Title: Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management
1Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it
2SecNet group members and activities
- Research topics
- Peer to Peer
- Security on distributed systems
- Recommendation systems
- Complex network analysis
- Social networks
- Collaborative tagging systems
-
- Giancarlo Ruffo, associate professor
- Rossano Schifanella, researcher
- Alessandro Basso, researcher
- Marco Milanesio, PhD student
- Andrè Panisson, PhD student
- Luca Maria Aiello, PhD student
3Outline
- Motivations
- Security issues in structured p2p overlays
- Likir, a novel identity based DHT
- Reputation management on Likir
- ID-based applications developement
- Conclusions
4Outline
- Motivations
- Security issues in structured p2p overlays
- Likir, a novel identity based DHT
- Reputation management on Likir
- ID-based applications developement
- Conclusions
5Motivations
- Structured P2P systems are mature enough for
applications - Scalable, efficient, resistant against random
node failures - Still inadequate for dependable services
- Too many known attacks
- Node id and user id aren't coupled
- When you are cheated, you have no one to blame!
- Design and implementation of a DHT middleware
resistant to most known overlay attacks - Preserving
- Scalability
- Decentralization
- Efficiency
6Motivations
Security
Identity management
Reputation
Id-based applications
7Outline
- Motivations
- Security issues in structured p2p overlays
- Likir, a novel identity based DHT
- Reputation management on Likir
- ID-based applications developement
- Conclusions
8Attacker model
- A malicious node is a participant in the system
that does not follow the protocol correctly. It
can - generate packets with arbitrary content
- perform IP spoofing
- intercept and modify communications between other
nodes - collude with other attackers
- run and control several nodes
9Attacks against DHTs
a. Storage attacks
b. Routing attacks
c. DDoS attacks
d. Sybil attack
e. Man In The Middle
10Applying countermeasures
- Random NodeIds ? Sybil, routing
- Few nodes per user ? Sybil
- Verifiable node identity ? Routing, pollution
- Secure communication protocol ? Routing, MITM
- Safe bootstrap ? Routing (partitioning)
No existent DHT grants these features
11Current DHT designs
Pastry
Chord
Tapestry
Kademlia
Viceroy
CAN
12Outline
- Motivations
- Security issues in structured p2p overlays
- Likir, a novel identity based DHT
- Reputation management on Likir
- ID-based applications developement
- Conclusions
13Likir
Layered Id-based Kademlia-like InfRastructure
Problem loose binding between node and identity
Solution a certification service
Challenge preserving the p2p paradigm pureness
14Likir architectural model
- Many other attempts to secure overlay networks
- Myrmic
- KadSec
- Maelstrom
-
- In Likir security problems are solved with
- Registration mechanism
- Communication
- protocol enhancement
15Likir subscription
16Likir node session
17Likir content store
All RPC used are the same defined in Kademlia. We
customize only the STORE
Simple API bootstrap() put(key, obj, type,
ttl) get(key, type, userID, recent)
18Likir security properties
Routing
Sybil
Storage / DDOS
MITM
SPoF
a. Random generated NodeIds
- b. Verifiable identity
- No masquerading
- Account bound to every node
- ID-based applications integration
- c. Credentials bound to contents
- Verifiable ownership (see later)
- d. Secure communication protocol
- Resistant to interleaving attacks
e. The Certification Service is contacted only
ONCE
19Likir performance analysis
- Cryptographic primitives does not effectively
impact on performance - The main overhead is given by the initial nonce
exchange
GET
PUT
20Outline
- Motivations
- Security issues in structured p2p overlays
- Likir, a novel identity based DHT
- Reputation management on Likir
- ID-based applications developement
- Conclusions
21Reputation system
- Content credentials allows to know the publisher
of any object - A reputation system can be built to punish
polluters - Defined at an application level.
- RS exhibits a simple API for the communication
with applications - blacklist(userID) - - Likir does not define a specific RS
- different application suites could adopt
different systems, depending on their needs - For our experiments we use
- Blacklist gossip-based approach
22Banishment of polluters
Snapshot of a simulated massive pollution attack
23Outline
- Motivations
- Security issues in structured p2p overlays
- Likir, a novel identity based DHT
- Reputation management on Likir
- ID-based applications developement
- Conclusions
24Putting things together in applications
- In distributed identity-based commercial
applications, user data are retained by central
servers. - Secure infrastructure
- Loss of user privacy
- Exploiting DHT systems for data storage could
preserve privacy - Respect of user data secrecy
- Infrastructure prone to common attacks
- Likir becomes an ideal decentralized platform for
privacy preserving ID-based applications
25Decentralized social network framework
- Secure
- Applications share the same identity management
layer - ID-based information retrieval filtering
parameters available - Privacy granted through encryption
- OpenID enabled
- CS could work also as repository for applications
showcase and download - Secure platform
Identity
Application layer
26Some Likir based applications
- LiCha Fully distributed instant messaging
application - User data stored in the DHT
- Network bandwith consumption is minimized during
content retrieval due to ID-based index side
filtering - Personal data are encrypted before being stored
- Every content is signed by Likir layer
- Fully decentralized tag based search engine
- Ongoing work
27Outline
- Motivations
- Security issues in structured p2p overlays
- Likir, a novel identity based DHT
- Reputation management on Likir
- ID-based applications developement
- Conclusions
28Conclusions
- Embedding strong identity into the overlay layer
solves many DHT security issues and offers new
beyond file sharing opportunities for pure p2p
paradigm - First DHT design facing a so wide spectrum of
attacks (AFAWK) - Scalability and efficiency is preserved
- The most common criticism
- Yes, thats secure, but you introduced a
centralized control and trust point! Thats no
more p2p! - CS is involved only once per peer, in a service
subscription phase - Yes, we have to trust CS, but we think this is an
acceptable compromise - CS solves the first bootstrap problem
29References
To get Likir library, or related publications
visit
http//likir.di.unito.it
For information, feedback and suggestions, please
contact me
aiello_at_di.unito.it
- L. M. Aiello, M. Milanesio, G. Ruffo, R.
Schifanella "Tempering Kademlia with a Robust
Identity Based System", In the 8th International
Conference on Peer-to-Peer Computing 2008
(P2P'08), RWTH Aachen University, Germany, 2008 - L. M. Aiello , L. Chisci, R. Fantacci, L.
Maccari, M. Milanesio, M. Rosi "Avoiding
eclipse attacks on Kad/Kademlia an identity
based approach.", In ICC 2009 Communication and
Information Systems Security Symposium, to appear
30Embedding Identity in DHT Systems Security,
Reputation and Social Networking Management
2nd EMANICS Workshop on Peer-to-Peer Management
Thank you for your attention!
Speaker Luca Maria Aiello SecNet
Group Università degli Studi di Torino, Computer
Science Department Corso Svizzera, 185 10149,
Torino, Italy aiello_at_di.unito.it