I2P AND THE DARK WEB
By John C. Liu, PhD CFA November 4, 2016
WE VALUE PRIVACY
PRIVACY HAS A VALUE
MONETIZING PRIVACY
LOSS OF PRIVACY IS BIG BUSINESS
ANONYMOUS COMM
Virtual Circuit
HOW TOR WORKS
Access to Clearnet
3-LAYER ENCRYPTION
EASY TOSET-UP
JUST INSTALL TOR BROWSER
TOR GUARANTEES
PRIVACYSOURCE, DESTINATION, PAYLOAD ENCRYPTION
ANONYMITY(OR DOES IT?)
FLAWS OF TOR
ExitNodeTarge.ng
EntryPointSurveillance
So7ware/HardwareFingerprin.ng
TimingAnalysis
Des.na.onFingerprin.ng
CentralServerRepository
MITM
STORY OF ELDO K.• HARVARD STUDENT • DIDN’T WANT TO TAKE FINAL EXAM • EMAILED BOMB THREAT • USED TOR TO DISGUISE HIMSELF
WHAT HAPPENED?• ELDO USED UNIV NETWORK TO ACCESS TOR • HE WAS IDENTIFIED AND ARRESTED IN HOURS • ELDO SENTENCED TO COMMUNITY SERVICE
A BETTER WAY: I2PINVISIBLE INTERNET PROJECT
WHAT IS I2P?• ORIGINATED IN 2003 AS
INVISIBLENET• DECENTRALIZED NETWORK
LAYER• END-TO-END ENCRYPTION• NO OUTPROXY TO CLEARNET
FULLY DISTRIBUTEDSELF ORGANIZINGRESILIENT
NO CENTRALIZED DIRECTORY SERVER
PACKET SWITCHED VS.CIRCUIT SWITCHED
SHORT-LIVED, SIMPLEX TUNNELS
HOW IT WORKS
• Layered Encryption
• Message Bundling
• Tunnel Routing
• ElGamal/AES Encrypton
Message Message
Message Message
MessageMessage Message
MESSAGE BUNDLING
KEYS TO I2P
• GARLIC ROUTING
• MESSAGE BUNDLING
• E2E ENCRYPTION
• RANDOM DELAYS
EEPSITESI2P-ONLY WEBSITES
I2P & CRYPTOCURRENCY
I2P BOTE SECURE-EMAIL
SECURE, ANONYMOUS, HASH ADDRESS
COMPARISONTor I2PCell Message
Client Router
Circuit Tunnel
Directory NetDB
Hidden Service Eepsite
Onion Garlic
Less Secure More Secure
I2P LIMITATIONS
• NO ACCESS TO CLEARNET • SMALL USER BASE • STILL VULNERABLE TO ATTACK
(BUT LESS SO THAN TOR)
I2P IS THE FUTURE
THANK YOU. JOHN@BEOWULF.IO
HTTPS://GETI2P.NET