I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Unverified Commit 81eb5945 authored by zzz's avatar zzz
Browse files

prop. 165 updates 

courtesy orignal
parent 50a9e4c4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
i2p2www/spec/proposals/165-ssu2-fix.rst
+ 37
4
View file @ 81eb5945
...@@ -5,7 +5,7 @@ I2P proposal #165: SSU2 fix ...@@ -5,7 +5,7 @@ I2P proposal #165: SSU2 fix
:author: weko, orignal, the Anonymous, zzz :author: weko, orignal, the Anonymous, zzz
:created: 2024-01-19 :created: 2024-01-19
:thread: http://i2pforum.i2p/viewforum.php?f=13 :thread: http://i2pforum.i2p/viewforum.php?f=13
:lastupdated: 2024-01-19 :lastupdated: 2024-11-17
:status: Open :status: Open
:target: 0.9.62 :target: 0.9.62
...@@ -19,9 +19,7 @@ Proposal by weko, orignal, the Anonymous and zzz. ...@@ -19,9 +19,7 @@ Proposal by weko, orignal, the Anonymous and zzz.
Overview Overview
-------- --------
Suggesting changes in SSU2 after the attack on I2P that used SSU2’s This document suggests changes to SSU2 following an attack on I2P that exploited vulnerabilities in SSU2. The primary goal is to enhance security and prevent Distributed Denial of Service (DDoS) attacks and de-anonymization attempts.
problem.
Threat model Threat model
------------ ------------
...@@ -157,6 +155,41 @@ To save on RI size, better add handling if i key isn’t specified. If it ...@@ -157,6 +155,41 @@ To save on RI size, better add handling if i key isn’t specified. If it
is, then i = RouterIdent. In that case, Bob does not support old is, then i = RouterIdent. In that case, Bob does not support old
routers. routers.
4. Add one more MixHash to KDF of SessionRequest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. _overview-4:
Overview
^^^^^^^^
Add MixHash(Bob's ident hash) to NOISE state of "SessionRequest" message, e.g.
h = SHA256 (h || Bob's ident hash).
It must be last MixHash used as ad for ENCYPT or DECRYPT.
Additional SSU2 header flag "Verify Bob's ident" = 0x02 must be introduced.
.. _behavior-4:
Behavior
^^^^^^^^
- Alice adds MixHash with Bob's ident hash from Bob's RouterInfo and use it as ad for ENCRYPT and sets "Verify Bob's ident" flag
- Bob checks "Verify Bob's ident" flag and adds MixHash with own ident hash and use it ad as for DECRYPT. Is AEAD/Chacha20/Poly1305 fails, Bob closes the session.
Compatibity with older routers
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Alice must check Bob's router version and if it satisfies miminal version supporting this proposal add this MixHash and set "Verify Bob's ident" flag. If router is older, Alice doesn't add MixHash and doesn't set "Verify Bob's ident" flag.
- Bob checks "Verify Bob's ident" flag and adds this MixHash if it's set. Older router don't set this flag and this MixHash shouldn't be added.
.. _problems-4:
Problems
^^^^^^^^
- An attacker can claim fake routers with older version. At some point olders router should be used with precaution and after they got verified by other ways.
Backward compability Backward compability
-------------------- --------------------
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]