I'm not sure this is practical. Caveats: I have only read the paper while sleepy, and I'm worried that I'm breaching our negativity rules with my attack, but I'll proceed: I propose the following attack on the protocol.
Bisect North and South America with a 'no go zone' for packets -- we can't live with a packet hitting Omaha, for a variety of reasons.
I propose that there exists no safe "alibi" route from SF to NY. Any crooked peer can route into the dreaded Omaha and to a crooked NY peer faster than any safe route can go west through Asia. A crooked peer can forge sequential MACs showing a 'legitimate' looking route easily.
So, I would reformulate the claims to "If a packet is never routed to an attacker that can route through a forbidden zone more quickly than obeying the restrictions, there is a valid alibi routing."
It's hard to come up with a good use case for this protocol, in my mind. Especially because we are most often concerned with packet routing at the destination and source, and for legal reasons, not inspection reasons.
It's largely understood by anyone who might possibly be using alibi routing that packets are often inspected in flight, and there is nothing you can do about it, and that furthermore the concepts of safe or unsafe nations or regions or cities are almost laughable when it comes to even the smallest nation state's avaricious desire for inspection and storage of data flying by.
So they use "checkpoints" everywhere in the world and use time as a radius of impact. I wonder how precise this is.
> Our proofs of avoidance are built around the idea of using what we call “alibis”: relays that are sufficiently far away from the forbidden region such that traversing both relay and forbidden region would result in a noticeably high delay.
And they implemented a p2p protocol to find these alibis easily. I guess from a starting list of trusted alibis.
> The second contribution we make is the design and implementation of Alibi Routing, a peer-to-peer overlay routing system for finding alibis safely and efficiently
My main concern is how can they predict the minimum speed a packet takes to reach their target? Especially with zones of poor cabling.
In the example on the home page, the traffic from Italy to Norway, avoiding Germany, travels across the ocean, which means it bottlenecked through undersea cables, the most thoroughly tapped network links in the world.
This research is of aesthetic interest, not practical interest.
[+] [-] vessenes|10 years ago|reply
Bisect North and South America with a 'no go zone' for packets -- we can't live with a packet hitting Omaha, for a variety of reasons.
I propose that there exists no safe "alibi" route from SF to NY. Any crooked peer can route into the dreaded Omaha and to a crooked NY peer faster than any safe route can go west through Asia. A crooked peer can forge sequential MACs showing a 'legitimate' looking route easily.
So, I would reformulate the claims to "If a packet is never routed to an attacker that can route through a forbidden zone more quickly than obeying the restrictions, there is a valid alibi routing."
It's hard to come up with a good use case for this protocol, in my mind. Especially because we are most often concerned with packet routing at the destination and source, and for legal reasons, not inspection reasons.
It's largely understood by anyone who might possibly be using alibi routing that packets are often inspected in flight, and there is nothing you can do about it, and that furthermore the concepts of safe or unsafe nations or regions or cities are almost laughable when it comes to even the smallest nation state's avaricious desire for inspection and storage of data flying by.
[+] [-] cperciva|10 years ago|reply
I think the idea is that you can't go through Omaha and have a router in Asia saying that it handled your data within the time constraints.
[+] [-] baby|10 years ago|reply
> Our proofs of avoidance are built around the idea of using what we call “alibis”: relays that are sufficiently far away from the forbidden region such that traversing both relay and forbidden region would result in a noticeably high delay.
And they implemented a p2p protocol to find these alibis easily. I guess from a starting list of trusted alibis.
> The second contribution we make is the design and implementation of Alibi Routing, a peer-to-peer overlay routing system for finding alibis safely and efficiently
My main concern is how can they predict the minimum speed a packet takes to reach their target? Especially with zones of poor cabling.
[+] [-] zmanian|10 years ago|reply
If your traffic is being routed for interception, you would only be able to detect that if you had a preexisting baseline with your alibis.
If there are enough users, we could potentially crowd source baselines for different autonomous systems to the alibi network.
[+] [-] siavosh|10 years ago|reply
[+] [-] tabio|10 years ago|reply
This research is of aesthetic interest, not practical interest.
[+] [-] mtgx|10 years ago|reply
Whether you can escape the Five Eyes & Partners that's a different issue. You would be better off just using Tor.
[+] [-] upbeatlinux|10 years ago|reply
[+] [-] w0000t|10 years ago|reply
[+] [-] tdmule|10 years ago|reply