Forum rules


Warning !
Avoid using binary softwares from untrusted users.
Prefer compiling it yourself and verify sources.



Reply to topic  [ 6 posts ] 
RFC: API Server "Fog of Requests" 
Author Message

Posts: 1625
Reply with quote
Post RFC: API Server "Fog of Requests"
For this API server I got an idea I would like to hear opinions on.

By the nature of how the API server works it could log all requests and IP addresses. To get better anonymity it is possible to use Tor. Maybe it is possible to improve anonymity particularly for normal users by hiding their actual requests among other random requests.

The server could with every answer include a handful of names that the client could than more or less randomly request.

Problem: all fog request come from the server so if it is really compromised it could serve unused names. Maybe we could simply include a large list with the client...


Just an unfinished idea I am pondering about. I am not sure whether it is worth the effort.

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Mon Aug 24, 2015 8:55 am
Profile

Posts: 324
Reply with quote
Post Re: RFC: API Server "Fog of Requests"
phelix wrote:
by hiding their actual requests among other random requests.
This looks a bit like security by obscurity which is never a good idea. In worst case it can even backfire, e.g. those random requests could yield important clues for statistical analysis attacks.

If you do want to put some effort in security-related issues then I suggest you add a system that permanently checks the integrity of the API server. This could be an external bot that periodically requests all name entries from the API server and compares the data with its own namecoind data. If it encounters inconsistencies it sends out a notification to the dev team.


Mon Aug 24, 2015 1:39 pm
Profile

Posts: 80
os: windows
Reply with quote
Post Re: RFC: API Server "Fog of Requests"
cassini wrote:
phelix wrote:
by hiding their actual requests among other random requests.
This looks a bit like security by obscurity which is never a good idea. In worst case it can even backfire, e.g. those random requests could yield important clues for statistical analysis attacks.

If you do want to put some effort in security-related issues then I suggest you add a system that permanently checks the integrity of the API server. This could be an external bot that periodically requests all name entries from the API server and compares the data with its own namecoind data. If it encounters inconsistencies it sends out a notification to the dev team.


If you allow one specific server to perform this checking, then the hijacked server can give correct data only to that server.
If you allow any server to perform this checking, then you may DDoS-ed that way.

If the API server runs in a container or VM, you could checksum its file(s) and periodically recheck (from the host system) to make sure none have been tampered with. This won't help if the attacker's code resides in the app's RAM.

Why not allow "loglevel=0" where 0 means none?


Mon Aug 24, 2015 5:50 pm
Profile

Posts: 1625
Reply with quote
Post Re: RFC: API Server "Fog of Requests"
cassini wrote:
phelix wrote:
by hiding their actual requests among other random requests.
This looks a bit like security by obscurity which is never a good idea. In worst case it can even backfire, e.g. those random requests could yield important clues for statistical analysis attacks.

True. Depending on the implementation it might be used to see if someone is still online for example.

Quote:
If you do want to put some effort in security-related issues then I suggest you add a system that permanently checks the integrity of the API server. This could be an external bot that periodically requests all name entries from the API server and compares the data with its own namecoind data. If it encounters inconsistencies it sends out a notification to the dev team.

Data integrity will be "proven" by PoW (to some extent).

somename wrote:
Why not allow "loglevel=0" where 0 means none?

I don't quite follow. Are you talking about server configuration?

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Wed Aug 26, 2015 9:12 am
Profile

Posts: 80
os: windows
Reply with quote
Post Re: RFC: API Server "Fog of Requests"
phelix wrote:
I don't quite follow. Are you talking about server configuration?


Yes.


Wed Aug 26, 2015 9:26 am
Profile

Posts: 1919
os: linux
Reply with quote
Post Re: RFC: API Server "Fog of Requests"
cassini wrote:
phelix wrote:
by hiding their actual requests among other random requests.
This looks a bit like security by obscurity which is never a good idea. In worst case it can even backfire, e.g. those random requests could yield important clues for statistical analysis attacks.


Generally agreed, people should be using Tor if they don't want to be surveilled. Generating a bunch of extra requests is usually easily foiled by statistical attacks. Note that for Tor to work properly, you need stream isolation, otherwise the server can surveil users by pseudonyms. Unfortunately, I don't actually know of any Bitcoin clients that support stream isolation fully. (Bitcoin Core uses stream isolation of different peers, but not different pseudonyms.)

FWIW, I'm still unclear on exactly what benefit this API server has over something like Electrum. Electrum is *very* lightweight, and also does PoW checks.

cassini wrote:
If you do want to put some effort in security-related issues then I suggest you add a system that permanently checks the integrity of the API server. This could be an external bot that periodically requests all name entries from the API server and compares the data with its own namecoind data. If it encounters inconsistencies it sends out a notification to the dev team.


Note that if the API server were compromised, it could selectively lie only to real clients (unless the integrity check client is *very* well disguised as a real client, which is hard to do). For example, if the same IP address queries all names in order, then it's obviously the integrity check.

_________________
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5


Wed Aug 26, 2015 2:37 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 6 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.