 Хао! Мене зовут Занто, і я буду говорити про ОТОП. Що це? Хао з'явити, і хао ОТОП може бути з'явлені, щоб з'явити проблеми з ОТОП. Також, щоб зрозуміти, що треба бути з'явлені, Let's look back into the history of how the Internet originated. The Internet originated from this mostly military project, ARPANET, and it has much design as shown here. Different interconnections between different names, but with way as a basis of this architecture. It was a goal to withstand an external infrastructure damage. So, for example, if some of these nodes came down, the network is still usable. And it worked very well for this thread, and it was adequate for this task. But more internal threads were in the middle of this network. So every host of nodes, they were considered trusted. And we have this legacy with us these days. So in the Internet we have this state of things. We have many technologies designed to fix problems with security or with privacy, but all these technologies are good. But from the architectural point of view, the clutches to support to make it somehow usable, the network feels now. So, for these technologies and clutches, we are using decentralization of the Internet. If in its prime times it was decentralized network, now we have decentralization only on the top level of the Internet. And when you connect to some ISP, then you are using this decentralization. And you have some centralized networking. And at this point, for example, all traffic inspection, interception blocking, whatever may happen. So we don't have really Internet as a mesh network for common people. So what could be done to help this to fix this? The first generation of our networks is Tor. I believe in Tor because ISP bases its technologies on some ideas from Tor. Tor is well known now. So it will be there to understand this way. In Tor you have nodes, which allows users from different real nodes to interconnect privately in some virtual space and virtual network. So that rate in between the nodes is done privately and the observer will understand how traffic goes in or out. Oh, okay. It's okay now. Okay. So what are the advantages of Tor? It is the first worldwide network. It provides hidden services in addition to anonymization. And it has a large scale, millions of users. But there are some problems as well. Tor is based on entry and exit points. And the running relays may have problems with legal problems in some jurisdictions. It's not safe in our world to run this relays. Also Tor has highly asymmetric structure. It is running about 8000 of nodes with both bridges and relays. And this 8000 of nodes serves 4.5 millions of users. And to make it worse, Tor is based on, it is highly centralized by design. It has only 8 to 10 directors' service available and if the service will be taken down at once, this network will experience huge problems. As you can know, since to Mr. Snowden, we have a global surveillance, which can monitor all nodes of Tor or any network. And such a world scale monitor imposes a threat to privacy and to security. So what is the idea of I2P? The idea is that common internet usual is beyond repair. And we need to build a new network, which does not depend on the internet for anything, that form links between low-level physical links. So I2P doesn't have the idea of entire and exit nodes. It has any participant of the network is routed by design. So what we have? No entire exit nodes, no legal risks exposed to relays. There is a full decentralization, there are no directors' service used. Each node is considered as untrusted as much as possible, because adversaries may try to inject some nodes into the network and protocols are designed in a way to withstand this. Inside I2P any protocol can be used, which user wants. And right now it is approximately 50,000 to 60,000 nodes available and it is hard to get this number accurate, because network is so distributed than special research is needed in order to get these numbers. I2P uses unidirectional tunnels, I will talk about tunnels a bit later. The routing of I2P can be seen as a second generation of online routing and all you know that online allows to connect to two hopes users. And this connection is private. So how this protocol is built? A user establishes a connection with the first router with its encryption key, then the second router, the third one, and the message goes through. So we have one layer of encryption in the weakest point and all the message goes through one single route. How I2P tunnels are built? They are different and incoming and outgoing messages are going through different routes. So if you are making a ping and punk, it will go through different routes or different hosts. They are connected by so-called endpoints and the outcome and points are hidden in order to improve privacy. Also one of the routes is configurable. In turn, it is fixed to hopes. I2P is usually three, but maybe set up to seven hopes if they really want to do this. This call protocol connection works in I2P. You have connection on application layer between AMP. It comes up to connection between each routers, this is ACDR routers, and A and B in squares are endpoints. So each connection between routers is encrypted, each connection between origin and source and destination is encrypted, and application level encryption is optionally available as well. But this is not everything. In comparison to Tor, I2P doesn't send a whole packet inside encrypted connections. It splits packets into chunks. It is called Guardic routing, so we can take a Guardic bulb and split it into several chunks. These chunks from different sources are combined in a new packet, and this packet is being transferred between routers, and then it is decrypted, and each chunk is sent to its final destinations. Of course each chunk is encrypted as well here, so we have Tor encryption, and we have traffic intermission. This makes surveillance very hard, because you can only see that some traffic is going on, and it's very hard to analyze what this traffic is. This is a real-life example of what will happen if you have three hops. This is the default I2P, and two chunks. For example, we want to send pink from green circle to blue one, and reply. This shows how it will go, that outcome packet is split into pieces, goes through different hops, then it receives its final destination, and reply goes a different way to the green circle. This works for any connection, and such connections are continuous, and they are regenerated approximately every ten minutes. This complexity of encryption and intelligence is quite hard to analyze when you have no traffic for many different destinations. So how you can find some host in I2P? There is no DNS-like centralized services. It is based on DHT-like data base, and this database contains two main sets of information, RotorInfo and ListSets. RotorInfo contains RotorInfo, the real IP and ports, and ListSets contains information about endpoints, and it has no direct connection to RotorInformation. It has connection to public key, which is used to identification and connection between pairs. RotorInfo contains ID, this encryption and sign in public case contact, and auxiliary data. All this data is signed, and all this signature is being run through hash, and this hash is being used to address the node. The native database, each node in the database contains encryption key, garly control and encryption key, sign in key, and all this is packed into a certificate. So for management this database is distributed. It is being run in DHT-way using so-called Flutful Routers. Flutful Routers are hosts which have powerful enough CPU and connections to processes data, and approximately 1.3 to 1.5 of these routers is available on the network node, just 8 or 10 director services in Tor, but it doesn't solve thousands of them, and usually when peer connects, it uses connection to several hundreds of them in order to normally work in network. Each node may be Flutful and user may configure if they don't want to use, that the host will be used as a Flutful node. So how the address is done? It is done using so-called B32 addresses, and each address is Shah 255 hash of certificate, I explained previously, and it is equivalent of IP address on Client. Each node may have many such addresses, they can be changed anytime, and this is an example of how it looks like. Well, that's not very convenient to use, but it works. To make it more convenient, for example, I2P-wiki.itp, so-called address book exists. They just come as separated maps between this address and this B32 address, nothing more. Users can exchange the address books from HMSN Trust to keep their private address books, so they do not rely constantly on some external service to receive these edit books, and it's a persistent storage. So how to bootstrap, how host connects to the network for the first time? It needs to know at least one IP address or at least some part of NetDB. This is usually shipped with I2P distributions or can be downloaded from various sources on the Internet. So this book is also often shipped and various subscriptions are available. Of course, you have to choose whether to use it or not, myself. So what cryptography is used inside I2P? For the symmetric part, it's IS-256, for asymmetric it's mostly Elginal, and for hash it's Shah. They are possible to change, but it has some problems with changing. These are signatures which are available for certificates, and that's very good that Shah1 is obsolete now and no longer used. Most popular ones are IDE25519 by Daniel Bernstein and the implementation of I2PD has support for rational encryption algorithms. This one has closed contents. It's not safe, but this one has open algorithms of how constants were delivered. So what implementations are available for I2P? There are several of them. The first one is in Java. It's original implementation, but it needs a lot of RAM and it's not good for any device. Another implementation is in C++ I2PD. It has low demands in memory and CPU usage, and it can even work on devices like Raspberry Pi. There are some forks of I2PD, but they are tagged mostly in Manero and similar integrations with other projects. So what protocols are available? You can see that at the bottom layer that uses ICTCP or UDP of normal Internet, then it provides at higher level streaming and datagrams inside anonymized secure layer, which are analogs to TCP and UDP. Socks and HTTP proxies are provided by software and you can use them to access the network. So how to use it? Because it doesn't have Google, and you have to find somehow what to use. There are official wikipages, messages, social networks, torrents and decentralized forums, some software written to transmission modified to work on I2P. And there are even distributed network file systems, which are run over I2P and you can set up your own if you're interested in them. So these are some of your cases. For example, you can set up your own SSH server and connect to the server through I2P. Why it is needed? Because many people have PCs behind the nodes and they are not available and this is much more secure than using VPN. But of course it's slow and have high latency. This case is for using your own VPN over I2P. This is part of Tino's account for I2PD and this is a part of OpenVPN account in OpenVPN software. So security was analyzed and there are many threads, but right now most of them are mitigated in one way or another. The weakest part is always user. If you are using some browser, which allows fingerprinting, for example, I2P will not save you from fingerprinting. You must use secure applications. Example of insecure buttons are using the same browser to access, for example Tor, I2P, and Client. There is software on this, but if you have the same browser, then there are many ways to get some side channel information about your server, never do this. This includes software like QuickProxy and FoxyProxy. It's also not secure because side channel attacks are possible. WebRTC is security nightmare. You shouldn't use it because it allows very precise fingerprinting on your system. Of course, your script flash plugins may also posit that. Secure behavior is to use a dedicated browser in a dedicated environment. To use security-oriented software, for example, Tor browser can be easily configured to work in I2P. And you use something very simple like e-links, which is robust. Okay, so use it. Set up your own horse, your own roadsters, be careful and use it to do it and has some wisdom and contribute and develop if you can. You're welcome. Thank you. Do you have questions? Do you want to shout out for a second? Shout it out and then we'll repeat it. Okay, so about I2P. In the recent project, do you know the guys who developed I2P? Are there any questions? How does the latency compare to using something like Tor? Latency. You cannot watch video online inside I2P but you can chat, you can download data, video signatures, whatever you want. Latency is very similar to times of developed networking in terms of latency. But this is higher. More questions? Hello, thanks for the talk and I tried I2P maybe a year ago or two years ago and I used a Java implementation and it didn't consume 205GB of memory because it didn't have that much so it doesn't consume more memory if there is more nodes so how does it work? The minus you have. If you are a router for example, if you are a fluid filler router it will consume a lot of memory. Well, it depends. More questions? Thank you.