User: Password:
Subscribe / Log in / New account


Brief items

An introduction to GNUnet

November 30, 2005

This article was contributed by Jake Edge.

Anonymity and deniability in distributing information are two of the goals of the GNUnet project. Recently revamped to use a new content encoding called Encoding for Censorship-Resistant Sharing (ECRS), GNUnet has released version 0.7.0 with an eye towards a stable version sometime during the next year.

At its heart, GNUnet is a mechanism to share content with others without revealing who generated the content or who accessed it. It also provides intermediate nodes in the network with the ability to deny knowledge of the contents of any traffic they forward because they are unable to decrypt it.

Anonymity relies on there being a large number of nodes participating in the network, forwarding traffic for each other. The GNUnet protocol attempts to make all traffic look the same, whether it is satisfying a request for information that resides locally or forwarding a request or response from another peer in the network. When traffic is light, GNUnet will delay requests to accumulate enough traffic before sending to other peers making it difficult for external analysis to pin down which peers are communicating and what content is being transferred.

Only the requester of content has the key necessary to decrypt the content which provides deniability for intermediate peers. In the default configuration, GNUnet peers automatically migrate content from the node where they were inserted to other peers. In the event that some hostile entity gets control of the node, breaks the encryption and determines the content stored by the node, node operators can plausibly claim that they had no knowledge of or control over the content stored on their node.

Once content has been inserted into GNUnet, users can search by keywords to find content of interest. ECRS guarantees that intermediaries cannot see the keyword being searched without guessing the keyword, applying the query hash and comparing the result. Only peers that have content with that keyword (or have guessed it) can generate valid responses. GNUnet depends on content providers generating proper keywords for their content and nothing in the protocols stops malicious peers from generating valid query results for a multitude of keywords. Easy to guess keywords could easily be overwhelmed by bogus results.

Namespaces provide resistance to the keyword spamming attack by generating keyword spaces that are cryptographically signed by some entity. That entity generates a public-private key pair (known as a pseudonym) and signs the content. Other users can form opinions about the trustworthiness of content in that namespace and can use that information to further restrict their search.

GNUnet tries to eliminate freeloading peers by relying on a trust-based economic model. If a node gets busy and has more requests than it can satisfy based on the amount of CPU and bandwidth its operator has allocated to GNUnet, it will drop requests from peers that it trusts least. Peers gain trust by satisfying query requests and lose trust by requesting content. Because ECRS can determine that a query response is valid without being able to decrypt the content, it resists attempts to gain trust by providing bogus results.

Much like other systems designed to promote anonymous speech, some of which were described in an LWN article two years ago, GNUnet suffers from a very slow user experience. Keyword searches can take many minutes to return results and downloading the content often takes a huge amount of time. In addition, the content available with some simple searches left a great deal to be desired. There appears to be very little of consequence available.

On the other hand, GNUnet does seem to have some excellent approaches to handling censorship and spamming kinds of attacks that have hampered other approaches to this problem. It seems to provide a very reasonable framework for anonymous content sharing that would be of use to groups that wish to circumvent the policies of authoritarian regimes. Unfortunately, deniability is only likely to work in places that have relatively sane legal systems and there are probably many places in the world where just having GNUnet running on one's machine is enough to be branded as a criminal.

Comments (7 posted)

New vulnerabilities

centericq: denial of service

Package(s):centericq CVE #(s):CVE-2005-3694
Created:November 30, 2005 Updated:November 30, 2005
Description: Wernfried Haas discovered that centericq, a text-mode multi-protocol instant messenger client, can crash when it receives certain zero length packets and is directly connected to the Internet.
Debian DSA-912-1 centericq 2005-11-30

Comments (none posted)

eix: insecure temp file

Package(s):eix CVE #(s):
Created:November 23, 2005 Updated:November 30, 2005
Description: eix can create an insecure temporary file. A local user can use this to overwrite arbitrary files.
Gentoo 200511-19 eix 2005-11-22

Comments (none posted)

horde: cross site scripting vulnerability

Package(s):horde CVE #(s):CVE-2005-3570
Created:November 23, 2005 Updated:December 1, 2005
Description: Horde has a potential cross site scripting vulnerability. Error messages are not properly escaped. A user can be tricked into executing arbitrary scripts by reading specially crafted email messages, or using a maliciously created URL.
Debian DSA-914-1 horde2 2005-12-01
Gentoo 200511-20 horde 2005-11-22

Comments (none posted)

horde3: missing input sanitizing

Package(s):horde3 CVE #(s):CVE-2005-3759
Created:November 23, 2005 Updated:November 30, 2005
Description: The MIME viewer in the horde3 web application suite has an input sanitizing vulnerability. It is possible for a remote attacker to use this to execute arbitrary code.
Debian DSA-909-1 horde3 2005-11-23

Comments (none posted)

ipmenu: insecure temp file

Package(s):ipmenu CVE #(s):CVE-2004-2569
Created:November 23, 2005 Updated:November 30, 2005
Description: The cursel iptables/iproute2 GUI ipmenu has a vulnerability involving the creation of an insecure temporary file. A local attacker can overwrite arbitrary files by performing a symlink attack.
Debian DSA-907-1 ipmenu 2005-11-23

Comments (none posted)

zope 2.7: design error

Package(s):zope CVE #(s):CVE-2005-3323
Created:November 25, 2005 Updated:December 13, 2005
Description: A vulnerability has been discovered in zope 2.7 that allows remote attackers to insert arbitrary files via include directives in reStructuredText functionality.
Ubuntu USN-229-1 zope2.8 2005-12-13
Debian DSA-910-1 zope2.7 2005-11-24

Comments (1 posted)


The First International Conference on Availability, Reliability and Security

The First International Conference on Availability, Reliability and Security (ARES 2006) has issued a second Call For Papers and announced seven workshops that will be held during the conference.

Full Story (comments: none)

Page editor: Rebecca Sobol
Next page: Kernel development>>

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds