• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Dash Security-Privacy Paper

Status
Not open for further replies.

tungfa

Well-known member
Foundation Member
Masternode Owner/Operator
Security-Privacy-Centric Solution For Anonymous DASH (Masternode) Local Wallet Based On Debian GNU/Linux, VirtualBox, Whonix GNU/Linux Including Tor And Tails
– VERSION 0.1.7 [2016-12-03] –

q7B0JLt.png

mgau4n7.png


Please Download :
https://drive.google.com/file/d/0B_yZ4OC682XgS2JjN0pSdDFTcHM/view?usp=sharing
http://www.filedropper.com/securitypaperversion017
OnionShare is available - ping me direct for download link [email protected] / or tungfa on dashforum​

Author: Anonymous
This very extensive /detailed Security Paper was donated to us by an anonymous source, Core Team members double checked facts and approved for posting and public discussion.
https://www.dash.org/
http://dashorg64cjvj4s3.onion

Copyright:
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).
http://creativecommons.org/licenses/by-nc-sa/4.0/

Explanations/Links/Suggestions:
as4BH15.jpg

Always use a VPN Service / Safety/ Security 1st Step
What is a VPN:
https://en.wikipedia.org/wiki/Virtual_private_network
Recommended Services:
(pay in Dash)
BolehVPN https://bolehvpn.net
VikingVPN https://vikingvpn.com
QHoster http://www.qhoster.com
MultiVPN http://multi-vpn.co.uk/
AirVPN https://airvpn.org/


https://www.debian.org
What is ...

TQbijEX.jpg

https://www.torproject.org
What is ...

9FFZlKZ.jpg

https://tails.boum.org
What is ....

3uBZiK4.png

https://www.virtualbox.org
What is ...

l1v0Xu2.png

https://www.whonix.org
What is ...

oUEPI3a.jpg

Dash Core Wallet on Linux:
https://www.dash.org/downloads/
What is ...
 
Last edited by a moderator:
Wow, if this solves the MN blinding problem then this is a pretty big development. Great to see significant community contributions like this.
 
Security-Privacy-Centric Solution For Anonymous DASH (Masternode) Local Wallet Based On Debian GNU/Linux, VirtualBox, Whonix GNU/Linux Including Tor And Tails
– VERSION 0.1.7 [2016-12-03] –

q7B0JLt.png



Author: Anonymous
This very extensive /detailed Security Paper was donated to us by an anonymous source, Core Team members double checked facts and approved for posting and public discussion.
https://www.dash.org/
http://www.dashorg64cjvj4s3.onion/

Copyright:
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).
http://creativecommons.org/licenses/by-nc-sa/4.0/

Explanations/Links/Suggestions:
as4BH15.jpg

Always use a VPN Service / Safety/ Security 1st Step
What is a VPN:
https://en.wikipedia.org/wiki/Virtual_private_network
Recommended Services:
(pay in Dash)
BolehVPN https://bolehvpn.net
VikingVPN https://vikingvpn.com
QHoster http://www.qhoster.com
MultiVPN http://multi-vpn.co.uk/
AirVPN https://airvpn.org/


https://www.debian.org
What is ...

TQbijEX.jpg

https://www.torproject.org
What is ...

9FFZlKZ.jpg

https://tails.boum.org
What is ....

3uBZiK4.png

https://www.virtualbox.org
What is ...

l1v0Xu2.png

https://www.whonix.org
What is ...

oUEPI3a.jpg

Dash Core Wallet on Linux:
https://www.dash.org/downloads/
What is ...
Top
 
Is the IP of a masternode hidden when someone tries to implements the guidelines of this paper?
How this paper solves the IPv4 reveal of the masternodes?
How masternodes recognise eachother via this scheme?
How can you be anonymous if you reveal your IP to a masternode service provider (MNSP)?
paper said:
"At first you have to contact a MNSP (usually register an account on a website). The provider will usually be paid in advance and takes full care of your MN for a certain amount of time (typically on a monthly basis) and is therefore responsible for the setup of a secure remote Linux server. You and the provider only have to exchange very few information, for example the IP address of the new server which will act as the new MN."
What the heck? What are they talking about? Is your real IP address consider as "very few information"?

My thoughts on this paper is negative, because the application layer and the network layer are not separated in DASH. TOR may allow your masternode to change its IP. But as long as TOR is slow, there is a sychronization problem between all masternodes that are behind TOR and the masternodes that are not. This will tear the network apart, and will lead to double spending issues e.t.c. So the above paper is not the anonymity solution you are searching for.

The protocol of dash should change first, and take into account all Masternodes that are behind TOR which may change their ip address in a rate of 5 times in a minute (the 5 is a randomly selected number that should be voted using numbers). You have to deal first with all sychronization problems that may appear (including the double spending issues!).

The above paper is a general anonymity paper and has a few thing to offer to the Masternodes anonymity problem.
 
Last edited:
....a bunch of stuff....

I don't know what it is, maybe a mental block(?) but demo... every post of yours is nearly incomprehensible to me. In this post... You are saying something about nodes behind tor would be too slow? (or could be too slow -- not sure if you tested this) Is that your criticism? I am having trouble understanding what you are actually trying to say.
 
I don't know what it is, maybe a mental block(?) but demo... every post of yours is nearly incomprehensible to me. In this post... You are saying something about nodes behind tor would be too slow? (or could be too slow -- not sure if you tested this) Is that your criticism? I am having trouble understanding what you are actually trying to say.

The dash protocol requires the masternodes to be sychronized. If some masternodes cannot communicate fast enough, then they are considered out of order. TOR transfer rates are low, so many TOR nodes (especially those who change their IPs often) they will be rejected by the DASH network due to the current DASH protocol.

We dont know and we cannot predict how fast or how slow the TOR network may become. So we have to define hardcoded numbers. How many times per minute a masternode is allowed to change its IP? What is the minimum masternode connection speed? Those numbers should be defined by voting using numbers. We should not let the core team to decide that numbers once and for ever, because the correct decision cannot be predicted. We should not also let the core team to be able to change these numbers at will, because this gives them a huge control over the network. If we allow these numbers to be voted, that way the masternode owners will define the optimum numbers that fit to the current state of the TOR network, and this will turn DASH network to as anonymous as it can be and to as fast as it can be.

All the above require protocol changes.
 
Last edited:
Especially pay attention to those who confuse the truth, who try to distract, who try to mislead with full awareness and
who refuse to argue based on neutral facts but emotions instead simply not allowing any kind of logical
analysis which leads to the truth.”

I suggest we all take the time to digest this rather lengthy Security paper before making hasty comments (hasty comments like a particular person is already demonstrating in here)
 
The dash protocol requires the masternodes to be sychronized. If some masternodes cannot communicate fast enough, then they are considered out of order. TOR transfer rates are low, so many TOR nodes (especially those who change their IPs often) they will be rejected by the DASH network due to the current DASH protocol.

We dont know and we cannot predict how fast or how slow the TOR network may become. So we have to define hardcoded numbers. How many times per minute a masternode is allowed to change its IP? What is the minimum masternode connection speed? Those numbers should be defined by voting using numbers. We should not let the core team to decide that numbers once and for ever, because the correct decision cannot be predicted. We should not also let the core team to be able to change these numbers at will, because this gives them a huge control over the network. If we allow these numbers to be voted, that way the masternode owners will define the optimum numbers that fit to the current state of the TOR network, and this will turn DASH network to as anonymous as it can be and to as fast as it can be.

All the above require protocol changes.

Interesting. I can't really comment until I read... this 100+ page document though. Ugh.
 
Dont read it. It has nothing to do with masternodes anonymity. It is a general anonymity guideline. Read it only if you are interested in anonymity in general.

But if you are searching a solution for DASH anonymity of the masternodes, then reading this paper is a waste of time. Focus on the protocol of DASH, this is where the wrong (regarding anonymity) resides, and where the solution may be discovered.

Focus on my signature.
 
Last edited:
VI. CONCLUSION AND FORECAST

The proposed solution closes the continuously rising security gap most people are exposed to while
working with cryptocurrencies and computers at all. This is achieved by the usage of carefully selected
software, a dedicated step-by-step guide build on top of a security-privacy-centric approach and the
compilation of lots of additional background information for further studying.

The main benefits are the use of free and open-source software. There is no need to work with and
thereby trust closed-source software with also a price tag attached just like Microsoft Windows or Mac
OS X, etc. Because the solution is based entirely on Debian GNU/Linux, a free Linux distribution and
other free and open-source software which are all actively developed and reviewed by the research
community distributed all over the planet.

In addition to the privacy features already implemented in the DASH cryptocurrency, the user will be
anonymous online which is an important fact (if additional important security rules such as not
providing personal information, etc. are satisfied continuously) in terms of anonymizing network traffic
over Tor protecting against traffic analysis. This is guaranteed as long as the user works with Whonix
and Tails which are pre-configured to connect to the Internet over Tor exclusively. Therefore data leaks
such as “user is connecting to the DASH network at date X, time Y and building connections with
DASH nodes K, L, M, ...” caused by very different reasons leading to fundamental violation of privacy
are reduced drastically. From now on the DASH software can be utilized anonymously because the user
even hides the fact that he/she is using the DASH software behind Whonix which routes all network
traffic over Tor. In NOT doing so it is obvious to an adversary to figure out very easily what websites
the user visits on a regular basis, which programs on the target's machine interact with the Internet and
more generally speaking in what the user is interested in at all over long time periods. Gathering all this
information together can be used to de-anonymize and to target a specific user very easily.

The new MN will help to further stabilize, increase the security, increase the decentralization and
expand the two-tier DASH MN network.

This is indeed a very detailed security paper that analyses pretty much anything Dash related
(it describes all the processes that are important to both users and masternode owners and it ranges
from wallet use, to protecting masternodes online, to protecting users online.... and much much more).

Interesting.
 
Last edited:
Conclusion
and then this follows.....
Install-and-forget solution: After finishing the setup of the new MN you can simply shutdown the computer, plug off the encrypted USB drive, store it somewhere safe and continue to work with your usual OS installed onto your computer. There is no need to take care of the new MN on a daily basis due to the outsourcing of this work to a third party. Anyway, you are strongly encouraged to support the DASH project by voting with your MN on specific long term decisions relating to DASH and its future.

So this paper proposes to give all the network responsibility to the Masternode Service providers!! If the masternode service providers are compromised, then the whole DASH masternode network is compromised! The fewer the MNSP are, the easier it is for the DASH network to be compromised and exposed.

Is this an advice that can be taken seriously? This paper may (or may not) solve the problem of the dash user anonymity. It has nothing to do with the problem of the masternodes anonymity. The advices the paper gives regarding masternodes anonymity are to the wrong direction.
 
Last edited:
I wonder if the recommandations of this security paper could be used to form the core of new to be developed user-friendly hardware solutions, where security and privacy are central.
 
I wonder if the recommandations of this security paper could be used to form the core of new to be developed user-friendly hardware solutions, where security and privacy are central..

I dont think so. It is too complicated for a hardware solution. Too many software. The code used in hardware solutions has to be minimal and simple, in order to be secure.
 
This guide does not provide sufficient information about the setup of a Masternode (MN) server itself,
for further information refer to the Dash Forum [https://www.dash.org/forum/topic/masternode-
guides.66/]. Anyway the result is an additional MN in the two-tier DASH MN network by outsourcing
the setup of a secure remote Linux server to a skilled third party, called the Masternode-service-
provider (MNSP).


The main part of this guide describes the download and verification process of all necessary files and
consequently the setup of a secure and private OS in order to store the 1000 DASH deposit for the new
MN in a reasonably secure environment.

In addition the solution is not limited to the setup of a DASH MN local wallet exclusively. It is also
designed for a standard DASH local wallet setup (with no intention to setup a MN at all) or any other
cryptocurrency supporting the proposed solution.

Reluctantly i have to agree with demo that this part does needs more discussion and risk evaluation.
On the other hand it reminds me of how masternode hosting providers like node40 emerged and claimed part of Dash ecosystem.
These MNSP's could be considered a logical extension on that .. or not.
 
Last edited:
Perhaps someone should test the proposed solution. A lot of talk and speculation. Presumably the author has already tested it?

@demo, do you fancy giving it a go? I'll pay you your very first dash.
 
Status
Not open for further replies.
Back
Top