latency / bandwidth changes and so on, making the proof much stronger.
- Loopix Anonymity System talk at Usenix Security Symposium (2017 - 26th) - Talk - Explained Mixnets Background. Mixnets add latency and with cover traffic limit scalability. Onion-routing isn't resistant against global passive adversaries. Loopix allows tunable trade-off between latency and genuine and cover traffic volume. I think this sounds very much like GNUnet which allows similar kind of option. Off-line message storage, inbox (queue) in situations where messages can't be delivered to the recipient. Drop cover traffic, loop cover traffic. Uses bi-directional cover traffic, in and outbound messages. Loop traffic allows detecting n-1 attack. It seems that Loopix is addressing many of the issues I've blogged about several times. Poisson mixing, exponential delay, no synchronization rounds required. Memoryless property of the mixing pool. Loopix does address global passive adversary, corrupt mixes and corrupt providers. Yet the corrupt provider is most important, because it will break receiver unobservability and receiver anonymity. Nice performance and throughput analysis. Partition attacks and Denial of Service attacks discussed in QA. It was also obvious that it's research network currently. Many of the "practical" aspects, weren't covered.