Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering...
-
Upload
jaylan-hessell -
Category
Documents
-
view
216 -
download
1
Transcript of Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering...
![Page 1: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/1.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1
Tempering Kademlia with a Tempering Kademlia with a robust identity based systemrobust identity based system
![Page 2: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/2.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 2
PeeR-to-peer beyOnd FILE Sharing
CataniaFirenzeParmaPaviaRomaTorinoTrento
Security onp2p networks
![Page 3: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/3.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 3
Goal
Design and implementation of a DHT middleware resistant to most known overlay attacks
a. Scalabilityb. Complete decentralizationc. Efficiency
Preserving:
![Page 4: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/4.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 4
Steps
a. Analysis of DHT security issuesb. Overview on existing DHTs propertiesc. Secure protocol (and architecture) designd. Performance analisyse. Implementation
+f. Identity Based Cryptography
![Page 5: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/5.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 5
Distributed Hash Tables
b. Overlay network
c. Keyspace
d. Key-node binding
e. Key-content binding
f. Responsibility function
g. Lookup in O(log(N)) steps
a. Content storage
![Page 6: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/6.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 6
Attacks against DHTs
a. Storage attacks
b. Routing attacks
c. DDoS attacks
e. Man In The Middle
d. Sybil attack
![Page 7: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/7.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 7
Applying countermeasures
a. Random NodeIds
b. Few nodes per user
c. Verifiable node identity
d. Secure communication protocol
e. Safe bootstrap
No existent DHT grants these features
![Page 8: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/8.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 8
Current DHT designs
PastryChord Tapestry
KademliaCAN Viceroy
![Page 9: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/9.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 9
Kademlia
a. Simple protocol (ping, store, find-node, find-value)
b. Routing messages piggybacking
c. Lightweight join phase
d. XOR metric
e. Caching
![Page 10: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/10.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 10
Kademlia: applications
Vuze Bittorrent eMule Limewire Retroshare
![Page 11: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/11.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 11
Likir
Layered Id-based Kademlia InfRastructure
Problema: loose binding between node and identity
Soluzione: a certification service
Sfida: preserving the p2p paradigm pureness
![Page 12: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/12.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 12
Likir: architecture
![Page 13: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/13.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 13
Likir: initialization
![Page 14: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/14.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 14
Likir: node session
![Page 15: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/15.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 15
Likir: content STORE
All RPC used are the same defined in Kademlia.We customize only the STORE:
![Page 16: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/16.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 16
Likir: Security properties
Routing Storage / DDOSSybil MITM
a. Random generated NodeIds
b. Verifiable identity No masquerading Account binded to every node ID-based applications integration
c. Credentials binded to contents Verifiable ownership Reputation + Blacklisting
d. Secure communication protocol Resistant to interleaving attacks
SPoF
e. The Certification Service is contected only ONCE
![Page 17: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/17.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 17
Identity 2.0
+
![Page 18: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/18.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 18
VERIFIED
Identity 2.0
![Page 19: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/19.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 19
1.Setup → 2.Extract → 3.Sign → 4.Verify
Identity Based Signature
Schema IBS di Boneh Franklyn (2001)
![Page 20: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/20.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 20
Likir & IBS: evaluation
Need of a Private Key Generator
Key Escrow
Signature generation and check is slower than RSA
Identity 2.0 compliant
The public key can be omitted
Signatures are smaller than in RSA
![Page 21: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/21.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 21
Performance evaluation
![Page 22: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/22.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 22
Performance evaluation
![Page 23: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/23.jpg)
a. JLikir, Java 1.6b. Kademlia adhering c. CS implemented like a CAd. Index Side Filteringe. We used JLikir to develop LiCha
− Privacy-aware instant messaging application− Fully decentralized service− Likir identity support is fully exploited− High privacy and security level
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 23
Implementation
![Page 24: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/24.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 24
Conclusions
Kademlia + Identity support +
Protection from attacks = —————————————
Likir__
![Page 25: Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.](https://reader037.fdocuments.in/reader037/viewer/2022103112/551a7acb550346b52d8b53bf/html5/thumbnails/25.jpg)
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 25Likir monastery, Ladakh
Questions?