Presentation is loading. Please wait.

Presentation is loading. Please wait.

Onions and Garlic: the protocols of I2P

Published byHelena Lindqvist Modified over 6 years ago

Similar presentations

Presentation on theme: "Onions and Garlic: the protocols of I2P"— Presentation transcript:

1 Onions and Garlic: the protocols of I2P
Jack Grigg

2 The Internet is not anonymous

3 Standard protocols are insufficient

4 Types of anonymity systems
Proxy services VPNs Mixnets DC nets DHT-based Onion routing

5 Onion routing By ​English Wikipedia user HANtwister, CC BY-SA 3.0,

6 A simple example: Tor clients

7 More fun: Tor Onion Services
Connect two circuits together Rendezvous Point Server gets the same protections Server addresses are self-authenticating

8 Even more fun: I2P

9 TCP/IP protocol stack By en:User:Cburnett original work, colorization by en:User:Kbrose - Original artwork by en:User:Cburnett, CC BY-SA 3.0,

10 I2P inserts three protocol layers

11 Analogues of TCP and UDP inside I2P
I2P protocol stack Analogues of TCP and UDP inside I2P “Anonymous” data layer End-to-end layer Tunnel layer Transport layer TCP/IP layers

12 Onion routing only provides location anonymity!
(and even that is conditional)

13 I2P Network Protocol (I2NP)
Manages routing and mixing of messages Network database management Tunnel building Data transmission Each message is point-to-point But can be combined in various ways

14 Transport layer Provides router-to-router delivery of I2NP messages
Encrypts communication between routers Secure 2-way-authenticated channel Provides confidentiality, not anonymity

15 Transport layer: transport types
NTCP TCP-based Uses existing TCP stack for reliability SSU UDP-based Congestion control similar to TCP Per-message retransmissions Unique non-sequential identifiers → bitfields Cooperative NAT/firewall traversal

16 Tunnel layer: build protocol
A TunnelBuild message is repeatedly decrypted and forwarded between hops “Non-interactive” telescopic tunnel building Hops don't learn their location Each hop inserts their response into the packet Agree to route data for next 10 minutes Reject (e.g. bandwidth limits) Packet is returned via an existing tunnel

17 Tunnel layer: TunnelData messages
Used for sending data through a tunnel Onion-encrypted Fixed size (1028 kB) Contain fragmented I2NP messages Delivery instructions per message

18 End-to-end layer: Garlic messages
Used for sending data between peers Contain one or more GarlicCloves each with its own delivery instructions

19 Flexible routing design
Possible to implement a variety of mixnet delivery mechanisms Garlics containing Cloves containing Garlics... Combine with unused delay option in TunnelData delivery instructions Different trade-offs for different use cases More research required!

20 Limitations No “exit nodes” at network level Requires developer buy-in
Implemented as an overlay network Higher overhead c/f stateless designs like HORNET More research required Congestion control tuning Designing next-gen protocols

21 Questions?

22 Network data structures

Download ppt "Onions and Garlic: the protocols of I2P"

Similar presentations

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)

Tor (Anonymity Network) Scott Pardue. Tor Network  Nodes with routers within the network (entry, middle, exit)  Directory servers  Socket Secure (SOCKS)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Rhys McBreen (How the internet works) X. Contents The Layers and what they do IP Addressing X.

Rhys McBreen (How the internet works) X. Contents The Layers and what they do IP Addressing X.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
TCP/IP: Basics1 User Datagram Protocol (UDP) Another protocol at transport layer is UDP. It is Connectionless protocol i.e. no need to establish & terminate.

TCP/IP: Basics1 User Datagram Protocol (UDP) Another protocol at transport layer is UDP. It is Connectionless protocol i.e. no need to establish & terminate.
UNIT-3. 20.2 IP Datagram Fragmentation Figure 20.7 IP datagram.

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.
1 Networking Chapter 12. 2 Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.

1 Networking Chapter Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.

IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.
TCP/IP (Transmission Control Protocol / Internet Protocol)

TCP/IP (Transmission Control Protocol / Internet Protocol)
Network and the internet Part eight Introduction to computer, 2nd semester, 2009/2010 Mr.Nael Aburas Faculty of Information.

Network and the internet Part eight Introduction to computer, 2nd semester, 2009/2010 Mr.Nael Aburas Faculty of Information.
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

Similar presentations

Ads by Google