Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 2 PeeR-to-peer beyOnd FILE Sharing Catania Firenze Parma Pavia Roma Torino Trento Security on p2p networks

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 3 Goal Design and implementation of a DHT middleware resistant to most known overlay attacks a.Scalability b.Complete decentralization c.Efficiency Preserving:

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 4 Steps a.Analysis of DHT security issues b.Overview on existing DHTs properties c.Secure protocol (and architecture) design d.Performance analisys e.Implementation + f. Identity Based Cryptography

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 5 Distributed Hash Tables b. Overlay network c. Keyspace d. Key-node binding e. Key-content binding f. Responsibility function g. Lookup in O(log(N)) steps a. Content storage

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 6 Attacks against DHTs a. Storage attacks b. Routing attacks c. DDoS attacks e. Man In The Middle d. Sybil attack

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 7 Applying countermeasures a.Random NodeIds b.Few nodes per user c.Verifiable node identity d.Secure communication protocol e.Safe bootstrap No existent DHT grants these features

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 8 Current DHT designs PastryChordTapestry Kademlia CAN Viceroy

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 9 Kademlia a.Simple protocol (ping, store, find-node, find-value) b.Routing messages piggybacking c.Lightweight join phase d.XOR metric e.Caching

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 10 Kademlia: applications VuzeBittorrenteMuleLimewireRetroshare

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 11 Likir Layered Id-based Kademlia InfRastructure Problema: loose binding between node and identity Soluzione: a certification service Sfida: preserving the p2p paradigm pureness

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 12 Likir: architecture

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 13 Likir: initialization

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 14 Likir: node session

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 15 Likir: content STORE All RPC used are the same defined in Kademlia. We customize only the STORE :

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 16 Likir: Security properties Routing Storage / DDOS Sybil MITM a. Random generated NodeIds b. Verifiable identity  No masquerading  Account binded to every node  ID-based applications integration c. Credentials binded to contents  Verifiable ownership  Reputation + Blacklisting d. Secure communication protocol  Resistant to interleaving attacks SPoF e. The Certification Service is contected only ONCE

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 17 Identity 2.0 +

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 18 V E R I F I E D Identity 2.0

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 19 1.Setup →2.Extract →3.Sign →4.Verify Identity Based Signature Schema IBS di Boneh Franklyn (2001)

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 20 Likir & IBS: evaluation Need of a Private Key Generator Key Escrow Signature generation and check is slower than RSA Identity 2.0 compliant The public key can be omitted Signatures are smaller than in RSA

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 21 Performance evaluation

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 22 Performance evaluation

a.JLikir, Java 1.6 b.Kademlia adhering c.CS implemented like a CA d.Index Side Filtering e.We used JLikir to develop LiCha −Privacy-aware instant messaging application −Fully decentralized service −Likir identity support is fully exploited −High privacy and security level Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 23 Implementation

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 24 Conclusions Kademlia + Identity support + Protection from attacks = ————————————— Likir__

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 25 Likir monastery, Ladakh Questions?