Abstract
Separation of identity and location is one of the key properties of peer-to-peer networks. However, this separation can be abused to mount attacks against the network itself. Our contribution in this matter is twofold: First, we present a security-first design for P2P networking based on self-certifying identifiers. It provides message authenticity, integrity of routing tables, and authenticated communication, is resistant (and not only resilient) against many typical peer-to-peer-specific attacks, and guarantees uniform identifier distribution. The second aspect of our contribution disproves the often-quoted assumption that proof-of-work-based identifier generation can sufficiently hinder certain peer-to-peer attacks such as the Sybil attack. This finding seriously questions previously proposed proof-of-work-based defence mechanisms and leads to the only conclusion possible: Proof-of-work-based measures to limit arbitrary identifier generation do not stand the test of reality.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
According to pricing information available at https://www.hetzner.com/cloud.
- 4.
Each message requires two signatures to be verified.
- 5.
References
Baumgart, I., Mies, S.: S/Kademlia: a practicable approach towards secure key-based routing. In: 2007 International Conference on Parallel and Distributed Systems, pp. 1–8, December 2007
Benet, J.: IPFS - Content Addressed, Versioned, P2P File System (DRAFT 3). July 2014. https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3LX/ipfs.draft3.pdf (visited on 07/04/2017)
Cohen, B.: The BitTorrent Protocol Specification, 11 October 2013. http://www.bittorrent.org/beps/bep_0003.html. Accessed 24 Apr 2017
Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_24
Fantacci, R., et al.: Avoiding eclipse attacks on Kad/Kademlia: an identity based approach. In: 2009 IEEE International Conference on Communications, pp. 1–5, June 2009
Heilman,E., et al.: Eclipse attacks on bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 129–144. USENIX Association, Washington, August 2015
International Organization for Standardization: ISO/IEC 15408–1:2008 Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model. Geneva, Switzerland, 15 January 2014
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)
Levine, B.N., Shields, C., Margolin, N.B.: A survey of solutions to the sybil attack. Technical report 2006–052. University of Massachusetts Amherst, Amherst, October 2006
Li, F., et al.: SybilControl: practical sybil defense with computational puzzles. In: Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing, pp. 67–78. ACM, Raleigh (2012)
Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system based on the XOR metric. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_5
Mazières, D., Frans Kaashoek, M.: Escaping the evils of centralized control with self-certifying pathnames. In: Proceedings of the 8th ACM SIGOPS European Workshop on Support for Composing Distributed Applications, pp. 118–125. ACM, Sintra (1998)
Moore, D.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006)
Moskowitz, R., Nikander, P., Henderson, T.: Host identity protocol. RFC 5201, April 2008. http://www.rfc-editor.org/rfc/rfc5201.txt. Accessed 05/04/2017
National Institute of Standards and Technology: SHA-3 Standard: Permutation- Based Hash and Extendable-Output Functions. FIPS PIB 202, 4 August 2015
Ratnasamy, S., et al.: A scalable content-addressable network. In: Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2001, pp. 161–172. ACM, San Diego (2001)
Singh, A., et al.: Defending against eclipse attacks on overlay networks. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop, EW 11. ACM, Leuven (2004)
Stoica, I., et al.: Chord: a scalable peer-to-peer lookup service for internet applications. In: Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2001, pp. 149–160. ACM, San Diego (2001)
Viswanath, B., et al.: An analysis of social network-based sybil defenses. In: Proceedings of the ACM SIGCOMM 2010 Conference, pp. 363–374. ACM, New Delhi (2010)
Yu, H., et al.: SybilGuard: defending against sybil attacks via social networks. In: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2006, pp. 267–278. ACM, Pisa (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Prünster, B., Ziegler, D., Kollmann, C., Suzic, B. (2018). A Holistic Approach Towards Peer-to-Peer Security and Why Proof of Work Won’t Do. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-01704-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-01704-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01703-3
Online ISBN: 978-3-030-01704-0
eBook Packages: Computer ScienceComputer Science (R0)