embedding identity in dht systems: security, reputation and social networking management

Embedding identity in DHT systems: security, reputation and social networking management 1

Embedding Identity in DHT Systems: Security, Embedding Identity in DHT Systems: Security, Reputation and Social Networking ManagementReputation and Social Networking Management

Speaker:Luca Maria AielloSecNet GroupUniversità degli Studi di Torino, Computer Science DepartmentCorso Svizzera, 185 – 10149, Torino, [email protected]

2nd EMANICS Workshop on Peer-to-Peer Management


SecNet group members and activities

− Giancarlo Ruffo, associate professor− Rossano Schifanella, researcher− Alessandro Basso, researcher− Marco Milanesio, PhD student− Andrè Panisson, PhD student− Luca Maria Aiello, PhD student

Research topics:• Peer to Peer• Security on distributed systems• Recommendation systems• Complex network analysis• Social networks• Collaborative tagging systems• …


Outline

1. Motivations2. Security issues in structured p2p overlays3. Likir, a novel identity based DHT4. Reputation management on Likir5. ID-based applications developement6. Conclusions


Outline



Motivations

Structured P2P systems are mature enough for applications• Scalable, efficient, resistant against random node failures

Still inadequate for dependable services• Too many known attacks• Node id and user id aren't coupled• When you are cheated, you have no one to blame!

Design and implementation of a DHT middleware resistant to most known overlay attacks

Preserving:• Scalability• Decentralization• Efficiency


Security

Identity management

Reputation

Id-based applications

Motivations


Outline



Attacker model

A malicious node is a participant in the system that does not follow the protocol correctly. It can:• generate packets with arbitrary content• perform IP spoofing• intercept and modify communications between other nodes• collude with other attackers• run and control several nodes


a. Storage attacks

b. Routing attacks

c. DDoS attacks

e. Man In The Middle

d. Sybil attack

Attacks against DHTs


a. Random NodeIds Sybil, routing

b. Few nodes per user Sybil

c. Verifiable node identity Routing, pollution

d. Secure communication protocol Routing, MITM

e. Safe bootstrap Routing (partitioning)

No existent DHT grants these featuresNo existent DHT grants these features

Applying countermeasures


PastryChord Tapestry

KademliaCAN Viceroy

Current DHT designs


Outline



Layered Id-based Kademlia-like InfRastructure

Problem: loose binding between node and identity

Solution: a certification service

Challenge: preserving the p2p paradigm pureness

Likir


Likir: architectural model

Many other attempts to secure overlay networks:• Myrmic• KadSec• Maelstrom• …

In Likir security problems are solved with:• Registration mechanism• Communication protocol enhancement


Likir: subscription


Likir: node session


All RPC used are the same defined in Kademlia.We customize only the STORE:

Likir: content store

Simple API:bootstrap()put(key, obj, type, ttl)get(key, type, userID, recent)


Routing Storage / DDOSSybil MITM

a. Random generated NodeIds

b. Verifiable identity No masquerading Account bound to every node ID-based applications integration

c. Credentials bound to contents Verifiable ownership (see later)

d. Secure communication protocol Resistant to interleaving attacks

SPoF

e. The Certification Service is contacted only ONCE

Likir: security properties


Likir: performance analysis

Cryptographic primitives does not effectively impact on performance

The main overhead is given by the initial nonce exchange

GETPUT


Outline



Reputation system

Content credentials allows to know the publisher of any object A reputation system can be built to punish polluters Defined at an application level. RS exhibits a simple API for the communication with applications

- blacklist(userID) - Likir does not define a specific RS

• different application suites could adopt different systems, depending on their needs;

For our experiments we use:• Blacklist + gossip-based approach


Banishment of polluters

Snapshot of a simulated massive pollution attack


Outline



Putting things together in applications

In distributed identity-based commercial applications, user data are retained by central servers.

Secure infrastructureLoss of user privacy

Exploiting DHT systems for data storage could preserve privacy…

Respect of user data secrecyInfrastructure prone to common attacks

Likir becomes an ideal decentralized platform for privacy preserving ID-based applications


Decentralized social network framework

Secure Applications share the same

identity management layer ID-based information retrieval

filtering parameters available Privacy granted through

encryption OpenID enabled CS could work also as

repository for applications showcase and download

Secure platform

Identity

Application layer


Some Likir based applications

LiCha: Fully distributed instant messaging application• User data stored in the DHT• Network bandwith consumption is minimized during

content retrieval due to ID-based index side filtering• Personal data are encrypted before being stored• Every content is signed by Likir layer

Fully decentralized tag based search engine• Ongoing work…


Outline



Conclusions

Embedding strong identity into the overlay layer solves many DHT security issues and offers new “beyond file sharing” opportunities for pure p2p paradigm

First DHT design facing a so wide spectrum of attacks (AFAWK) Scalability and efficiency is preserved The most common criticism:

“Yes, that’s secure, but you introduced a centralized control and trust point! That’s no more p2p!”

• CS is involved only once per peer, in a service subscription phase• Yes, we have to trust CS, but we think this is an acceptable

compromise• CS solves the first bootstrap problem


http://likir.di.unito.it

References

L. M. Aiello, M. Milanesio, G. Ruffo, R. Schifanella "Tempering Kademlia with a Robust Identity Based System", In the 8th International Conference on Peer-to-Peer Computing 2008 (P2P'08), RWTH Aachen University, Germany, 2008

L. M. Aiello , L. Chisci, R. Fantacci, L. Maccari, M. Milanesio, M. Rosi "Avoiding eclipse attacks on Kad/Kademlia: an identity based approach.", In ICC 2009 Communication and Information Systems Security Symposium, to appear

To get Likir library, or related publications visit:

For information, feedback and suggestions, please contact me:

[email protected]


Embedding Identity in DHT Systems: Security, Embedding Identity in DHT Systems: Security, Reputation and Social Networking ManagementReputation and Social Networking Management

Thank you for your attention!

Speaker:Luca Maria AielloSecNet GroupUniversità degli Studi di Torino, Computer Science DepartmentCorso Svizzera, 185 – 10149, Torino, [email protected]

2nd EMANICS Workshop on Peer-to-Peer Management

embedding identity in dht systems: security, reputation and social networking management

Documents

dht systems

peer security

dht middleware resistant

structured p2p overlayslikir

phd student luca maria

phd student andr panisson

phd studentresearch

attacksnode id