SlideShare a Scribd company logo

Overlay networks

Download as PPTX, PDF
Mayank Chaudhari
Mayank Chaudhari

Overlay networks are virtual networks built on top of existing networks that add additional layers of indirection. There are several types of overlay networks including caching, routing, and security overlays. Two examples of anonymous communication networks are ACN and I2P. I2P uses "garlic routing" which involves layered encryption, bundling multiple messages together, and ElGamal/AES encryption. It has a distributed, self-organizing design and uses short-lived, unidirectional tunnels to provide anonymity through its network.

Internet
1 of 33
Overlay networks MAYANK CHAUDHARI
Content  Introduction  Deficiencies of Internet  Types of overlay  ACN  I2P  Introduction  Working  Routing  netDb  TCP layer. 2
Introduction  Network  defines addressing, routing, and service model for communication between hosts  Overlay network  A network built on top of one or more existing networks  adds an additional layer of indirection/virtualization  changes properties in one or more areas of underlying network  Alternative  change an existing network layer 3
Definition  An overlay network is a virtual network of nodes and logical links that is built on top of an existing network with the purpose to implement a network service that is not available in the existing network. 4
Internet as an Overlay  The Internet is an overlay network  goal: connect local area networks  built on local area networks (e.g., Ethernet), phone lines  add an Internet Protocol header to all packets  5
Uses  Routing  Addressing  Security  Multicast  Mobility 6
Deficiencies of the Internet  The major shortcomings of Internet that make it unsuitable for directly supporting the stringent requirements of Internet-based services without a overlay.  Outages :  Partial network outages are common on the Internet caused by misconfigured core routers, DDoS attacks, cable cuts, power disruptions, natural calamities, and de-peering due to a business conflict. 7
Deficiencies of the Internet  Congestion :  When the capacity of routers and links on the Internet are insufficient to meet the traffic demand, congestion occurs resulting in packet loss.  Lack of scalability :  Online services require provisioning server and network resources to meet the demand of users at all times, even during un-expected periods of peak demand and flash crowds.  Without the existence of overlays, an enterprise may deploy their online services in a centralized fashion within a single data center and expect to serve their users from that centralized origin infrastructure. 8
Deficiencies of the Internet  Slow adaptability :  Online services and their requirements evolve rapidly. However, the fundamental architecture and protocols of the Internet are slow to change or accommodate new primitives.  Lack of security :  Modern online services require protection from catastrophic events such as distributed denial of service (DDoS) attacks. 9
Types of Overlay  caching overlay :  The ubiquitous caching overlay that aims to deliver web sites, on-demand videos, music downloads, software downloads, and other forms of online content. Such overlays are applicable for content that does not change over extended periods of time and is hence cacheable. The key benefits that a caching overlay provides are greater availability, performance, origin offload, and scalability 10
Types of Overlay  routing overlay :  The routing overlay that provides wide-area communication with more reliability, lesser latency, and greater throughput than the public Internet can. Such overlays could be used to deliver dynamic web content or live stream content that normally cannot be cache.  security overlay:  The security overlay that increases the security and mitigates distributed denial of service (DDoS) attacks on web sites and other online services.  11
Anonymous Communication Networks  Motivation  Censorship at the local, organizational, or national level  Personal privacy preferences such as preventing tracking or data mining activities  The material or its distribution is considered illegal or incriminating by possible eavesdroppers.  Material is legal but socially deplored, embarrassing or problematic in the individual's social world.  Fear of retribution (against whistleblowers, unofficial leaks, and activists who do not believe in restrictions on information nor knowledge) 12
I2P Introduction  I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other.  The network itself is strictly message based (IP), but there is a library available to allow reliable streaming communication on top of it.  All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). 13
How does it work?  I2P makes a strict separation between the software participating in the network (a "router") and the anonymous endpoints ("destinations") associated with individual applications.  What is hidden is information on what the user is doing, if anything at all, as well as what router a particular destination is connected to.  End users will typically have several local destinations on their router - for instance, one proxying in to IRC servers, another supporting the user's anonymous webserver ("eepsite"), another for an I2Phex instance, another for torrents, ete. 14
How does it work?  Another critical concept to understand is the "tunnel". A tunnel is a directed path through an explicitly selected list of routers.  Layered encryption is used, so each of the routers can only decrypt a single layer.  The decrypted information contains the IP of the next router, along with the encrypted information to be forwarded.  Messages can be sent only in one way. To send messages back, another tunnel is required. 15
How does it work? 16
How does it work?  Types of tunnels : 1. Inbound : bring messages to the tunnel creator. 2. Outbound :send messages away from the tunnel creator  The gateway of an inbound tunnel can receive messages from any other user and will send them on until the endpoint ("Bob").  The endpoint of the outbound tunnel will need to send the message on to the gateway of the inbound tunnel.  To do this, the sender ("Alice") adds instructions to her encrypted message. 17
How does it work?  Several tunnels for a particular purpose may be grouped into a "tunnel pool“.  The pools used by the router itself are called "exploratory tunnels“.  The pools used by applications are called "client tunnels".  Tunnel lengths are specified by clients via I2CP options.  The maximum number of hops in a tunnel is 7.  To reduce the susceptibility to some attacks, 3 or more hops are recommended for the highest level of protection. 18
Garlic Routing  Derived from Onion Routing.  Generally, when referring to I2P, the term "garlic" may mean one of three things: 1. Layered Encryption 2. Bundling multiple messages together 3. ElGamal/AES Encryption 19
Garlic Routing  Layered Encryption  Onion routing is a technique for building paths, or tunnels, through a series of peers, and then using that tunnel. Messages are repeatedly encrypted by the originator, and then decrypted by each hop.  Bundling Multiple Messages  in onion multiple messages are bundled together. He called each message a "bulb“.  Our term for garlic "bulbs" is "cloves“.  Any number of messages can be contained, instead of just a single message. 20
Tunnel Building and Routing  Now that we've defined various "garlic" terms, we can say that I2P uses garlic routing, bundling and encryption in three places: 1. For building and routing through tunnels (layered encryption) 2. For determining the success or failure of end to end message delivery (bundling) 3. For publishing some network database entries (dampening the probability of a successful traffic analysis attack) (ElGamal/AES). 21
Garlic Routing  In I2P, tunnels are unidirectional. Each party builds two tunnels, one for outbound and one for inbound traffic. Therefore, four tunnels are required for a single round-trip message and reply.  Tunnels are built, and then used, with layered encryption.  Tunnels are a general-purpose mechanism to transport all I2NP messages, and Garlic Messages are not used to build tunnels.  We do not bundle multiple I2NP messages into a single Garlic Message for unwrapping at the outbound tunnel endpoint. 22
End-to-End Message Bundling  At the layer above tunnels, I2P delivers end-to-end messages between Destinations.  Each client message as delivered to the router through the I2CP interface becomes a single Garlic Clove with its own Delivery Instructions, inside a Garlic Message.  Delivery Instructions may specify a Destination, Router, or Tunnel.  Generally, a Garlic Message will contain only one clove. However, the router will periodically bundle two additional cloves in the Garlic Message. 23
End-to-End Message Bundling 24
End-to-End Message Bundling  A Delivery Status Message, with Delivery Instructions specifying that it be sent back to the originating router as an acknowledgment.  A Database Store Message, containing a LeaseSet for the originating Destination, with Delivery Instructions specifying the far-end destination's router. By periodically bundling a LeaseSet, the router ensures that the far- end will be able to maintain communications. Otherwise the far-end would have to query a floodfill router for the network database entry, and all LeaseSets would have to be published to the network database 25
Network Database  I2P's netDb works to share the network's metadata.  A percentage of I2P users are appointed as 'floodfill peers'. Currently, I2P installations that have a lot of bandwidth and are fast enough, will appoint themselves as floodfill as soon as the number of existing floodfill routers drops too low.  If a floodfill router receives a 'store' query, it will spread the information to other floodfill routers using the Kademlia algorithm. 26
Network Database  Two types of information are stored in the network database.  A Router Info stores information on a specific I2P router and how to contact it  A LeaseSet stores information on a specific destination (e.g. I2P website, e- mail server...).  In addition, the data contains timing information, to avoid storage of old entries and possible attacks. 27
Transport protocols  Then, to accommodate the need for high degree communication), I2P moved from a TCP based transport to a UDP-based one - "Secure Semi reliable UDP", or "SSU".  The goal of this protocol is to provide secure, authenticated, semi reliable and unordered message delivery, exposing only a minimal amount of data easily discernible to third parties. It should support high degree communication as well as TCP-friendly congestion control and may include PMTU detection. It should be capable of efficiently moving bulk data at rates sufficient for home users. In addition, it should support techniques for addressing network obstacles, like most NATs or firewalls. 28
Benefits of I2P over Tor  Designed and optimized for hidden services, which are much faster than in Tor  Fully distributed and self organizing  Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity  Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded  Small enough that it hasn't been blocked or DOSed much, or at all  Peer-to-peer friendly. 29
Benefits of I2P over Tor  Packet switched instead of circuit switched  implicit transparent load balancing of messages across multiple peers, rather than a single path  resilience vs. failures by running multiple tunnels in parallel, plus rotating tunnels  scale each client's connections at O(1) instead of O(N) (Alice has e.g. 2 inbound tunnels that are used by all of the peers Alice is talking with, rather than a circuit for each)  Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. 30
Benefits of I2P over Tor  Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing)  Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.  I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality. 31
Benefits of I2P over Tor  Essentially all peers participate in routing for others  The bandwidth overhead of being a full peer is low, while in Tor, while client nodes don't require much bandwidth, they don't fully participate in the mixnet.  Integrated automatic update mechanism  Both TCP and UDP transports  Java, not C (ewww). 32
THANK YOU 33

Recommended

IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing
TheGodfather HA
 
Ipv6
Ipv6Ipv6
Ipv6
satish 486
 
Virtual LAN
Virtual LANVirtual LAN
Virtual LAN
Lilesh Pathe
 
Vlan
Vlan Vlan
Vlan
sanss40
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
MPLS VPN
MPLS VPNMPLS VPN
MPLS VPN
Shahzaib Mahesar
 
ENCAPSULATION AND TUNNELING
ENCAPSULATION AND TUNNELINGENCAPSULATION AND TUNNELING
ENCAPSULATION AND TUNNELING
Mohammad Adil
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
asimnawaz54
 

Recommended

IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing
TheGodfather HA
 
Ipv6
Ipv6Ipv6
Ipv6
satish 486
 
Virtual LAN
Virtual LANVirtual LAN
Virtual LAN
Lilesh Pathe
 
Vlan
Vlan Vlan
Vlan
sanss40
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
ISMT College
 
MPLS VPN
MPLS VPNMPLS VPN
MPLS VPN
Shahzaib Mahesar
 
ENCAPSULATION AND TUNNELING
ENCAPSULATION AND TUNNELINGENCAPSULATION AND TUNNELING
ENCAPSULATION AND TUNNELING
Mohammad Adil
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
asimnawaz54
 
Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
Respa Peter
 
WAN Technologies slide show
WAN Technologies slide showWAN Technologies slide show
WAN Technologies slide show
NavleshKumar singh
 
IPv4
IPv4IPv4
IPv4
Dhiraj Mishra
 
Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
Kushal Sheth
 
Network Layer,Computer Networks
Network Layer,Computer NetworksNetwork Layer,Computer Networks
Network Layer,Computer Networks
guesta81d4b
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
Jisc
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
Unni Kannan VijayaKumar
 
It6601 mobile computing unit2
It6601 mobile computing unit2It6601 mobile computing unit2
It6601 mobile computing unit2
RMK ENGINEERING COLLEGE, CHENNAI
 
Tcp IP Model
Tcp IP ModelTcp IP Model
Tcp IP Model
Ankur Kumar
 
C I D R
C I D RC I D R
C I D R
colmbennett
 
Routing and OSPF
Routing and OSPFRouting and OSPF
Routing and OSPF
arpit
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
Netwax Lab
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)
welcometofacebook
 
Transport Layer Numericals
Transport Layer NumericalsTransport Layer Numericals
Transport Layer Numericals
Manisha Keim
 
Tcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerTcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication header
Faizan Shaikh
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
Edgardo Scrimaglia
 
IP Address
IP AddressIP Address
IP Address
Rahul P
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing Concepts
Vuz Dở Hơi
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
Dsunte Wilson
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
Smriti Tikoo
 
Overlay network
Overlay networkOverlay network
Overlay network
iQra Rafaqat
 
Overlay networks ppt
Overlay networks pptOverlay networks ppt
Overlay networks ppt
Akshay Hegde
 

More Related Content

What's hot

Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
Respa Peter
 
WAN Technologies slide show
WAN Technologies slide showWAN Technologies slide show
WAN Technologies slide show
NavleshKumar singh
 
IPv4
IPv4IPv4
IPv4
Dhiraj Mishra
 
Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
Kushal Sheth
 
Network Layer,Computer Networks
Network Layer,Computer NetworksNetwork Layer,Computer Networks
Network Layer,Computer Networks
guesta81d4b
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
Jisc
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
Unni Kannan VijayaKumar
 
It6601 mobile computing unit2
It6601 mobile computing unit2It6601 mobile computing unit2
It6601 mobile computing unit2
RMK ENGINEERING COLLEGE, CHENNAI
 
Tcp IP Model
Tcp IP ModelTcp IP Model
Tcp IP Model
Ankur Kumar
 
C I D R
C I D RC I D R
C I D R
colmbennett
 
Routing and OSPF
Routing and OSPFRouting and OSPF
Routing and OSPF
arpit
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
Netwax Lab
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)
welcometofacebook
 
Transport Layer Numericals
Transport Layer NumericalsTransport Layer Numericals
Transport Layer Numericals
Manisha Keim
 
Tcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerTcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication header
Faizan Shaikh
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
Edgardo Scrimaglia
 
IP Address
IP AddressIP Address
IP Address
Rahul P
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing Concepts
Vuz Dở Hơi
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
Dsunte Wilson
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
Smriti Tikoo
 

What's hot (20)

Open shortest path first (ospf)
Open shortest path first (ospf)Open shortest path first (ospf)
Open shortest path first (ospf)
 
WAN Technologies slide show
WAN Technologies slide showWAN Technologies slide show
WAN Technologies slide show
 
IPv4
IPv4IPv4
IPv4
 
Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
 
Network Layer,Computer Networks
Network Layer,Computer NetworksNetwork Layer,Computer Networks
Network Layer,Computer Networks
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
 
It6601 mobile computing unit2
It6601 mobile computing unit2It6601 mobile computing unit2
It6601 mobile computing unit2
 
Tcp IP Model
Tcp IP ModelTcp IP Model
Tcp IP Model
 
C I D R
C I D RC I D R
C I D R
 
Routing and OSPF
Routing and OSPFRouting and OSPF
Routing and OSPF
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)
 
Transport Layer Numericals
Transport Layer NumericalsTransport Layer Numericals
Transport Layer Numericals
 
Tcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerTcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication header
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
 
IP Address
IP AddressIP Address
IP Address
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing Concepts
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
 

Viewers also liked

Overlay network
Overlay networkOverlay network
Overlay network
iQra Rafaqat
 
Overlay networks ppt
Overlay networks pptOverlay networks ppt
Overlay networks ppt
Akshay Hegde
 
SKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORKSKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORK
Prathamesh Sonawane
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualization
Damian Parniewicz
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
International Islamic University Islamabad
 
Introduction of Software Engineering
Introduction of Software EngineeringIntroduction of Software Engineering
Introduction of Software Engineering
Zafar Ayub
 
Customer App Flow
Customer App FlowCustomer App Flow
Customer App Flow
Zafar Ayub
 
Network protocol structure scope
Network protocol structure scopeNetwork protocol structure scope
Network protocol structure scope
Sanat Maharjan
 
Use case
Use caseUse case
Use case
Zafar Ayub
 
SmartGrid System Report
SmartGrid System ReportSmartGrid System Report
SmartGrid System Report
Gruene-it.org
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep Dive
Docker, Inc.
 
Organizational Structure
Organizational StructureOrganizational Structure
Organizational Structure
ahmad bassiouny
 
Data communication and network Chapter -1
Data communication and network Chapter -1Data communication and network Chapter -1
Data communication and network Chapter -1
Zafar Ayub
 

Viewers also liked (13)

Overlay network
Overlay networkOverlay network
Overlay network
 
Overlay networks ppt
Overlay networks pptOverlay networks ppt
Overlay networks ppt
 
SKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORKSKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORK
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualization
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
Introduction of Software Engineering
Introduction of Software EngineeringIntroduction of Software Engineering
Introduction of Software Engineering
 
Customer App Flow
Customer App FlowCustomer App Flow
Customer App Flow
 
Network protocol structure scope
Network protocol structure scopeNetwork protocol structure scope
Network protocol structure scope
 
Use case
Use caseUse case
Use case
 
SmartGrid System Report
SmartGrid System ReportSmartGrid System Report
SmartGrid System Report
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep Dive
 
Organizational Structure
Organizational StructureOrganizational Structure
Organizational Structure
 
Data communication and network Chapter -1
Data communication and network Chapter -1Data communication and network Chapter -1
Data communication and network Chapter -1
 

Similar to Overlay networks

CCNA question and answer
CCNA question and answer CCNA question and answer
CCNA question and answer
AnamikaSinha57
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
RAVI RAJ
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questions
Srikanth
 
F0322038042
F0322038042F0322038042
F0322038042
inventionjournals
 
Networking Related
Networking RelatedNetworking Related
Networking Related
ZunAib Ali
 
Networking questions
Networking questionsNetworking questions
Networking questions
rajujast
 
NT BY AKATSUKI.pdf E
NT BY AKATSUKI.pdf ENT BY AKATSUKI.pdf E
NT BY AKATSUKI.pdf E
prajapatidev644
 
Onion Routing.ppt
Onion Routing.pptOnion Routing.ppt
Onion Routing.ppt
ssuserb1ba95
 
Network Concepts
Network ConceptsNetwork Concepts
Network Concepts
Rajamanickam Gomathijayam
 
Mcse question
Mcse questionMcse question
Mcse question
Computer Hardware & Trouble shooting
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
IJERD Editor
 
Networks faq
Networks faqNetworks faq
Networks faq
albertspade
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
Biagio Botticelli
 
Iap final
Iap finalIap final
Iap final
GLIM Digital
 
Final isp
Final ispFinal isp
Final isp
honey32sharma
 
Adhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesAdhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devices
IJCNCJournal
 
Internet
InternetInternet
Internet
Suneel Dogra
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.ppt
Sri Latha
 
2.Introduction to Network Devices.ppt
2.Introduction to Network Devices.ppt2.Introduction to Network Devices.ppt
2.Introduction to Network Devices.ppt
jaba kumar
 

Similar to Overlay networks (20)

CCNA question and answer
CCNA question and answer CCNA question and answer
CCNA question and answer
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questions
 
F0322038042
F0322038042F0322038042
F0322038042
 
Networking Related
Networking RelatedNetworking Related
Networking Related
 
Networking questions
Networking questionsNetworking questions
Networking questions
 
NT BY AKATSUKI.pdf E
NT BY AKATSUKI.pdf ENT BY AKATSUKI.pdf E
NT BY AKATSUKI.pdf E
 
Onion Routing.ppt
Onion Routing.pptOnion Routing.ppt
Onion Routing.ppt
 
Network Concepts
Network ConceptsNetwork Concepts
Network Concepts
 
Mcse question
Mcse questionMcse question
Mcse question
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
 
Networks faq
Networks faqNetworks faq
Networks faq
 
Anonymity in the web based on routing protocols
Anonymity in the web based on routing protocolsAnonymity in the web based on routing protocols
Anonymity in the web based on routing protocols
 
Iap final
Iap finalIap final
Iap final
 
Final isp
Final ispFinal isp
Final isp
 
Adhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devicesAdhoc mobile wireless network enhancement based on cisco devices
Adhoc mobile wireless network enhancement based on cisco devices
 
Internet
InternetInternet
Internet
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.ppt
 
2.Introduction to Network Devices.ppt
2.Introduction to Network Devices.ppt2.Introduction to Network Devices.ppt
2.Introduction to Network Devices.ppt
 

Recently uploaded

Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
Azure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdfAzure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdf
AanSulistiyo
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
bseovas
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 

Recently uploaded (20)

Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
Azure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdfAzure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdf
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 

Overlay networks

  • 2. Content  Introduction  Deficiencies of Internet  Types of overlay  ACN  I2P  Introduction  Working  Routing  netDb  TCP layer. 2
  • 3. Introduction  Network  defines addressing, routing, and service model for communication between hosts  Overlay network  A network built on top of one or more existing networks  adds an additional layer of indirection/virtualization  changes properties in one or more areas of underlying network  Alternative  change an existing network layer 3
  • 4. Definition  An overlay network is a virtual network of nodes and logical links that is built on top of an existing network with the purpose to implement a network service that is not available in the existing network. 4
  • 5. Internet as an Overlay  The Internet is an overlay network  goal: connect local area networks  built on local area networks (e.g., Ethernet), phone lines  add an Internet Protocol header to all packets  5
  • 6. Uses  Routing  Addressing  Security  Multicast  Mobility 6
  • 7. Deficiencies of the Internet  The major shortcomings of Internet that make it unsuitable for directly supporting the stringent requirements of Internet-based services without a overlay.  Outages :  Partial network outages are common on the Internet caused by misconfigured core routers, DDoS attacks, cable cuts, power disruptions, natural calamities, and de-peering due to a business conflict. 7
  • 8. Deficiencies of the Internet  Congestion :  When the capacity of routers and links on the Internet are insufficient to meet the traffic demand, congestion occurs resulting in packet loss.  Lack of scalability :  Online services require provisioning server and network resources to meet the demand of users at all times, even during un-expected periods of peak demand and flash crowds.  Without the existence of overlays, an enterprise may deploy their online services in a centralized fashion within a single data center and expect to serve their users from that centralized origin infrastructure. 8
  • 9. Deficiencies of the Internet  Slow adaptability :  Online services and their requirements evolve rapidly. However, the fundamental architecture and protocols of the Internet are slow to change or accommodate new primitives.  Lack of security :  Modern online services require protection from catastrophic events such as distributed denial of service (DDoS) attacks. 9
  • 10. Types of Overlay  caching overlay :  The ubiquitous caching overlay that aims to deliver web sites, on-demand videos, music downloads, software downloads, and other forms of online content. Such overlays are applicable for content that does not change over extended periods of time and is hence cacheable. The key benefits that a caching overlay provides are greater availability, performance, origin offload, and scalability 10
  • 11. Types of Overlay  routing overlay :  The routing overlay that provides wide-area communication with more reliability, lesser latency, and greater throughput than the public Internet can. Such overlays could be used to deliver dynamic web content or live stream content that normally cannot be cache.  security overlay:  The security overlay that increases the security and mitigates distributed denial of service (DDoS) attacks on web sites and other online services.  11
  • 12. Anonymous Communication Networks  Motivation  Censorship at the local, organizational, or national level  Personal privacy preferences such as preventing tracking or data mining activities  The material or its distribution is considered illegal or incriminating by possible eavesdroppers.  Material is legal but socially deplored, embarrassing or problematic in the individual's social world.  Fear of retribution (against whistleblowers, unofficial leaks, and activists who do not believe in restrictions on information nor knowledge) 12
  • 13. I2P Introduction  I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other.  The network itself is strictly message based (IP), but there is a library available to allow reliable streaming communication on top of it.  All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). 13
  • 14. How does it work?  I2P makes a strict separation between the software participating in the network (a "router") and the anonymous endpoints ("destinations") associated with individual applications.  What is hidden is information on what the user is doing, if anything at all, as well as what router a particular destination is connected to.  End users will typically have several local destinations on their router - for instance, one proxying in to IRC servers, another supporting the user's anonymous webserver ("eepsite"), another for an I2Phex instance, another for torrents, ete. 14
  • 15. How does it work?  Another critical concept to understand is the "tunnel". A tunnel is a directed path through an explicitly selected list of routers.  Layered encryption is used, so each of the routers can only decrypt a single layer.  The decrypted information contains the IP of the next router, along with the encrypted information to be forwarded.  Messages can be sent only in one way. To send messages back, another tunnel is required. 15
  • 16. How does it work? 16
  • 17. How does it work?  Types of tunnels : 1. Inbound : bring messages to the tunnel creator. 2. Outbound :send messages away from the tunnel creator  The gateway of an inbound tunnel can receive messages from any other user and will send them on until the endpoint ("Bob").  The endpoint of the outbound tunnel will need to send the message on to the gateway of the inbound tunnel.  To do this, the sender ("Alice") adds instructions to her encrypted message. 17
  • 18. How does it work?  Several tunnels for a particular purpose may be grouped into a "tunnel pool“.  The pools used by the router itself are called "exploratory tunnels“.  The pools used by applications are called "client tunnels".  Tunnel lengths are specified by clients via I2CP options.  The maximum number of hops in a tunnel is 7.  To reduce the susceptibility to some attacks, 3 or more hops are recommended for the highest level of protection. 18
  • 19. Garlic Routing  Derived from Onion Routing.  Generally, when referring to I2P, the term "garlic" may mean one of three things: 1. Layered Encryption 2. Bundling multiple messages together 3. ElGamal/AES Encryption 19
  • 20. Garlic Routing  Layered Encryption  Onion routing is a technique for building paths, or tunnels, through a series of peers, and then using that tunnel. Messages are repeatedly encrypted by the originator, and then decrypted by each hop.  Bundling Multiple Messages  in onion multiple messages are bundled together. He called each message a "bulb“.  Our term for garlic "bulbs" is "cloves“.  Any number of messages can be contained, instead of just a single message. 20
  • 21. Tunnel Building and Routing  Now that we've defined various "garlic" terms, we can say that I2P uses garlic routing, bundling and encryption in three places: 1. For building and routing through tunnels (layered encryption) 2. For determining the success or failure of end to end message delivery (bundling) 3. For publishing some network database entries (dampening the probability of a successful traffic analysis attack) (ElGamal/AES). 21
  • 22. Garlic Routing  In I2P, tunnels are unidirectional. Each party builds two tunnels, one for outbound and one for inbound traffic. Therefore, four tunnels are required for a single round-trip message and reply.  Tunnels are built, and then used, with layered encryption.  Tunnels are a general-purpose mechanism to transport all I2NP messages, and Garlic Messages are not used to build tunnels.  We do not bundle multiple I2NP messages into a single Garlic Message for unwrapping at the outbound tunnel endpoint. 22
  • 23. End-to-End Message Bundling  At the layer above tunnels, I2P delivers end-to-end messages between Destinations.  Each client message as delivered to the router through the I2CP interface becomes a single Garlic Clove with its own Delivery Instructions, inside a Garlic Message.  Delivery Instructions may specify a Destination, Router, or Tunnel.  Generally, a Garlic Message will contain only one clove. However, the router will periodically bundle two additional cloves in the Garlic Message. 23
  • 25. End-to-End Message Bundling  A Delivery Status Message, with Delivery Instructions specifying that it be sent back to the originating router as an acknowledgment.  A Database Store Message, containing a LeaseSet for the originating Destination, with Delivery Instructions specifying the far-end destination's router. By periodically bundling a LeaseSet, the router ensures that the far- end will be able to maintain communications. Otherwise the far-end would have to query a floodfill router for the network database entry, and all LeaseSets would have to be published to the network database 25
  • 26. Network Database  I2P's netDb works to share the network's metadata.  A percentage of I2P users are appointed as 'floodfill peers'. Currently, I2P installations that have a lot of bandwidth and are fast enough, will appoint themselves as floodfill as soon as the number of existing floodfill routers drops too low.  If a floodfill router receives a 'store' query, it will spread the information to other floodfill routers using the Kademlia algorithm. 26
  • 27. Network Database  Two types of information are stored in the network database.  A Router Info stores information on a specific I2P router and how to contact it  A LeaseSet stores information on a specific destination (e.g. I2P website, e- mail server...).  In addition, the data contains timing information, to avoid storage of old entries and possible attacks. 27
  • 28. Transport protocols  Then, to accommodate the need for high degree communication), I2P moved from a TCP based transport to a UDP-based one - "Secure Semi reliable UDP", or "SSU".  The goal of this protocol is to provide secure, authenticated, semi reliable and unordered message delivery, exposing only a minimal amount of data easily discernible to third parties. It should support high degree communication as well as TCP-friendly congestion control and may include PMTU detection. It should be capable of efficiently moving bulk data at rates sufficient for home users. In addition, it should support techniques for addressing network obstacles, like most NATs or firewalls. 28
  • 29. Benefits of I2P over Tor  Designed and optimized for hidden services, which are much faster than in Tor  Fully distributed and self organizing  Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity  Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded  Small enough that it hasn't been blocked or DOSed much, or at all  Peer-to-peer friendly. 29
  • 30. Benefits of I2P over Tor  Packet switched instead of circuit switched  implicit transparent load balancing of messages across multiple peers, rather than a single path  resilience vs. failures by running multiple tunnels in parallel, plus rotating tunnels  scale each client's connections at O(1) instead of O(N) (Alice has e.g. 2 inbound tunnels that are used by all of the peers Alice is talking with, rather than a circuit for each)  Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. 30
  • 31. Benefits of I2P over Tor  Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing)  Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.  I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality. 31
  • 32. Benefits of I2P over Tor  Essentially all peers participate in routing for others  The bandwidth overhead of being a full peer is low, while in Tor, while client nodes don't require much bandwidth, they don't fully participate in the mixnet.  Integrated automatic update mechanism  Both TCP and UDP transports  Java, not C (ewww). 32

Editor's Notes

  1. 1
  2. 2