Embed Size (px)
Citation preview
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1
Tempering Kademlia with a Tempering Kademlia with a robust identity based systemrobust identity based system
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 2
PeeR-to-peer beyOnd FILE Sharing
CataniaFirenzeParmaPaviaRomaTorinoTrento
Security onp2p networks
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 3
Goal
Design and implementation of a DHT middleware resistant to most known overlay attacks
a. Scalabilityb. Complete decentralizationc. Efficiency
Preserving:
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 4
Steps
a. Analysis of DHT security issuesb. Overview on existing DHTs propertiesc. Secure protocol (and architecture) designd. Performance analisyse. Implementation
+f. Identity Based Cryptography
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 5
Distributed Hash Tables
b. Overlay network
c. Keyspace
d. Key-node binding
e. Key-content binding
f. Responsibility function
g. Lookup in O(log(N)) steps
a. Content storage
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 6
Attacks against DHTs
a. Storage attacks
b. Routing attacks
c. DDoS attacks
e. Man In The Middle
d. Sybil attack
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 7
Applying countermeasures
a. Random NodeIds
b. Few nodes per user
c. Verifiable node identity
d. Secure communication protocol
e. Safe bootstrap
No existent DHT grants these features
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 8
Current DHT designs
PastryChord Tapestry
KademliaCAN Viceroy
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 9
Kademlia
a. Simple protocol (ping, store, find-node, find-value)
b. Routing messages piggybacking
c. Lightweight join phase
d. XOR metric
e. Caching
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 10
Kademlia: applications
Vuze Bittorrent eMule Limewire Retroshare
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 11
Likir
Layered Id-based Kademlia InfRastructure
Problema: loose binding between node and identity
Soluzione: a certification service
Sfida: preserving the p2p paradigm pureness
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 12
Likir: architecture
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 13
Likir: initialization
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 14
Likir: node session
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 15
Likir: content STORE
All RPC used are the same defined in Kademlia.We customize only the STORE:
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 16
Likir: Security properties
Routing Storage / DDOSSybil MITM
a. Random generated NodeIds
b. Verifiable identity No masquerading Account binded to every node ID-based applications integration
c. Credentials binded to contents Verifiable ownership Reputation + Blacklisting
d. Secure communication protocol Resistant to interleaving attacks
SPoF
e. The Certification Service is contected only ONCE
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 17
Identity 2.0
+
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 18
VERIFIED
Identity 2.0
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 19
1.Setup → 2.Extract → 3.Sign → 4.Verify
Identity Based Signature
Schema IBS di Boneh Franklyn (2001)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 20
Likir & IBS: evaluation
Need of a Private Key Generator
Key Escrow
Signature generation and check is slower than RSA
Identity 2.0 compliant
The public key can be omitted
Signatures are smaller than in RSA
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 21
Performance evaluation
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 22
Performance evaluation
a. JLikir, Java 1.6b. Kademlia adhering c. CS implemented like a CAd. Index Side Filteringe. We used JLikir to develop LiCha
− Privacy-aware instant messaging application− Fully decentralized service− Likir identity support is fully exploited− High privacy and security level
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 23
Implementation
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 24
Conclusions
Kademlia + Identity support +
Protection from attacks = —————————————
Likir__
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 25Likir monastery, Ladakh
Questions?
