kytv/I2P_Website
1
0
Fork 0
forked from I2P_Developers/i2p.www
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hide DREAD ratings until we know how we want to use them

Browse Source
This commit is contained in:
str4d
2013-10-26 20:41:59 +00:00
parent 632d254e04
commit ace18e4e20
1 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
i2p2www/pages/site/docs/how/threat-model.html
View File

@@ -157,6 +157,8 @@ The
to review.
{%- endtrans %}</p>
{# Hide DREAD ratings until we know how we want to use them
<p>{% trans DREAD='https://blogs.msdn.com/b/david_leblanc/archive/2007/08/13/dreadful.aspx' -%}
Attacks are judged using the <a href="{{ DREAD }}">modified <strong>DREAD</strong> model</a>:
{%- endtrans %}</p>
@@ -175,6 +177,8 @@ and priority scores are calculated using the equations outlined
<a href="{{ DREAD }}">here</a>.
{%- endtrans %}</p>
#}
<h3 id="index">{% trans %}Index of Attacks{% endtrans %}</h3>
<ul>
<li><a href="#bruteforce">{% trans %}Brute force attacks{% endtrans %}</a></li>
@@ -199,7 +203,7 @@ and priority scores are calculated using the equations outlined
<h3 id="bruteforce">{% trans %}Brute force attacks{% endtrans %}</h3>
{{ DREAD_score(2, 1, 1, 1, 3) }}
{# DREAD_score(2, 1, 1, 1, 3) #}
<p>{% trans -%}
A brute force attack can be mounted by a global passive or active adversary,
@@ -243,7 +247,7 @@ are discussed on the
<h3 id="timing">{% trans %}Timing attacks{% endtrans %}</h3>
{{ DREAD_score(2, 2, 2, 3, 2) }}
{# DREAD_score(2, 2, 2, 3, 2) #}
<p>{% trans -%}
I2P's messages are unidirectional and do not necessarily imply that a reply
@@ -280,7 +284,7 @@ References: <a href="{{ pdf }}">Low-Resource Routing Attacks Against Anonymous S
<h3 id="intersection">{% trans %}Intersection attacks{% endtrans %}</h3>
{{ DREAD_score(3, 2, 2, 3, 3) }}
{# DREAD_score(3, 2, 2, 3, 3) #}
<p>{% trans -%}
Intersection attacks against low latency systems are extremely powerful -
@@ -365,7 +369,7 @@ There are a whole slew of denial of service attacks available against I2P,
each with different costs and consequences:
{%- endtrans %}</p>
{{ DREAD_score(1, 1, 2, 1, 3) }}
{# DREAD_score(1, 1, 2, 1, 3) #}
<p>{% trans -%}
<b>Greedy user attack:</b> This is simply
people trying to consume significantly more resources than they are
@@ -389,7 +393,7 @@ Maintain a strong community with blogs, forums, IRC, and other means of communic
</ul>
<div style="clear:both"></div>
{{ DREAD_score(2, 1, 1, 2, 3) }}
{# DREAD_score(2, 1, 1, 2, 3) #}
<p>{% trans peerselection=site_url('docs/how/peer-selection') -%}
<b>Starvation attack:</b> A hostile user may attempt to harm the network by
creating a significant number of peers in the network who are not identified as
@@ -409,7 +413,7 @@ significant efforts required in this area.
{%- endtrans %}</p>
<div style="clear:both"></div>
{{ DREAD_score(1, 2, 2, 2, 3) }}
{# DREAD_score(1, 2, 2, 2, 3) #}
<p>{% trans todo=site_url('get-involved/todo') -%}
<b>Flooding attack:</b> A hostile user may attempt to flood the network,
a peer, a destination, or a tunnel. Network and peer flooding is possible,
@@ -428,7 +432,7 @@ operation</a> is implemented).
{%- endtrans %}</p>
<div style="clear:both"></div>
{{ DREAD_score(1, 1, 1, 1, 1) }}
{# DREAD_score(1, 1, 1, 1, 1) #}
<p>{% trans -%}
<b>CPU load attack:</b> There are currently some methods for people to
remotely request that a peer perform some cryptographically expensive
@@ -441,7 +445,7 @@ bugs in the implementation.
{%- endtrans %}</p>
<div style="clear:both"></div>
{{ DREAD_score(2, 2, 3, 2, 3) }}
{# DREAD_score(2, 2, 3, 2, 3) #}
<p id="ffdos">{% trans peerselection=site_url('docs/how/peer-selection'),
netdb=site_url('docs/how/network-database') -%}
<b>Floodfill DOS attack:</b> A hostile user may attempt to harm the network by
@@ -459,7 +463,7 @@ For more information see the
<h3 id="tagging">{% trans %}Tagging attacks{% endtrans %}</h3>
{{ DREAD_score(1, 3, 1, 1, 1) }}
{# DREAD_score(1, 3, 1, 1, 1) #}
<p>{% trans todo=site_url('get-involved/todo') -%}
Tagging attacks - modifying a message so that it can later be identified
@@ -477,7 +481,7 @@ as the links are encrypted and messages signed.
<h3 id="partitioning">{% trans %}Partitioning attacks{% endtrans %}</h3>
{{ DREAD_score(3, 1, 1, 1, 2) }}
{# DREAD_score(3, 1, 1, 1, 2) #}
<p>{% trans -%}
Partitioning attacks - finding ways to segregate (technically or analytically)
@@ -517,7 +521,7 @@ Also discussed on the <a href="{{ netdb }}#threat">network database page</a> (bo
<h3 id="predecessor">{% trans %}Predecessor attacks{% endtrans %}</h3>
{{ DREAD_score(1, 1, 1, 1, 3) }}
{# DREAD_score(1, 1, 1, 1, 3) #}
<p>{% trans -%}
The predecessor attack is passively gathering statistics in an attempt to see
@@ -562,7 +566,7 @@ which is an update to the 2004 predecessor attack paper
<h3 id="harvesting">{% trans %}Harvesting attacks{% endtrans %}</h3>
{{ DREAD_score(1, 1, 2, 2, 3) }}
{# DREAD_score(1, 1, 2, 2, 3) #}
<p>{% trans -%}
"Harvesting" means compiling a list of users running I2P.
@@ -609,7 +613,7 @@ enact other restricted route methods.
<h3 id="traffic">{% trans %}Identification Through Traffic Analysis{% endtrans %}</h3>
{{ DREAD_score(1, 1, 2, 3, 3) }}
{# DREAD_score(1, 1, 2, 3, 3) #}
<p>{% trans transport=site_url('docs/transport') -%}
By inspecting the traffic into and out of a router, a malicious ISP
@@ -669,7 +673,7 @@ Reference: <a href="{{ pdf }}">Breaking and Improving Protocol Obfuscation</a>
<h3 id="sybil">{% trans %}Sybil attacks{% endtrans %}</h3>
{{ DREAD_score(3, 2, 1, 3, 3) }}
{# DREAD_score(3, 2, 1, 3, 3) #}
<p>{% trans -%}
Sybil describes a category of attacks where the adversary creates arbitrarily
@@ -718,7 +722,7 @@ for more Sybil discussion.
<h3 id="buddy">{% trans %}Buddy Exhaustion attacks{% endtrans %}</h3>
{{ DREAD_score(3, 2, 2, 1, 3) }}
{# DREAD_score(3, 2, 2, 1, 3) #}
<p>{% trans pdf='http://www.eecs.berkeley.edu/~pmittal/publications/nisan-torsk-ccs10.pdf' -%}
(Reference: <a href="{{ pdf }}">In Search of an Anonymouns and Secure Lookup</a> Section 5.2)
@@ -743,7 +747,7 @@ Further research and defenses may be necessary.
<h3 id="crypto">{% trans %}Cryptographic attacks{% endtrans %}</h3>
{{ DREAD_score(3, 2, 1, 3, 1) }}
{# DREAD_score(3, 2, 1, 3, 1) #}
<p>{% trans cryptography=site_url('docs/how/cryptography') -%}
We use strong cryptography with long keys, and
@@ -785,7 +789,7 @@ end to end messages include simple random padding.
<h3 id="floodfill">{% trans %}Floodfill Anonymity attacks{% endtrans %}</h3>
{{ DREAD_score(3, 2, 1, 2, 2) }}
{# DREAD_score(3, 2, 1, 2, 2) #}
<p>{% trans netdb=site_url('docs/how/network-database') -%}
In addition to the floodfill DOS attacks described
@@ -815,7 +819,7 @@ Several scenarios are discussed on the
<h3 id="central">{% trans %}Central Resource Attacks{% endtrans %}</h3>
{{ DREAD_score(1, 1, 1, 3, 3) }}
{# DREAD_score(1, 1, 1, 3, 3) #}
<p>{% trans -%}
There are a few centralized or limited resources (some inside I2P, some not)
@@ -870,7 +874,7 @@ and would shrink the network (in the short-to-medium term), just as the loss of
<h3 id="dev">{% trans %}Development attacks{% endtrans %}</h3>
{{ DREAD_score(2, 1, 1, 3, 1) }}
{# DREAD_score(2, 1, 1, 3, 1) #}
<p>{% trans -%}
These attacks aren't directly on the network, but instead go after its development team
@@ -911,7 +915,7 @@ should any defense be necessary.
<h3 id="impl">{% trans %}Implementation attacks (bugs){% endtrans %}</h3>
{{ DREAD_score(2, 2, 1, 3, 1) }}
{# DREAD_score(2, 2, 1, 3, 1) #}
<p>{% trans -%}
Try as we might, most nontrivial applications include errors in the design or