Advertisement

A Holistic Approach Towards Peer-to-Peer Security and Why Proof of Work Won’t Do

  • Bernd Prünster
  • Dominik Ziegler
  • Chrisitan Kollmann
  • Bojan Suzic
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 255)

Abstract

Separation of identity and location is one of the key properties of peer-to-peer networks. However, this separation can be abused to mount attacks against the network itself. Our contribution in this matter is twofold: First, we present a security-first design for P2P networking based on self-certifying identifiers. It provides message authenticity, integrity of routing tables, and authenticated communication, is resistant (and not only resilient) against many typical peer-to-peer-specific attacks, and guarantees uniform identifier distribution. The second aspect of our contribution disproves the often-quoted assumption that proof-of-work-based identifier generation can sufficiently hinder certain peer-to-peer attacks such as the Sybil attack. This finding seriously questions previously proposed proof-of-work-based defence mechanisms and leads to the only conclusion possible: Proof-of-work-based measures to limit arbitrary identifier generation do not stand the test of reality.

Keywords

Peer-to-peer networks Network security Decentralised routing Authenticated communication Self-certification Proof of work 

References

  1. 1.
    Baumgart, I., Mies, S.: S/Kademlia: a practicable approach towards secure key-based routing. In: 2007 International Conference on Parallel and Distributed Systems, pp. 1–8, December 2007Google Scholar
  2. 2.
    Benet, J.: IPFS - Content Addressed, Versioned, P2P File System (DRAFT 3). July 2014. https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3LX/ipfs.draft3.pdf (visited on 07/04/2017)
  3. 3.
    Cohen, B.: The BitTorrent Protocol Specification, 11 October 2013. http://www.bittorrent.org/beps/bep_0003.html. Accessed 24 Apr 2017
  4. 4.
    Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45748-8_24CrossRefGoogle Scholar
  5. 5.
    Fantacci, R., et al.: Avoiding eclipse attacks on Kad/Kademlia: an identity based approach. In: 2009 IEEE International Conference on Communications, pp. 1–5, June 2009Google Scholar
  6. 6.
    Heilman,E., et al.: Eclipse attacks on bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 129–144. USENIX Association, Washington, August 2015Google Scholar
  7. 7.
    International Organization for Standardization: ISO/IEC 15408–1:2008 Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model. Geneva, Switzerland, 15 January 2014Google Scholar
  8. 8.
    Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)CrossRefGoogle Scholar
  9. 9.
    Levine, B.N., Shields, C., Margolin, N.B.: A survey of solutions to the sybil attack. Technical report 2006–052. University of Massachusetts Amherst, Amherst, October 2006Google Scholar
  10. 10.
    Li, F., et al.: SybilControl: practical sybil defense with computational puzzles. In: Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing, pp. 67–78. ACM, Raleigh (2012)Google Scholar
  11. 11.
    Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system based on the XOR metric. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45748-8_5CrossRefzbMATHGoogle Scholar
  12. 12.
    Mazières, D., Frans Kaashoek, M.: Escaping the evils of centralized control with self-certifying pathnames. In: Proceedings of the 8th ACM SIGOPS European Workshop on Support for Composing Distributed Applications, pp. 118–125. ACM, Sintra (1998)Google Scholar
  13. 13.
    Moore, D.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006)CrossRefGoogle Scholar
  14. 14.
    Moskowitz, R., Nikander, P., Henderson, T.: Host identity protocol. RFC 5201, April 2008. http://www.rfc-editor.org/rfc/rfc5201.txt. Accessed 05/04/2017
  15. 15.
    National Institute of Standards and Technology: SHA-3 Standard: Permutation- Based Hash and Extendable-Output Functions. FIPS PIB 202, 4 August 2015Google Scholar
  16. 16.
    Ratnasamy, S., et al.: A scalable content-addressable network. In: Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2001, pp. 161–172. ACM, San Diego (2001)Google Scholar
  17. 17.
    Singh, A., et al.: Defending against eclipse attacks on overlay networks. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop, EW 11. ACM, Leuven (2004)Google Scholar
  18. 18.
    Stoica, I., et al.: Chord: a scalable peer-to-peer lookup service for internet applications. In: Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2001, pp. 149–160. ACM, San Diego (2001)CrossRefGoogle Scholar
  19. 19.
    Viswanath, B., et al.: An analysis of social network-based sybil defenses. In: Proceedings of the ACM SIGCOMM 2010 Conference, pp. 363–374. ACM, New Delhi (2010)Google Scholar
  20. 20.
    Yu, H., et al.: SybilGuard: defending against sybil attacks via social networks. In: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2006, pp. 267–278. ACM, Pisa (2006)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Bernd Prünster
    • 1
  • Dominik Ziegler
    • 2
  • Chrisitan Kollmann
    • 3
  • Bojan Suzic
    • 4
  1. 1.Secure Information Technology Center – Austria (A-SIT)GrazAustria
  2. 2.Know-Center GmbHGrazAustria
  3. 3.A-SIT Plus GmbHViennaAustria
  4. 4.Institute of Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations