Presentation is loading. Please wait.

Presentation is loading. Please wait.

Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and.

Similar presentations


Presentation on theme: "Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and."— Presentation transcript:

1 Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management Speaker: Luca Maria Aiello SecNet Group Università degli Studi di Torino, Computer Science Department Corso Svizzera, 185 – 10149, Torino, Italy 2 nd EMANICS Workshop on Peer-to-Peer Management

2 Embedding identity in DHT systems: security, reputation and social networking management 2 SecNet group members and activities − Giancarlo Ruffo, associate professor − Rossano Schifanella, researcher − Alessandro Basso, researcher − Marco Milanesio, PhD student − Andrè Panisson, PhD student − Luca Maria Aiello, PhD student Research topics: Peer to Peer Security on distributed systems Recommendation systems Complex network analysis Social networks Collaborative tagging systems …

3 Embedding identity in DHT systems: security, reputation and social networking management 3 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions

4 Embedding identity in DHT systems: security, reputation and social networking management 4 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions

5 Embedding identity in DHT systems: security, reputation and social networking management 5 Motivations Structured P2P systems are mature enough for applications Scalable, efficient, resistant against random node failures Still inadequate for dependable services Too many known attacks Node id and user id aren't coupled When you are cheated, you have no one to blame! Design and implementation of a DHT middleware resistant to most known overlay attacks Preserving: Scalability Decentralization Efficiency

6 Embedding identity in DHT systems: security, reputation and social networking management 6 Security Identity management Reputation Id-based applications Motivations

7 Embedding identity in DHT systems: security, reputation and social networking management 7 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions

8 Embedding identity in DHT systems: security, reputation and social networking management 8 Attacker model A malicious node is a participant in the system that does not follow the protocol correctly. It can: generate packets with arbitrary content perform IP spoofing intercept and modify communications between other nodes collude with other attackers run and control several nodes

9 Embedding identity in DHT systems: security, reputation and social networking management 9 a. Storage attacks b. Routing attacks c. DDoS attacks e. Man In The Middle d. Sybil attack Attacks against DHTs

10 Embedding identity in DHT systems: security, reputation and social networking management 10 a.Random NodeIds  Sybil, routing b.Few nodes per user  Sybil c.Verifiable node identity  Routing, pollution d.Secure communication protocol  Routing, MITM e.Safe bootstrap  Routing (partitioning) No existent DHT grants these features Applying countermeasures

11 Embedding identity in DHT systems: security, reputation and social networking management 11 PastryChordTapestry Kademlia CAN Viceroy Current DHT designs

12 Embedding identity in DHT systems: security, reputation and social networking management 12 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions

13 Embedding identity in DHT systems: security, reputation and social networking management 13 Layered Id-based Kademlia-like InfRastructure Problem: loose binding between node and identity Solution: a certification service Challenge: preserving the p2p paradigm pureness Likir

14 Embedding identity in DHT systems: security, reputation and social networking management 14 Likir: architectural model Many other attempts to secure overlay networks: Myrmic KadSec Maelstrom … In Likir security problems are solved with: Registration mechanism Communication protocol enhancement

15 Embedding identity in DHT systems: security, reputation and social networking management 15 Likir: subscription

16 Embedding identity in DHT systems: security, reputation and social networking management 16 Likir: node session

17 Embedding identity in DHT systems: security, reputation and social networking management 17 All RPC used are the same defined in Kademlia. We customize only the STORE: Likir: content store Simple API: bootstrap() put(key, obj, type, ttl) get(key, type, userID, recent)

18 Embedding identity in DHT systems: security, reputation and social networking management 18 Routing Storage / DDOS Sybil MITM a. Random generated NodeIds b. Verifiable identity ­No masquerading ­Account bound to every node ­ID-based applications integration c. Credentials bound to contents ­Verifiable ownership (see later) d. Secure communication protocol ­Resistant to interleaving attacks SPoF e. The Certification Service is contacted only ONCE Likir: security properties

19 Embedding identity in DHT systems: security, reputation and social networking management 19 Likir: performance analysis Cryptographic primitives does not effectively impact on performance The main overhead is given by the initial nonce exchange GETPUT

20 Embedding identity in DHT systems: security, reputation and social networking management 20 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions

21 Embedding identity in DHT systems: security, reputation and social networking management 21 Reputation system Content credentials allows to know the publisher of any object A reputation system can be built to punish polluters Defined at an application level. RS exhibits a simple API for the communication with applications - blacklist(userID) - Likir does not define a specific RS different application suites could adopt different systems, depending on their needs; For our experiments we use: Blacklist + gossip-based approach

22 Embedding identity in DHT systems: security, reputation and social networking management 22 Banishment of polluters Snapshot of a simulated massive pollution attack

23 Embedding identity in DHT systems: security, reputation and social networking management 23 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions

24 Embedding identity in DHT systems: security, reputation and social networking management 24 Putting things together in applications In distributed identity-based commercial applications, user data are retained by central servers. Secure infrastructure Loss of user privacy Exploiting DHT systems for data storage could preserve privacy… Respect of user data secrecy Infrastructure prone to common attacks Likir becomes an ideal decentralized platform for privacy preserving ID-based applications

25 Embedding identity in DHT systems: security, reputation and social networking management 25 Decentralized social network framework Secure Applications share the same identity management layer ID-based information retrieval filtering parameters available Privacy granted through encryption OpenID enabled CS could work also as repository for applications showcase and download Secure platform Identity Application layer

26 Embedding identity in DHT systems: security, reputation and social networking management 26 Some Likir based applications LiCha: Fully distributed instant messaging application User data stored in the DHT Network bandwith consumption is minimized during content retrieval due to ID-based index side filtering Personal data are encrypted before being stored Every content is signed by Likir layer Fully decentralized tag based search engine Ongoing work…

27 Embedding identity in DHT systems: security, reputation and social networking management 27 Outline 1.Motivations 2.Security issues in structured p2p overlays 3.Likir, a novel identity based DHT 4.Reputation management on Likir 5.ID-based applications developement 6.Conclusions

28 Embedding identity in DHT systems: security, reputation and social networking management 28 Conclusions Embedding strong identity into the overlay layer solves many DHT security issues and offers new “beyond file sharing” opportunities for pure p2p paradigm First DHT design facing a so wide spectrum of attacks (AFAWK) Scalability and efficiency is preserved The most common criticism: “Yes, that’s secure, but you introduced a centralized control and trust point! That’s no more p2p!” CS is involved only once per peer, in a service subscription phase Yes, we have to trust CS, but we think this is an acceptable compromise CS solves the first bootstrap problem

29 Embedding identity in DHT systems: security, reputation and social networking management 29 References L. M. Aiello, M. Milanesio, G. Ruffo, R. Schifanella "Tempering Kademlia with a Robust Identity Based System", In the 8th International Conference on Peer-to- Peer Computing 2008 (P2P'08), RWTH Aachen University, Germany, 2008 L. M. Aiello, L. Chisci, R. Fantacci, L. Maccari, M. Milanesio, M. Rosi "Avoiding eclipse attacks on Kad/Kademlia: an identity based approach.", In ICC 2009 Communication and Information Systems Security Symposium, to appear To get Likir library, or related publications visit: For information, feedback and suggestions, please contact me:

30 Embedding identity in DHT systems: security, reputation and social networking management 30 Embedding Identity in DHT Systems: Security, Reputation and Social Networking Management Thank you for your attention! Speaker: Luca Maria Aiello SecNet Group Università degli Studi di Torino, Computer Science Department Corso Svizzera, 185 – 10149, Torino, Italy 2 nd EMANICS Workshop on Peer-to-Peer Management


Download ppt "Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and."

Similar presentations


Ads by Google