P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao
P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered
Transport Security To prevent illegal peers/clients participating in the overlay, TLS/DTLS is necessary to authenticate between each association and protect the communication privacy
P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered
Routing Maintenance Security A peer may receive fake routing table entries from malicious neighbors Each DHT must resolve this according to its specific routing table maintenance rules Generally speaking, each peer must verify each new entry in its routing table for correctness Attacks can try to induce security threats by increasing churn Node must waste significant bandwidth to update routing table and replicate transfer stored data The higher the churn rate is, the more entries in one’s routing table turn to be outdated, which will cause lower efficiency
KBR Security(1) Intermediate peers may claim to be the destination peer to hijack application component A check mechanism is required to verify if the response is from the responsible peer for desired key This linked paper provide an example for a proof mechanism: /identity-npsec05.pdf /identity-npsec05.pdf
KBR Security(2) Misbehaving forwarding by intermediate peer Intentional forwarding to a wrong next hop Discarding incoming messages Modifying the message before forwarding Chosen ID attack make KBR even less secure Malicious nodes can repeatedly request new nodeIDs to obtain some control over nodeID assignment
KBR Security(3) Some approaches for protection mechanisms Digital signatures for initial bootstrapping messages One approach is to chain together packet acks to determine responsibility for lost or misrouted messages Secure Node ID assignment mechanism
P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered
Distributed Storage Security Protect data objects against unauthorized data operations Writing data Modification Removal Data poisoning Publish invalid or non-existent data into the overlay Publish victim node’s address as location for a popular data object to induce DDOS attack
Distributed Storage Security Storage denial of service attacks Overlays work well for a reasonable amount of data objects, but can easily be overwhelmed by inserting large numbers of objects per node Malicious nodes can publish great amount of junk data to the overlay Replication security is TODO
P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered
Application Security TBD
P2PSIP Security Analysis and evaluation Trusted Overlay Base Untrusted Overlay Base
Trusted Overlay Base All peers in the overlay are deployed with trusted nodes, e.g. an operator deploys the core CHORD ring of P2P overlay network, and provides services to the ordinary clients by accessing peers in the overlay
Possible attacks in the overlay with Trusted Overlay Base
P2PSIP Security Analysis and evaluation Trusted Overlay Base Untrusted Overlay Base
Peers in a Untrusted P2P Overlay Base are not all trusted. There may exist some malicious behaving nodes in that P2P Overlay Base. All security issues with the Tursted Overlay Base still exist here More security threats emerge
More attacks in the overlay with Untrusted Overlay Base
Thank You