I2P: Garlic and Onion Routing Techniques for Enhanced Security

The Invisible Internet Project (I2P) is a work in progress whose aim is to provide a secure version of the IP protocol that addresses threats common to the standard TCP/IP networking infrastructure -- most importantly, the effortless identification and tracking of participating peers. In I2P, each participating peer keeps a secret pool of inbound, or data-receiving, and outbound, or data-transmitting, tunnels it chooses itself. A tunnel consists of a configurable number of routers in sequence, where longer tunnels mean more anonymity, at the expense of performance.

When a peer sends data, it is passed through one of its outbound tunnels, at the end of which it enters an inbound tunnel of the recipient. For each router that is part of the chosen tunnel, a layer of encryption based on the router's key is added. This technique, the main feature of "onion routing," prevents compromised routers from eavesdropping. (The most well-known onion routing project, Tor, is more efficient than I2P and more friendly for low-bandwidth peers, but not as flexible an application as I2P and not as good a dynamic threat defense.) I2P uses what it calls "garlic routing," which enhances onion routing by allowing a message to take multiple paths at once, therefore increasing message integrity. For more information on these routing techniques, refer to this excellent paper. Addresses, or destinations, in I2P consist of a set of cryptographic keys which are Base64-encoded when used in an ASCII context. In contrast to the TCP/IP and UDP/IP protocols, addresses point to services, not hosts. It is harder to identify which services a certain host is running than to identify a given host, and addresses do not change when services are migrated to another server.

The link for this article located at Linux.com is no longer available.