The current state of anonymous file-sharing - Marc's Blog
The current state of anonymous file-sharing - Marc's Blog
The current state of anonymous file-sharing - Marc's Blog
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.4.2 End to End<br />
Figure 9: Hop to Hop encryption<br />
End to end encryption adds encryption from the source to the end. This keeps every<br />
node besides the source and the destination from spying on the content <strong>of</strong> the data.<br />
5.4.3 Problems with end to end encryption in <strong>anonymous</strong> networks<br />
As Jason Rohrer, the inventor <strong>of</strong> the <strong>anonymous</strong> <strong>file</strong>-<strong>sharing</strong> s<strong>of</strong>tware "Mute" 8 points<br />
out in his paper dubbed "End-to-end encryption (and the Person-in-the-middle attacks)"<br />
[21], using end-to-end encryption in an <strong>anonymous</strong> network poses a technical problem:<br />
How can the sender get the receivers key to start the encrypted transfer in the first<br />
place? In the majority <strong>of</strong> <strong>anonymous</strong> requests are routed over several nodes acting as<br />
proxies (compare: Chapter 5.3). Each <strong>of</strong> those nodes could act as a "man in the middle"<br />
and manipulate the exchanged keys. This would allow an arbitrary node to put in its<br />
cryptographic keys and to read and re-encrypt the traffic for each <strong>of</strong> the endpoints <strong>of</strong><br />
the <strong>file</strong>-transfer.<br />
On the internet, encrypted connections are usually established by using a trusted third<br />
parties keys to verify the integrity <strong>of</strong> the person on the other end <strong>of</strong> your logical con-<br />
nection. While this works perfectly fine on the internet, using this "trusted third party"<br />
scheme on an <strong>anonymous</strong> network would compromise your anonymity by the necessity<br />
to reveal your identity to the trusted third party. Even if that was somehow possible, it<br />
8 http://mute-net.sf.net<br />
39