Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management

1
Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it
2
SecNet group members and activities

• Research topics
• Peer to Peer
• Security on distributed systems
• Recommendation systems
• Complex network analysis
• Social networks
• Collaborative tagging systems

• Giancarlo Ruffo, associate professor
• Rossano Schifanella, researcher
• Alessandro Basso, researcher
• Marco Milanesio, PhD student
• Andrè Panisson, PhD student
• Luca Maria Aiello, PhD student

3
Outline

1. Motivations
2. Security issues in structured p2p overlays
3. Likir, a novel identity based DHT
4. Reputation management on Likir
5. ID-based applications developement
6. Conclusions

4
Outline

1. Motivations
2. Security issues in structured p2p overlays
3. Likir, a novel identity based DHT
4. Reputation management on Likir
5. ID-based applications developement
6. Conclusions

5
Motivations

• Structured P2P systems are mature enough for
  applications
• Scalable, efficient, resistant against random
  node failures
• Still inadequate for dependable services
• Too many known attacks
• Node id and user id aren't coupled
• When you are cheated, you have no one to blame!
• Design and implementation of a DHT middleware
  resistant to most known overlay attacks
• Preserving
• Scalability
• Decentralization
• Efficiency

6
Motivations
Security
Identity management
Reputation
Id-based applications
7
Outline

1. Motivations
2. Security issues in structured p2p overlays
3. Likir, a novel identity based DHT
4. Reputation management on Likir
5. ID-based applications developement
6. Conclusions

8
Attacker model

• A malicious node is a participant in the system
  that does not follow the protocol correctly. It
  can
• generate packets with arbitrary content
• perform IP spoofing
• intercept and modify communications between other
  nodes
• collude with other attackers
• run and control several nodes

9
Attacks against DHTs
a. Storage attacks
b. Routing attacks
c. DDoS attacks
d. Sybil attack
e. Man In The Middle
10
Applying countermeasures

1. Random NodeIds ? Sybil, routing
2. Few nodes per user ? Sybil
3. Verifiable node identity ? Routing, pollution
4. Secure communication protocol ? Routing, MITM
5. Safe bootstrap ? Routing (partitioning)

No existent DHT grants these features
11
Current DHT designs
Pastry
Chord
Tapestry
Kademlia
Viceroy
CAN
12
Outline

1. Motivations
2. Security issues in structured p2p overlays
3. Likir, a novel identity based DHT
4. Reputation management on Likir
5. ID-based applications developement
6. Conclusions

13
Likir
Layered Id-based Kademlia-like InfRastructure
Problem loose binding between node and identity
Solution a certification service
Challenge preserving the p2p paradigm pureness
14
Likir architectural model

• Many other attempts to secure overlay networks
• Myrmic
• KadSec
• Maelstrom
• In Likir security problems are solved with
• Registration mechanism
• Communication
• protocol enhancement

15
Likir subscription
16
Likir node session
17
Likir content store
All RPC used are the same defined in Kademlia. We
customize only the STORE
Simple API bootstrap() put(key, obj, type,
ttl) get(key, type, userID, recent)
18
Likir security properties
Routing
Sybil
Storage / DDOS
MITM
SPoF
a. Random generated NodeIds

• b. Verifiable identity
• No masquerading
• Account bound to every node
• ID-based applications integration

• c. Credentials bound to contents
• Verifiable ownership (see later)

• d. Secure communication protocol
• Resistant to interleaving attacks

e. The Certification Service is contacted only
ONCE
19
Likir performance analysis

• Cryptographic primitives does not effectively
  impact on performance
• The main overhead is given by the initial nonce
  exchange

GET
PUT
20
Outline

1. Motivations
2. Security issues in structured p2p overlays
3. Likir, a novel identity based DHT
4. Reputation management on Likir
5. ID-based applications developement
6. Conclusions

21
Reputation system

• Content credentials allows to know the publisher
  of any object
• A reputation system can be built to punish
  polluters
• Defined at an application level.
• RS exhibits a simple API for the communication
  with applications - blacklist(userID) -
• Likir does not define a specific RS
• different application suites could adopt
  different systems, depending on their needs
• For our experiments we use
• Blacklist gossip-based approach

22
Banishment of polluters
Snapshot of a simulated massive pollution attack
23
Outline

1. Motivations
2. Security issues in structured p2p overlays
3. Likir, a novel identity based DHT
4. Reputation management on Likir
5. ID-based applications developement
6. Conclusions

24
Putting things together in applications

• In distributed identity-based commercial
  applications, user data are retained by central
  servers.
• Secure infrastructure
• Loss of user privacy
• Exploiting DHT systems for data storage could
  preserve privacy
• Respect of user data secrecy
• Infrastructure prone to common attacks
• Likir becomes an ideal decentralized platform for
  privacy preserving ID-based applications

25
Decentralized social network framework

• Secure
• Applications share the same identity management
  layer
• ID-based information retrieval filtering
  parameters available
• Privacy granted through encryption
• OpenID enabled
• CS could work also as repository for applications
  showcase and download
• Secure platform

Identity
Application layer
26
Some Likir based applications

• LiCha Fully distributed instant messaging
  application
• User data stored in the DHT
• Network bandwith consumption is minimized during
  content retrieval due to ID-based index side
  filtering
• Personal data are encrypted before being stored
• Every content is signed by Likir layer
• Fully decentralized tag based search engine
• Ongoing work

27
Outline

1. Motivations
2. Security issues in structured p2p overlays
3. Likir, a novel identity based DHT
4. Reputation management on Likir
5. ID-based applications developement
6. Conclusions

28
Conclusions

• Embedding strong identity into the overlay layer
  solves many DHT security issues and offers new
  beyond file sharing opportunities for pure p2p
  paradigm
• First DHT design facing a so wide spectrum of
  attacks (AFAWK)
• Scalability and efficiency is preserved
• The most common criticism
• Yes, thats secure, but you introduced a
  centralized control and trust point! Thats no
  more p2p!
• CS is involved only once per peer, in a service
  subscription phase
• Yes, we have to trust CS, but we think this is an
  acceptable compromise
• CS solves the first bootstrap problem

29
References
To get Likir library, or related publications
visit
http//likir.di.unito.it
For information, feedback and suggestions, please
contact me
aiello_at_di.unito.it

• L. M. Aiello, M. Milanesio, G. Ruffo, R.
  Schifanella   "Tempering Kademlia with a Robust
  Identity Based System", In the 8th International
  Conference on Peer-to-Peer Computing 2008
  (P2P'08), RWTH Aachen University, Germany, 2008
• L. M. Aiello , L. Chisci, R. Fantacci, L.
  Maccari, M. Milanesio, M. Rosi   "Avoiding
  eclipse attacks on Kad/Kademlia an identity
  based approach.", In ICC 2009 Communication and
  Information Systems Security Symposium, to appear

30
Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Thank you for your attention!
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it