Jaysu

Banned
Joined
21.09.20
Messages
121
Reaction score
776
Points
63
The success of law enforcement agencies in deanonymizing Tor users has forced cybercriminals to look for alternative platforms to carry out their activities. At least one clandestine marketplace has already migrated from Tor to the Invisible Internet Project (I2P), according to ZDNet.

I2P

I2P (abbreviated from the English "Invisible Internet Project") is an open source software created to organize a super-stable anonymous, overlay, encrypted network applicable for web surfing, anonymous hosting (creating anonymous sites, forums and chats , file sharing servers, etc.), instant messaging, blogging, and file sharing (including P2P - Torrent, eDonkey, Kad, Gnutella, etc.), email, VoIP, and more. Site addresses on the I2P network are in the .i2p pseudo-domain space.

Overview

I2P is an anonymous, self-organizing distributed network that uses a modified Kademlia DHT, but differs in that it stores hashed host addresses, AES-encrypted IP addresses, as well as public encryption keys, and connections via the Network database are also encrypted. The network provides a transport mechanism for applications to send messages to each other anonymously and securely. Although the I2P network sets the main task of determining the path of transmission of packets, thanks to the Streaming lib library, their delivery in the originally specified sequence without errors, losses and duplication is also implemented, which makes it possible to use IP telephony, Internet radio, IP television in the I2P network. video conferencing and other streaming protocols and services.

The I2P network has its own catalog of sites, electronic libraries, and torrent trackers. In addition, there are gates for accessing the I2P network directly from the Internet, created specifically for users who, for various reasons, cannot install the Invisible Internet Project software on their computer.

Features of the network

  • The I2P network is distinguished by the use of encryption mechanisms, P2P architecture and variable intermediaries (hops). This method assumes an increase in the complexity of deanonymization, MITM attacks and make it completely impossible to spoof packages transparent to the user.
  • Currently, the network element is a kind of implementation of conventional DNS servers. It differs from the usual DNS in the following ways:
  • to determine the hash-sum of the recipient, the local address base is used.
  • the address database is periodically updated from name servers, while in traditional DNS the address is determined by request to it (however, in some operating systems and browsers, caching is carried out).
  • Subdomains are not tied to the parent domain, however, the address subscription provider is free to restrict the registration of subdomains by the permission of the parent domain.
  • it is possible to use multiple name servers. In the official implementation of the router, conflicts are resolved according to the first-come-first-served scheme, but it is worth noting that the recipient hash sums, explicitly specified by the user in the address bases "privatehosts" and "userhosts", come first - that is, they have a greater impact than subscriptions.
  • Since the network is peer-to-peer, addresses are hashes that the addresser's hops (proxies) use to address the recipient's proxies.
  • nameservers are inside the peer-to-peer network, although it is technically possible to update the database from outside
  • most name servers, as opposed to external name registrars, currently do not require a fee to register domains in their database. The main criterion is the availability of the server by the recipient hash sum.
  • after the creation of a tunnel for data transmission, the time of its existence does not exceed 10 minutes.
  • a unique sequence of nodes is selected each time to create a data transmission tunnel.
  • Since the network is peer-to-peer and decentralized, the speed and reliability of the network directly depends on the participation of people in the transmission of other people's traffic.
To access I2P, you need to install a router program on your computer that (de) encrypts, (times) compresses traffic and routes it to peers in I2P. To work with intranet sites, you need to configure your browser to route HTTP packets to a router listening on a specific port. To access the external Internet via I2P, it is necessary to use proxy servers from within I2P (outproxy), which are currently few in number. Also, internal sites in the I2P network are accessible from the external Internet through a proxy server.

Encryption in the I2P network

The network was originally designed with the assumption that all intermediate nodes are compromised or malicious, so a number of proactive measures have been put in place to counter it.

All traffic on the network is encrypted from sender to receiver. In total, when sending a message, four levels of encryption are used (end-to-end, garlic, tunnel, and transport layer encryption), before encryption, a small random number of random bytes is automatically added to each network packet to further anonymize the transmitted information and make it difficult to analyze content and block transmitted network packets. Cryptographic identifiers, which are public cryptographic keys, are used as network addresses. IP addresses in the I2P network are not used anywhere and never, therefore, it is not possible to determine the true address of any node on the network. Each network application on the computer builds separate encrypted, anonymous tunnels for itself. Tunnels are mostly of one-way type (outgoing traffic goes through some tunnels, and incoming traffic goes through others) - the direction, length, and also which application or service created these tunnels is extremely difficult to find out. All transmitted network packets tend to diverge through several different tunnels , which makes it pointless to try to listen and analyze the passing data stream with the help of a sniffer. Also, there is a periodic change (every 10 minutes) of already created tunnels for new ones, with new digital signatures and encryption keys (digital signatures and encryption keys, of course, each tunnel has its own). For these reasons, there is no need to worry about applications encrypting their traffic. If there is a lack of confidence in the encryption of closed source programs (such as Skype), it is possible to solve the problem with IP telephony programs (such as Ekiga) that transmit traffic in the clear. In any case, the I2P network will perform four-level encryption of all packets and secure the transmission / reception of all data.

In an I2P network, all packets are encrypted on the sender's side and decrypted only on the receiver's side, while none of the intermediate participants in the exchange has the ability to intercept the decrypted data and none of the participants knows who the sender is and who the recipient is, since the transmitting node is may be a sender, or may be the same intermediate node, and the next node to which this packet needs to be sent may be the recipient, or may also be the same intermediate node, the intermediate node cannot find out the endpoints of the sender and the recipient, just like cannot find out what happened to the packet that was just transmitted to the next node - whether it processed it, or passed it somewhere further, it is impossible to find out.

In I2P networks, the following systems and methods of encryption and signature are used (for different layers and protocols):

256 bit AES CBC mode with PKCS # 5;

2048 bit El Gamal scheme;

2048 bit Diffie-Hellman algorithm;

1024 bit DSA;

256 bit HMAC - Algorithm for enhancing the cryptographic strength of other cryptoalgorithms;

256 bit SHA256 hashing.

History of the I2P network

The I2P project was launched in 2003 to support those interested in a new, uncensored, anonymous means of communication and information dissemination. I2P is an attempt to create a secure, decentralized anonymous network with fast response time and properties of autonomy, fault tolerance and scalability. The ultimate challenge is the ability to function in harsh environments, even under pressure from organizations with significant financial or political resources. All aspects of the web are available as source code and are free. This allows users to ensure that the software is doing exactly what it says it does and makes it easier for third-party developers to improve their network security against persistent attempts to restrict free communication.
 
Top Bottom