 Welcome 

Dark Nets ( Anonymity Networks ) by Venu Gopal Kakarla (vgk8931), for course 4055.780 

Darknet: Original Definition  Originally coined in the 1970’s  To designate networks which were isolated from ARPANET  Which evolved into the Internet  They were isolated  Mainly for security purposes 

 Darknets were able to receive data from ARPANET  But had addresses which did not appear in the network lists.  And would not answer pings or other inquiries  They were something like a black box  A system or device whose contents were unknown 

MILNET – Military Network  Part of the ARPANET internetwork designated for unclassified United States Department of Defense traffic  Was split off from the ARPANET in 1983  Direct connectivity between the networks was severed for security reasons.  Gateways relayed electronic mail between the two networks  In the 1990s, MILNET became the NIPRNET  Non-classified Internet Protocol Router Network 

Darknet: The term’s re-emergence  “The Darknet and the Future of Content Distribution”  A 2002 article  By Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman  Four employees of Microsoft  http://msl1.mit.edu/ESD10/docs/darknet5.pdf 

Formal Definition  The idea of the darknet is based upon three assumptions: 1. Any widely distributed object will be available to a fraction of users in a form that permits copying 2. Users will copy objects if it is possible and interesting to do so 3. Users are connected by high-bandwidth channels 

Formal Definition Contd.  The darknet is the distribution network that emerges from  The injection of objects according to assumption 1  How new objects enter the system  And the distribution of those objects according to assumptions 2 and 3  How the objects in the system are distributed 

Infrastructure requirements 1. facilities for injecting new objects into the darknet (input) 2. a distribution network that carries copies of objects to users (transmission) 3. ubiquitous rendering devices, which allow users to consume objects (output) 4. a search mechanism to enable users to find objects (database) 5. storage that allows the darknet to retain objects for extended periods of time  Functionally, this is mostly a caching mechanism that reduces the load and exposure of nodes that inject objects 

Similar terms  Darknet  a closed private network of computers used for file sharing  machines unreachable by other computers on the internet  is also used to refer collectively to all covert communication networks  Darkweb / Deepweb  website content not indexed by search engines  Dark fiber  unused optical fiber communications infrastructure 

Books on the topic  More about  Copyright wars  Future of digital media  Less about  Actual networks  What's interesting  The implications of these dark networks. 

More Books 

Examples 

Tor  Tor is a free tool that allows people to use the internet anonymously.  Basically, by joining Tor you join a network of computers around the world that pass internet traffic randomly amongst each other before sending it out to wherever it is going. 

Tor - real world analogy (Chaum Mixes)  Imagine a tight huddle of people passing letters around.  Once in a while a letter leaves the huddle, sent off to some destination.  If you can't see what's going on inside the huddle, you can't tell who sent what letter based on watching letters leave the huddle. 

Tor – The Onion Routing  Developed by  Michael G. Reed  Paul F. Syverson  David M. Goldschlag  At the  Naval Research Laboratory, United States Navy 

Tor – The Onion Routing  Onion routing is a technique for anonymous communication  Messages are repeatedly encrypted and then sent through several network nodes called onion routers.  Each onion router  removes a layer of encryption  Symmetric keys are pre shared between each pair of routers  This uncovers routing instructions for the next hop  sends the message to the next router  where this is repeated 

No content

 Intermediate nodes can not know  the origin  destination  and contents of the message  Only starting (ingress) node knows the origin  And ending (egress) node knows the destination and the clear text message. 

One interesting incident about Tor  Dan Egerstad a Swedish security researcher  ran five Tor nodes  and collected a list of  100 e-mail credentials  server IP addresses  e-mail accounts  and the corresponding passwords  for embassies and government ministries around the globe  all obtained by sniffing exit traffic for usernames and passwords of e-mail servers. 

 The list contains mostly third-world embassies  Kazakhstan  Uzbekistan  Tajikistan  India  Iran  Mongolia 

 More interesting finds in the list  a Japanese embassy  the UK Visa Application Center in Nepal  the Russian Embassy in Sweden  the Office of the Dalai Lama  several Hong Kong Human Rights Groups  more than 1,000 corporate accounts with passwords 

Tor website says this. “Yes, the guy running the exit node can read the bytes that come in and out there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the internet.” 

Tor anonymizes, nothing more. - Bruce Schneier  It does not encrypt or authenticate.  Therefore it provides no confidentiality  Intresting Fact  More than 90 percent of Tor users don't encrypt. 

 Dan Egerstad was not the first to do this  “The Faithless Endpoint: How Tor puts certain users at greater risk”  By Len Sassaman1 

 Tor does provide for a strong degree of unlinkability  the notion that an eavesdropper cannot easily determine both the sender and receiver of a given message  The degree of privacy is generally a function of the number of participating routers versus the number of compromised or malicious routers. 

Garlic routing  Variant of onion routing  that encrypts multiple messages together  to make it more difficult for attackers to perform traffic analysis  Implemented in projects like  I2P - Anonymizing overlay network which allows applications to run on top of it  Perfect Dark 

Other Darknets Technology involved 

Other darknet projects  DarkNET Conglomeration  anoNet  Dn42 - Decentralized network 42  Freenet  GNUnet  I2P/IIP – Invisible Internet Project  WASTE 

How do they work  Overlay Networks  They work at Layer 8  Overlaid on top of the 7 layers  Just like VPN tunnels  IP inside IP  Built using  VPN’s  OpenVPN, Openswan, Vyatta  Routers running BGP  Quagga, GNU Zebra, OpenBGPD, Vyatta 

Lookups and routing  Lookups and routing is done by using DHTs  DHT - Distributed hash tables  Apache Cassandra  BitTorrent DHT - based on Kademlia  CAN (Content Addressable Network)  Chord  Kademlia  Pastry  Tapestry 

I2P / IIP  This is a layer on which present applications can use.  I2P / IIP fits in between layer 6 and layer 7  Below the application layer  Uses garlic routing  Currently these services are running over I2P  Usenet, E-mail, IRC, Ftp, Http, Telnet  Bittorrent, eDonkey, Gnutella  It seems all the present network services can run over I2p  But the project is still in alpha state 

Freenet and GNUnet  Freenet is designed by Ian Clarke  GNUnet is developed by the FSF  Free Software Foundation  Official GNU project  Unlike I2P which is layered Freenet and GNUnet, implement their own applications  Currently only file sharing is supported  And a trivial chat protocol, not compatible with IRC or XMPP. 

anoNet  This is an interesting example.  Reason being, no special software  Just uses VPN’s and BGP 

WASTE  On important thing of WASTE is  It constantly send garbage data  To prevent traffic analysis 

Other minor things 

Alternate top level DNS roots  .bbs - bulletin board systems  .dyn - resolve dynamic DNS  .free - non-commercial use  .geek - anything geeky  .indy - Independent news and media  .ing - fun TLD  .null - miscellaneous non-commercial individual sites  .oss - Open source software  .eco - ecological and environment 

Bitcoin - Crypto currency  one of the first implementations of a concept called cryptocurrency  first described in 1998 by Wei Dai  implemenetd in 2009 by Satoshi Nakamoto  uses a distributed database over a p-p network to journal transactions  uses cryptography to ensure that bitcoins  can only be spent by the person who owns them  and never more than once  therefore transactions are atomic and irreversible 

Conclusion 

What darknets try to achieve  Crypto Anarchism  The use of strong public-key cryptography to bring about privacy and freedom  It was described by Vernor Vinge as a cyberspatial realization of anarchism  relies heavily on plausible deniability to avoid censorship 

So why bother  Why bother with something which is  Unreachable and isolated  The point is  Even though darknets are unreachable from the internet  The internet is reachable from these darknets 

Interesting paper  “Trends in Denial of Service Attack Technology”  published in 2001  work by many security organizations  available from CERT  http://www.cert.org/archive/pdf/DoS_trends.pdf 

This is what the paper concludes  “Identified rogue dark networks as a potential farm for denial-of-service attacks and other illegal activity” 

Conclusion  So this is where our threat lies,  Attacks on our infrastructure originating from these darknets are possible  They are more of a threat to the government than corporations or individuals  Anarchy is against government  How to defeat these darknets …  Traffic analysis, stuff like that 

Writeprint  Funded by the National Science Foundation  Tried to identify anonymous writers by their style  Used a technique called Writeprint  which automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating "anonymous" content online.  can look at a posting on an online bulletin board, for example, and compare it with writings found elsewhere on the Internet.  by analyzing these certain features, it can determine with more than 95 percent accuracy if the author has produced other content in the past. 

Thank You.  Any Questions?  Please send them over by email.