Time will Tell: Large-scale De-anonymization of Hidden I2P Services via Live Behavior Alignment (Extended Version)

TL;DR

This paper presents I2PERCEPTION, a scalable, low-cost method for de-anonymizing I2P hidden services by analyzing live router behavior and correlating it with active probing, successfully revealing their IP addresses in real-world experiments.

Contribution

The paper introduces I2PERCEPTION, a novel approach that leverages live behavior inference and correlation to de-anonymize I2P hidden services at scale.

Findings

Successfully de-anonymized all controlled hidden services.

Validated effectiveness with only 15 floodfill routers over eight months.

Demonstrated scalability and precision in real-world deployment.

Abstract

I2P (Invisible Internet Project) is a popular anonymous communication network. While existing de-anonymization methods for I2P focus on identifying potential traffic patterns of target hidden services among extensive network traffic, they often fail to scale effectively across the large and diverse I2P network, which consists of numerous routers. In this paper, we introduce I2PERCEPTION a low-cost approach revealing the IP addresses of I2P hidden services. In I2PERCEPTION, attackers deploy floodfill routers to passively monitor I2P routers and collect their RouterInfo. We analyze the router information publication mechanism to accurately identify routers' join (i.e. on) and leave (i.e. off) behaviors, enabling fine-grained live behavior inference across the I2P network. Active probing is used to obtain the live behavior (i.e., on-off patterns) of a target hidden service hosted on one of the I2P routers. By correlating the live behaviors of the target hidden service and I2P routers over time, we narrow down the set of routers matching the hidden service's behavior, revealing the hidden service's true network identity for de-anonymization. Through the deployment of only 15 floodfill routers over the course of eight months, we validate the precision and effectiveness of our approach with extensive real-world experiments. Our results show that I2PERCEPTION successfully de-anonymizes all controlled hidden services.