Nextgen G* Traffic Analysis Resistant Overlay Networks (re Tor stinks)

[grarpamp]

> For most all folks today, their first physical hop or link, is to
> their ISP.
>
> A GAA performing active timing attack, in the way of suspending your
> internet link for say 500 ms, is not possible to defend against when
> you have no other links for onboarding.

Acess censorship is separate from what the
first overlay net node you connect to decides
to do with the adverary modulated garbage
they received from your node. That first node,
or any other node, should drop you until you
behave, assigning the bandwidth and timing
contract they negotiated with you to a better
participant in the meantime.

> active link suspension across target sets of end
> users, bisecting as needed to map end user nodes to destination/
> server streams of interest.

So what, a secure overlay should drop its apparently
contract breaking nodes (as so affected by adversary
whether by cutout or other modulation) up to and including
the remaining overlay progressively cutting out thus effectively
downing itself as protection in reaction to increasing adversary
scopes of aggression. A net can't call itself secure if it is stupid
enough to stay up under known successful attack methods,
operational yes, secure no.

> the less your enemy can hide, the better.

An estimate is required to determine if G* adversary can
actually sustain modulation for traffic analysis against
millions of nodes at once for what duration of time...
if adversary cannot hold a self-defensive network down and
out as such, the overlay wins, and adversary is relegated to a
mere annoyance randomly sinking nodes as a sore loser
for lols.


> QoS, lo / hi priority

People first have to solve old problems with those...

- Users declaring all their traffic as hi, because.
- The overlay must see inside all traffic to inspect
and classify, no go.
- The overlay must becomes the State offering only
proprietary apps that it can controls, boring limited.
- Users pay for play to the overlay, complex.

Users are paying ISP for what rate they choose
to pass over their NIC. Most all overlays have always
been able to handle user traffic because there are more
than enough wheat-idle nodes to carry for example
low quality video over 7 hops, or mid quality youtube over 3.

Unlike Tor, if as in Phantom every user is a relay,
there should be plenty of excess wheat-idle capacity
because users are mostly idle.

> Phone calls require QoS.

Both the Internet and Tor have no QoS,
yet users have been able to hold voice and
IRC conversations between Tor onions since day
one, with some even being able to stuff low
quality video calls over it as well.

In a fill network, so long as fill yields to
for wheat demand, the only real constraint seems
how the overlay's transport such as TCP / UDP
and or some proprietary bucket transport handle
congestion when two or more users traffic shares
the same physical path between nodes.

> I don't understand the consideration

Overall point was, are people building some overlay
to handle only one app (messages, storage, IRC, whatever),
or a general purpose transport overlay like the internet
that can carry whatever. Presuming both can be done
equally securely and performant, there is no point to do
the former.

Lots of research and nets out there "We're building an
overlay for this specific app".

That being, much more research needs done in area
of application agnostic, general purpose transport,
traffic analysis resistant, networks.

If you can figure out how to do the latter, the
former is entirely moot. Study the latter first.

> In an overlay net, we think of a link as peer to peer.
>
> But physically that link is usually as follows:
>
>   NodeA -> ISP1 router -> GT-1 router ...
>   ... -> ISP2 router -> NodeB
>
> Wo when we talk base fill/ linerate/ fulltime chaff link, we should
> perhaps be clear about which physical links/routes we are referring
> to - we must consider the physical links as much as the virtual/
> overlay links, in order to properly assess security implications.

In a fill-as-defense model, overlay links dont care about
the physical between, only that whatever the two overlay
nodes agreed about bandwidth and timing expectations they
have for each other is upheld between them.
If it isn't, they or their internet path between is under attack
either by nature or adversary, the contract A B negotiated
between themselves will fault, and they should
sleep / drop / renegotiate, before passing data for the
overlay again.