本页最后更新于 2018年5月。

介绍

关于I2P网络的学术研究

I2P是一个特别的项目,但它在学术圈没有得到应有的关注。目前,大多数关于匿名性和“洋葱”路由的研究都是围绕Tor进行的,尽管这些文章对我们也有帮助,我们仍认为需要有围绕I2P的研究。这在保持网络的安全性和正确性以及对于启示未来更有影响力的开发中扮演了重要角色。

有一个大型研究社区研究匿名性的方方面面。想寻找当前全面的论文列表,请参阅自由避风港匿名参考文献Free Haven Anonymity Bibliography。 I2P 得益于大量对 Tor 和洋葱路由的研究。但是,对I2P背后的理论以及网络做出的选择和权衡的研究几乎没有。这为原创研究提供了一个独特的机会。

已知的已发表的有关 I2P 的论文在这里可以找到。

本页面希望概括出最急需的研究方面,对潜在研究人员的寄语,我们总的安全指导原则以及一堆你可以着手的开放性问题。

对研究人员的寄语:

防御性研究

我们认为所有关于I2P网络的研究都是有用的,且欢迎这样的研究,尽管如此,其中一些领域的研究比起别的更急需--主要在于防御性研究。许多人享受着想出对匿名软件的花式攻击方法,这种状况又被学校的奖励机制助长。尽管我们知道这不是研究人员的第一选择,我们仍期盼任何能够帮助强化网络的工作。

攻性和分析测试

如果您决定做一个关于I2P的课题,一步步分析I2P网络,或解决大问题时,我们恳切希望您能与我们的开发团队交流您的想法,越快越好。I2P在持续开发中,会有大量开发路线,所以您的问题可能已经被标记准备更新解决。极少数情况下您的测试可能与别的研究组重合,我们也会提前告诉您(当然了,在他们的允许下),或许能促成您与另一团队的合作。也有可能测试本身会严重损害网络或普通用户,开发团队会给您建议来减少风险,增加测试安全性。

Research Ethics & Testing the Network

General Guidelines

  1. Consider the benefits and risks - is there any doubt that the research provides more value than danger?
  2. If the research can be done on a test network then that is the preferred method
  3. If you must operate on the live network, the safest route is only collecting data about yourself
  4. If you need 'bigger data', It is recommended to first see if you can use data sets from previous experiments or other third party resources is recommended
  5. If you must collect data on the live network, ensure it is safe for publication and collect as little as possible
  6. After testing and before publish, review that all data which is to be published publicly is not intended to be private by the originator

Using a Test Network to Attack I2P

I2P can be run as a separate test network by controlling the locations that a new router reseeds from so that it only finds other test routers. The standard mode of operation is to have one JVM per router instance; hence running multiple copies of I2P on a single machine is inadvisable, both due to the potential resource drain and the certain port conflicts. To better facilitate setting up small test networks, I2P has a multirouter mode which enables multiple distinct routers to be run in the same JVM. MultiRouter can be started from the i2p base directory by running the below command.

env CLASSPATH=$(find lib/ -name *.jar | paste -s -d ':') java net.i2p.router.MultiRouter 25

Additionally, I2P can be started in a virtual network mode. This mode disables all transports, allowing the router to be tested in isolation without network traffic. To enable this mode, add i2p.vmCommSystem=true to the router.config before starting.

Testing on the Live I2P Network

As stated above in the researcher notes, please contact us before you commence your testing. While we do not discourage researchers from responsibly testing their ideas on the live network, if an attack becomes apparent and we don't have any line of communication then we will end up taking countermeasures which could interfere with the test.

路由器家族配置

As of release 0.9.25, I2P supports a router family configuration. This provides researchers who run multiple routers with the means to publicly identify those routers. In turn, this helps the I2P project understand that these routers are not running an attack on the network. It also will prevent other routers from including multiple routers of the family in a single tunnel, which could lead to deanonymization. Routers that appear to be colluding but do not have a declared family may be assumed to be an attack on the network, and may be blocked. The best way to ensure the success of your research project is to work with us directly.

A router family shares a private key so that participation in the family cannot be spoofed. To configure a router family, click on the 'I2P Internals' link in the router console, and then on the 'Family' tab. Follow the instructions there to generate the private key for the first router in the family. Then, export the key from that router, and import it to other members of the family.