Download presentation
Presentation is loading. Please wait.
Published byKelly Kirkby Modified over 10 years ago
1
Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management Speaker: Luca Maria Aiello SecNet Group Università degli Studi di Torino, Computer Science Department Corso Svizzera, 185 – 10149, Torino, Italy aiello@di.unito.it 2 nd EMANICS Workshop on Peer-to-Peer Management
2
Embedding identity in DHT systems: security, reputation and social networking management 2 SecNet group members and activities − Giancarlo Ruffo, associate professor − Rossano Schifanella, researcher − Alessandro Basso, researcher − Marco Milanesio, PhD student − Andrè Panisson, PhD student − Luca Maria Aiello, PhD student Research topics: Peer to Peer Security on distributed systems Recommendation systems Complex network analysis Social networks Collaborative tagging systems …
3
Embedding identity in DHT systems: security, reputation and social networking management 3 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions
4
Embedding identity in DHT systems: security, reputation and social networking management 4 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions
5
Embedding identity in DHT systems: security, reputation and social networking management 5 Motivations Structured P2P systems are mature enough for applications Scalable, efficient, resistant against random node failures Still inadequate for dependable services Too many known attacks Node id and user id aren't coupled When you are cheated, you have no one to blame! Design and implementation of a DHT middleware resistant to most known overlay attacks Preserving: Scalability Decentralization Efficiency
6
Embedding identity in DHT systems: security, reputation and social networking management 6 Security Identity management Reputation Id-based applications Motivations
7
Embedding identity in DHT systems: security, reputation and social networking management 7 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions
8
Embedding identity in DHT systems: security, reputation and social networking management 8 Attacker model A malicious node is a participant in the system that does not follow the protocol correctly. It can: generate packets with arbitrary content perform IP spoofing intercept and modify communications between other nodes collude with other attackers run and control several nodes
9
Embedding identity in DHT systems: security, reputation and social networking management 9 a. Storage attacks b. Routing attacks c. DDoS attacks e. Man In The Middle d. Sybil attack Attacks against DHTs
10
Embedding identity in DHT systems: security, reputation and social networking management 10 a.Random NodeIds Sybil, routing b.Few nodes per user Sybil c.Verifiable node identity Routing, pollution d.Secure communication protocol Routing, MITM e.Safe bootstrap Routing (partitioning) No existent DHT grants these features Applying countermeasures
11
Embedding identity in DHT systems: security, reputation and social networking management 11 PastryChordTapestry Kademlia CAN Viceroy Current DHT designs
12
Embedding identity in DHT systems: security, reputation and social networking management 12 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions
13
Embedding identity in DHT systems: security, reputation and social networking management 13 Layered Id-based Kademlia-like InfRastructure Problem: loose binding between node and identity Solution: a certification service Challenge: preserving the p2p paradigm pureness Likir
14
Embedding identity in DHT systems: security, reputation and social networking management 14 Likir: architectural model Many other attempts to secure overlay networks: Myrmic KadSec Maelstrom … In Likir security problems are solved with: Registration mechanism Communication protocol enhancement
15
Embedding identity in DHT systems: security, reputation and social networking management 15 Likir: subscription
16
Embedding identity in DHT systems: security, reputation and social networking management 16 Likir: node session
17
Embedding identity in DHT systems: security, reputation and social networking management 17 All RPC used are the same defined in Kademlia. We customize only the STORE: Likir: content store Simple API: bootstrap() put(key, obj, type, ttl) get(key, type, userID, recent)
18
Embedding identity in DHT systems: security, reputation and social networking management 18 Routing Storage / DDOS Sybil MITM a. Random generated NodeIds b. Verifiable identity No masquerading Account bound to every node ID-based applications integration c. Credentials bound to contents Verifiable ownership (see later) d. Secure communication protocol Resistant to interleaving attacks SPoF e. The Certification Service is contacted only ONCE Likir: security properties
19
Embedding identity in DHT systems: security, reputation and social networking management 19 Likir: performance analysis Cryptographic primitives does not effectively impact on performance The main overhead is given by the initial nonce exchange GETPUT
20
Embedding identity in DHT systems: security, reputation and social networking management 20 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions
21
Embedding identity in DHT systems: security, reputation and social networking management 21 Reputation system Content credentials allows to know the publisher of any object A reputation system can be built to punish polluters Defined at an application level. RS exhibits a simple API for the communication with applications - blacklist(userID) - Likir does not define a specific RS different application suites could adopt different systems, depending on their needs; For our experiments we use: Blacklist + gossip-based approach
22
Embedding identity in DHT systems: security, reputation and social networking management 22 Banishment of polluters Snapshot of a simulated massive pollution attack
23
Embedding identity in DHT systems: security, reputation and social networking management 23 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions
24
Embedding identity in DHT systems: security, reputation and social networking management 24 Putting things together in applications In distributed identity-based commercial applications, user data are retained by central servers. Secure infrastructure Loss of user privacy Exploiting DHT systems for data storage could preserve privacy… Respect of user data secrecy Infrastructure prone to common attacks Likir becomes an ideal decentralized platform for privacy preserving ID-based applications
25
Embedding identity in DHT systems: security, reputation and social networking management 25 Decentralized social network framework Secure Applications share the same identity management layer ID-based information retrieval filtering parameters available Privacy granted through encryption OpenID enabled CS could work also as repository for applications showcase and download Secure platform Identity Application layer
26
Embedding identity in DHT systems: security, reputation and social networking management 26 Some Likir based applications LiCha: Fully distributed instant messaging application User data stored in the DHT Network bandwith consumption is minimized during content retrieval due to ID-based index side filtering Personal data are encrypted before being stored Every content is signed by Likir layer Fully decentralized tag based search engine Ongoing work…
27
Embedding identity in DHT systems: security, reputation and social networking management 27 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions
28
Embedding identity in DHT systems: security, reputation and social networking management 28 Conclusions Embedding strong identity into the overlay layer solves many DHT security issues and offers new “beyond file sharing” opportunities for pure p2p paradigm First DHT design facing a so wide spectrum of attacks (AFAWK) Scalability and efficiency is preserved The most common criticism: “Yes, that’s secure, but you introduced a centralized control and trust point! That’s no more p2p!” CS is involved only once per peer, in a service subscription phase Yes, we have to trust CS, but we think this is an acceptable compromise CS solves the first bootstrap problem
29
Embedding identity in DHT systems: security, reputation and social networking management 29 http://likir.di.unito.it References L. M. Aiello, M. Milanesio, G. Ruffo, R. Schifanella "Tempering Kademlia with a Robust Identity Based System", In the 8th International Conference on Peer-to- Peer Computing 2008 (P2P'08), RWTH Aachen University, Germany, 2008 L. M. Aiello, L. Chisci, R. Fantacci, L. Maccari, M. Milanesio, M. Rosi "Avoiding eclipse attacks on Kad/Kademlia: an identity based approach.", In ICC 2009 Communication and Information Systems Security Symposium, to appear To get Likir library, or related publications visit: For information, feedback and suggestions, please contact me: aiello@di.unito.it
30
Embedding identity in DHT systems: security, reputation and social networking management 30 Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management Thank you for your attention! Speaker: Luca Maria Aiello SecNet Group Università degli Studi di Torino, Computer Science Department Corso Svizzera, 185 – 10149, Torino, Italy aiello@di.unito.it 2 nd EMANICS Workshop on Peer-to-Peer Management
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.