CDR: Re: PipeNet protocol
Ray Dillinger
bear at sonic.net
Sun Nov 5 23:25:58 PST 2000
On Sun, 5 Nov 2000, Adam Back wrote:
>| Each node expects one packet from each link id in each time unit.
>| Extra packets are queued for processing in later time units.
>| However, if a node does not receive a packet for a link id in a
>| particular time unit, it stops normal processing of packets for that
>| time unit and queues all packets. This ensures that any delay is
>| propagated through the entire network and cannot be used to trace a
>| particular connection.
>
>This is to defend against active attacks delaying packets to observe
>the effect on the network and hence trace routes.
>
>However I think this scheduling algorithm would have the side effect
>of making this variant of PipeNet very vulnerable to DoS attacks. Any
>user can arbitrarily delay packet delivery for the entire network by
>ceasing to send packets.
It also limits the ability of Pipenet to scale. Basically, the more
people you get, the longer the time periods become (because every
node has to send every other node a packet, and it takes longer to
receive a million packets than it takes to receive a dozen). Once
you are down to being able to send only one packet per hour to any
particular place, you are effectively scrod as far as getting anything
done. Routing through other pipenet nodes is possible, of course, but
all the net sources and sinks of data would quickly either overload
with queued packets, or be forced to inundate the whole system with
nulls on a very regular basis.
I've been looking at a mode where nodes are considered "located"
relative to each other in some kind of fake coordinate space - not
necessarily correlated with physical location. Once you introduce
a coordinate space, you can use concepts of direction to help
route things. Break up the coordinate plane with a compass rose
into sixteen semi-octants, and each round, you transmit to your
nearest neighbor in each octant and also to randomly selected ones
at medium, long, and very long distance. That way, you can
guarantee that if you're not contacting the intended recipient
of a packet you're forwarding this round, you will at the very
least be contacting a node that's "closer" to the intended
recipient than yourself. If you consistently route the packet
to any node closer than you, without overshooting, it is
guaranteed to arrive in a finite number of hops (overshooting
may be feasible in practice, but I haven't been able to prove
this property where overshooting is allowed. However, a limited
number of overshoots ought to be okay - that's more effective in
the average case and reverts to the provable case after the
allowed overshoots run out. ).
I think it would defeat traffic analysis, because the selection
of who sends packets to whom is perfectly random each time, subject
to the vagaries of the coordinate space. The analysts could tell
who your closest neighbors were in the coordinate space, and could
eventually build up a model of the coordinate space and figure out
your coordinates in it - but no other information is revealed by
the selection of whom you transmit to each time.
If you wanted to keep the locations fluid, you could hash all
the coordinates each night at midnight GMT.
Bear
More information about the Testlist
mailing list