Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management - PowerPoint PPT Presentation


Title: Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management


1
Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it
2
SecNet group members and activities
  • Research topics
  • Peer to Peer
  • Security on distributed systems
  • Recommendation systems
  • Complex network analysis
  • Social networks
  • Collaborative tagging systems
  • Giancarlo Ruffo, associate professor
  • Rossano Schifanella, researcher
  • Alessandro Basso, researcher
  • Marco Milanesio, PhD student
  • Andrè Panisson, PhD student
  • Luca Maria Aiello, PhD student

3
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

4
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

5
Motivations
  • Structured P2P systems are mature enough for
    applications
  • Scalable, efficient, resistant against random
    node failures
  • Still inadequate for dependable services
  • Too many known attacks
  • Node id and user id aren't coupled
  • When you are cheated, you have no one to blame!
  • Design and implementation of a DHT middleware
    resistant to most known overlay attacks
  • Preserving
  • Scalability
  • Decentralization
  • Efficiency

6
Motivations
Security
Identity management
Reputation
Id-based applications
7
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

8
Attacker model
  • A malicious node is a participant in the system
    that does not follow the protocol correctly. It
    can
  • generate packets with arbitrary content
  • perform IP spoofing
  • intercept and modify communications between other
    nodes
  • collude with other attackers
  • run and control several nodes

9
Attacks against DHTs
a. Storage attacks
b. Routing attacks
c. DDoS attacks
d. Sybil attack
e. Man In The Middle
10
Applying countermeasures
  1. Random NodeIds ? Sybil, routing
  2. Few nodes per user ? Sybil
  3. Verifiable node identity ? Routing, pollution
  4. Secure communication protocol ? Routing, MITM
  5. Safe bootstrap ? Routing (partitioning)

No existent DHT grants these features
11
Current DHT designs
Pastry
Chord
Tapestry
Kademlia
Viceroy
CAN
12
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

13
Likir
Layered Id-based Kademlia-like InfRastructure
Problem loose binding between node and identity
Solution a certification service
Challenge preserving the p2p paradigm pureness
14
Likir architectural model
  • Many other attempts to secure overlay networks
  • Myrmic
  • KadSec
  • Maelstrom
  • In Likir security problems are solved with
  • Registration mechanism
  • Communication
  • protocol enhancement

15
Likir subscription
16
Likir node session
17
Likir content store
All RPC used are the same defined in Kademlia. We
customize only the STORE
Simple API bootstrap() put(key, obj, type,
ttl) get(key, type, userID, recent)
18
Likir security properties
Routing
Sybil
Storage / DDOS
MITM
SPoF
a. Random generated NodeIds
  • b. Verifiable identity
  • No masquerading
  • Account bound to every node
  • ID-based applications integration
  • c. Credentials bound to contents
  • Verifiable ownership (see later)
  • d. Secure communication protocol
  • Resistant to interleaving attacks

e. The Certification Service is contacted only
ONCE
19
Likir performance analysis
  • Cryptographic primitives does not effectively
    impact on performance
  • The main overhead is given by the initial nonce
    exchange

GET
PUT
20
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

21
Reputation system
  • Content credentials allows to know the publisher
    of any object
  • A reputation system can be built to punish
    polluters
  • Defined at an application level.
  • RS exhibits a simple API for the communication
    with applications - blacklist(userID) -
  • Likir does not define a specific RS
  • different application suites could adopt
    different systems, depending on their needs
  • For our experiments we use
  • Blacklist gossip-based approach

22
Banishment of polluters
Snapshot of a simulated massive pollution attack
23
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

24
Putting things together in applications
  • In distributed identity-based commercial
    applications, user data are retained by central
    servers.
  • Secure infrastructure
  • Loss of user privacy
  • Exploiting DHT systems for data storage could
    preserve privacy
  • Respect of user data secrecy
  • Infrastructure prone to common attacks
  • Likir becomes an ideal decentralized platform for
    privacy preserving ID-based applications

25
Decentralized social network framework
  • Secure
  • Applications share the same identity management
    layer
  • ID-based information retrieval filtering
    parameters available
  • Privacy granted through encryption
  • OpenID enabled
  • CS could work also as repository for applications
    showcase and download
  • Secure platform

Identity
Application layer
26
Some Likir based applications
  • LiCha Fully distributed instant messaging
    application
  • User data stored in the DHT
  • Network bandwith consumption is minimized during
    content retrieval due to ID-based index side
    filtering
  • Personal data are encrypted before being stored
  • Every content is signed by Likir layer
  • Fully decentralized tag based search engine
  • Ongoing work

27
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

28
Conclusions
  • Embedding strong identity into the overlay layer
    solves many DHT security issues and offers new
    beyond file sharing opportunities for pure p2p
    paradigm
  • First DHT design facing a so wide spectrum of
    attacks (AFAWK)
  • Scalability and efficiency is preserved
  • The most common criticism
  • Yes, thats secure, but you introduced a
    centralized control and trust point! Thats no
    more p2p!
  • CS is involved only once per peer, in a service
    subscription phase
  • Yes, we have to trust CS, but we think this is an
    acceptable compromise
  • CS solves the first bootstrap problem

29
References
To get Likir library, or related publications
visit
http//likir.di.unito.it
For information, feedback and suggestions, please
contact me
aiello_at_di.unito.it
  • L. M. Aiello, M. Milanesio, G. Ruffo, R.
    Schifanella   "Tempering Kademlia with a Robust
    Identity Based System", In the 8th International
    Conference on Peer-to-Peer Computing 2008
    (P2P'08), RWTH Aachen University, Germany, 2008
  • L. M. Aiello , L. Chisci, R. Fantacci, L.
    Maccari, M. Milanesio, M. Rosi   "Avoiding
    eclipse attacks on Kad/Kademlia an identity
    based approach.", In ICC 2009 Communication and
    Information Systems Security Symposium, to appear

30
Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Thank you for your attention!
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it
View by Category
About This Presentation
Title:

Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management

Description:

2nd EMANICS Workshop on Peer-to-Peer Management Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management Speaker: – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 31
Provided by: Luca50
Learn more at: http://www.lajello.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management


1
Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it
2
SecNet group members and activities
  • Research topics
  • Peer to Peer
  • Security on distributed systems
  • Recommendation systems
  • Complex network analysis
  • Social networks
  • Collaborative tagging systems
  • Giancarlo Ruffo, associate professor
  • Rossano Schifanella, researcher
  • Alessandro Basso, researcher
  • Marco Milanesio, PhD student
  • Andrè Panisson, PhD student
  • Luca Maria Aiello, PhD student

3
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

4
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

5
Motivations
  • Structured P2P systems are mature enough for
    applications
  • Scalable, efficient, resistant against random
    node failures
  • Still inadequate for dependable services
  • Too many known attacks
  • Node id and user id aren't coupled
  • When you are cheated, you have no one to blame!
  • Design and implementation of a DHT middleware
    resistant to most known overlay attacks
  • Preserving
  • Scalability
  • Decentralization
  • Efficiency

6
Motivations
Security
Identity management
Reputation
Id-based applications
7
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

8
Attacker model
  • A malicious node is a participant in the system
    that does not follow the protocol correctly. It
    can
  • generate packets with arbitrary content
  • perform IP spoofing
  • intercept and modify communications between other
    nodes
  • collude with other attackers
  • run and control several nodes

9
Attacks against DHTs
a. Storage attacks
b. Routing attacks
c. DDoS attacks
d. Sybil attack
e. Man In The Middle
10
Applying countermeasures
  1. Random NodeIds ? Sybil, routing
  2. Few nodes per user ? Sybil
  3. Verifiable node identity ? Routing, pollution
  4. Secure communication protocol ? Routing, MITM
  5. Safe bootstrap ? Routing (partitioning)

No existent DHT grants these features
11
Current DHT designs
Pastry
Chord
Tapestry
Kademlia
Viceroy
CAN
12
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

13
Likir
Layered Id-based Kademlia-like InfRastructure
Problem loose binding between node and identity
Solution a certification service
Challenge preserving the p2p paradigm pureness
14
Likir architectural model
  • Many other attempts to secure overlay networks
  • Myrmic
  • KadSec
  • Maelstrom
  • In Likir security problems are solved with
  • Registration mechanism
  • Communication
  • protocol enhancement

15
Likir subscription
16
Likir node session
17
Likir content store
All RPC used are the same defined in Kademlia. We
customize only the STORE
Simple API bootstrap() put(key, obj, type,
ttl) get(key, type, userID, recent)
18
Likir security properties
Routing
Sybil
Storage / DDOS
MITM
SPoF
a. Random generated NodeIds
  • b. Verifiable identity
  • No masquerading
  • Account bound to every node
  • ID-based applications integration
  • c. Credentials bound to contents
  • Verifiable ownership (see later)
  • d. Secure communication protocol
  • Resistant to interleaving attacks

e. The Certification Service is contacted only
ONCE
19
Likir performance analysis
  • Cryptographic primitives does not effectively
    impact on performance
  • The main overhead is given by the initial nonce
    exchange

GET
PUT
20
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

21
Reputation system
  • Content credentials allows to know the publisher
    of any object
  • A reputation system can be built to punish
    polluters
  • Defined at an application level.
  • RS exhibits a simple API for the communication
    with applications - blacklist(userID) -
  • Likir does not define a specific RS
  • different application suites could adopt
    different systems, depending on their needs
  • For our experiments we use
  • Blacklist gossip-based approach

22
Banishment of polluters
Snapshot of a simulated massive pollution attack
23
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

24
Putting things together in applications
  • In distributed identity-based commercial
    applications, user data are retained by central
    servers.
  • Secure infrastructure
  • Loss of user privacy
  • Exploiting DHT systems for data storage could
    preserve privacy
  • Respect of user data secrecy
  • Infrastructure prone to common attacks
  • Likir becomes an ideal decentralized platform for
    privacy preserving ID-based applications

25
Decentralized social network framework
  • Secure
  • Applications share the same identity management
    layer
  • ID-based information retrieval filtering
    parameters available
  • Privacy granted through encryption
  • OpenID enabled
  • CS could work also as repository for applications
    showcase and download
  • Secure platform

Identity
Application layer
26
Some Likir based applications
  • LiCha Fully distributed instant messaging
    application
  • User data stored in the DHT
  • Network bandwith consumption is minimized during
    content retrieval due to ID-based index side
    filtering
  • Personal data are encrypted before being stored
  • Every content is signed by Likir layer
  • Fully decentralized tag based search engine
  • Ongoing work

27
Outline
  1. Motivations
  2. Security issues in structured p2p overlays
  3. Likir, a novel identity based DHT
  4. Reputation management on Likir
  5. ID-based applications developement
  6. Conclusions

28
Conclusions
  • Embedding strong identity into the overlay layer
    solves many DHT security issues and offers new
    beyond file sharing opportunities for pure p2p
    paradigm
  • First DHT design facing a so wide spectrum of
    attacks (AFAWK)
  • Scalability and efficiency is preserved
  • The most common criticism
  • Yes, thats secure, but you introduced a
    centralized control and trust point! Thats no
    more p2p!
  • CS is involved only once per peer, in a service
    subscription phase
  • Yes, we have to trust CS, but we think this is an
    acceptable compromise
  • CS solves the first bootstrap problem

29
References
To get Likir library, or related publications
visit
http//likir.di.unito.it
For information, feedback and suggestions, please
contact me
aiello_at_di.unito.it
  • L. M. Aiello, M. Milanesio, G. Ruffo, R.
    Schifanella   "Tempering Kademlia with a Robust
    Identity Based System", In the 8th International
    Conference on Peer-to-Peer Computing 2008
    (P2P'08), RWTH Aachen University, Germany, 2008
  • L. M. Aiello , L. Chisci, R. Fantacci, L.
    Maccari, M. Milanesio, M. Rosi   "Avoiding
    eclipse attacks on Kad/Kademlia an identity
    based approach.", In ICC 2009 Communication and
    Information Systems Security Symposium, to appear

30
Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Thank you for your attention!
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it
About PowerShow.com