What are the threats against I2P?

Question

Threat modeling is a process by which potential threats can be identified, enumerated, and prioritized

What are the considered attacks in I2P's threat model ?

Answer 1

I2P's threat model consists of :

• Brute force attacks

A brute force attack can be mounted by a global passive or active adversary, watching all the messages pass between all of the nodes and attempting to correlate which message follows which path

• Timing attacks

I2P's messages are unidirectional and do not necessarily imply that a reply will be sent. However, applications on top of I2P will most likely have recognizable patterns within the frequency of their messages - for instance, an HTTP request will be a small message with a large sequence of reply messages containing the HTTP response. Using this data as well as a broad view of the network topology, an attacker may be able to disqualify some links as being too slow to have passed the message along

• Intersection attacks

Periodically make contact with the target and keep track of what peers are on the network. Over time, as node churn occurs the attacker will gain significant information about the target by simply intersecting the sets of peers that are online when a message successfully goes throug

• Denial of service attacks

  • Greedy user attack

    people trying to consume significantly more resources than they are willing to contribute

  • Starvation attack

    harm the network by creating a significant number of peers in the network who [...] then decide not to provide any resources to the network

  • Flooding attack

    standard IP layer flooding

  • CPU load attack

    request that a peer perform some cryptographically expensive operation

  • Floodfill DOS attack

    becoming a floodfill router [...] and provide bad or no response to lookups, and it may also interfere with inter-floodfill communication

• Tagging attacks

modifying a message so that it can later be identified further along the path

• Partitioning attacks

finding ways to segregate (technically or analytically) the peers in a network

• Predecessor attacks

passively gathering statistics in an attempt to see what peers are 'close' to the destination

• Harvesting attacks

compiling a list of users running I2P

• Identification Through Traffic Analysis

By inspecting the traffic into and out of a router, a malicious ISP or state-level firewall could identify that a computer is running I2P

• Sybil attacks

category of attacks where the adversary creates arbitrarily large numbers of colluding nodes and uses the increased numbers to help mounting other attacks

• Buddy Exhaustion attacks

By refusing to accept or forward tunnel build requests, except to a colluding peer, a router could ensure that a tunnel is formed wholly from its set of colluding routers

• Cryptographic attacks

I2P was not designed with easy mechanisms to lengthen keys or change shared secret values while maintaining backward compatibility

• Floodfill Anonymity attacks

floodfill routers are uniquely positioned to learn about network participants

• Other Network Database attacks

attempt to harm the network by creating one or more floodfill routers and crafting them to offer bad, slow, or no response

• Central Resource Attacks

centralized resources in the development and operation of the I2P network,

• Development attacks

go after its development team by either introducing legal hurdles on anyone contributing to the development of the software, or by using whatever means are available to get the developers to subvert the software

• Implementation attacks (bugs)

errors in the design or implementation

Source here (also describe defenses against these threats)