Links

Ben Laurie blathering


Anonymity on IP Networks

I attended a security summit for OLPC recently (which I will write up more fully when I have time). One of the issues that was raised was the trackability of the laptops via their MAC address – this is of particular concern because they participate in the mesh network even when powered off(!).

So, you can change the MAC address occasionally, and that will help – though the sudden disappearance of MAC A and appearance of MAC B will give the game away in low density situations. But when you are online, that hardly matters, since your IP address isn’t going to change – and changing it will cause your connections to drop.

This got me thinking about anonymity on IP networks. And I suddenly realised I know how to do it! A while back, I created Apres, a system for anonymous presence (which, incidentally, there is actual code for). The essence of Apres is that the two parties who want to exchange presence have a shared secret. They derive an ephemeral identifier from that secret and the current time. They can then use that ephemeral identifier to find each other, in the case of Apres via a rendezvous server. Obviously, one could use a similar system to derive an IP address known to both parties but to no-one else.

What’s more, unlike Apres, you could do this entirely on the fly, at least for client/server systems – you could contact the server on some well-known port and agree a secret, and then start using it for connections with that server.

Obviously this is going to be somewhat tricky to implement on an IPv4 network, and if you are on a fixed machine, obfuscating your IP address isn’t particularly going to help. But with IPv6 and mesh networking, it becomes quite an interesting proposition. Now, if only I knew of a laptop that did mesh networking and IPv6

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress