2 P2P or Not 2 P2P?

In the hope of stimulating discussion, we present a heuristic decision tree that designers can use to judge the likely suitability of a P2P architecture for their applications. It is based on the characteristics of a wide range of P2P systems from the literature, both proposed and deployed.Comment: 6 pages, 1 figur

Application of JXTA-overlay platform for secure robot control

In this paper, we present the evaluation and experimental results of secured robot control in a P2P system. The control system is based on JXTA-Overlay platform. We used secure primitives and functions of JXTA-Overlay for the secure control of the robot motors. We investigated the time of robot control for some scenarios with different number of peers connected in JXTA-Overlay network. All experiments are realised in a LAN environment. The experimental results show that with the join of other peers in the network, the average time of robot control is increased, but the difference between the secure and unsecure robot control average time is nearly the samePeer ReviewedPostprint (published version

ДЕЦЕНТРАЛИЗАЦИЯ В ЦИФРОВОМ ОБЩЕСТВЕ: ПАРАДОКС ДИЗАЙНА

Digital societies come with a design paradox: On the one hand, technologies, such as Internet of Things, pervasive and ubiquitous systems, allow a distributed local intelligence in interconnected devices of our everyday life such as smart phones, smart thermostats, self-driving cars, etc. On the other hand, Big Data collection and storage is managed in a highly centralized fashion, resulting in privacy-intrusion, surveillance actions, discriminatory and segregation social phenomena. What is the difference between a distributed and a decentralized system design? How “decentralized” is the processing of our data nowadays? Does centralized design undermine autonomy? Can the level of decentralization in the implemented technologies influence ethical and social dimensions, such as social justice? Can decentralization convey sustainability? Are there parallelisms between the decentralization of digital technology and the decentralization of urban development?Цифровая трансформация основывается на автоматизированных процессах и инвестициях в новые технологии: искусственный интеллект, блокчейн, анализ данных и интернет вещей. Но в центре успешной стратегии цифровой трансформации все равно находится человек. Цифровая трансформация порождает парадоксы новых моделей: с одной стороны, распространяются повсеместно технологии, такие, как интернет вещей, большие данные позволяют улучшить продукты и услуги для потребителей, предложить им новую ценность и т. д. Но, с другой стороны, аналитика данных и их хранение управляются высокоцентрализованным способом, приводящим к вторжению в частную жизнь людей, контролю за их действиями, к дискриминационным и сегрегационным социальным явлениям. В статье рассматриваются вопросы: каково различие между распределенным и децентрализованным системным проектированием? Как возможна организация «децентрализованной» обработки персональных  данных в наше время? Подрывают ли централизованный сбор и обработка данных автономию? Может ли децентрализация во внедренных технологиях влиять на этические и социальные параметры, такие, как социальная справедливость? Ведет ли децентрализация к  устойчивости функционирования систем? Есть ли взаимосвязь между децентрализацией цифровых технологий и децентрализацией городского развития?В статье делается вывод о том, что децентрализаванные системы имеют гораздо большую эффективность в современных условиях и являются альтернативой или естественной адаптацией к сложившимся условиям. Например, децентрализованное производство электроэнергии делает людей одновременно производителями и потребителями, что приводит к повышению энергоэффективности. Точно так же аналитика данных не является монополией систем больших данных. Анализ может также быть выполнен полностью децентрализованным способом как общественное благо с использованием коллективного разума

Octopus: A Secure and Anonymous DHT Lookup

Distributed Hash Table (DHT) lookup is a core technique in structured peer-to-peer (P2P) networks. Its decentralized nature introduces security and privacy vulnerabilities for applications built on top of them; we thus set out to design a lookup mechanism achieving both security and anonymity, heretofore an open problem. We present Octopus, a novel DHT lookup which provides strong guarantees for both security and anonymity. Octopus uses attacker identification mechanisms to discover and remove malicious nodes, severely limiting an adversary's ability to carry out active attacks, and splits lookup queries over separate anonymous paths and introduces dummy queries to achieve high levels of anonymity. We analyze the security of Octopus by developing an event-based simulator to show that the attacker discovery mechanisms can rapidly identify malicious nodes with low error rate. We calculate the anonymity of Octopus using probabilistic modeling and show that Octopus can achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab with 207 nodes and show that Octopus has reasonable lookup latency and manageable communication overhead

Utilizando certificados implícitos para asignar identidades en overlays P2P

Desde hace años, la seguridad en las redes P2P estructuradas está siendo cuestionada, y por ello se han propuesto muchos trabajos con el objetivo de proporcionar enrutamiento seguro, sistemas de reputación, control de acceso, confidencialidad de los datos, etc. Sin embargo, el proceso de asignación de identidades se ha dejado casi totalmente olvidado. Estas redes están diseñadas para que cada usuario tenga un identificador único (nodeID), pero la mayoría de los sistemas existentes permiten que los usuarios puedan obtener un conjunto de ellos, e incluso seleccionarlos. Ambas actuaciones provocan problemas importantes de seguridad, ya que gracias a ello los usuarios pueden alterar el adecuado funcionamiento de la red. En este trabajo proponemos un protocolo de asignación de nodeIDs basado en la emisión de certificados implícitos. Nuestro propósito es proporcionar servicios de seguridad que permitan luchar contra la mayoría de las amenazas que sufren estas redes, con especial atención a la asignación de identidades. Este protocolo se basa en el uso de certificados y la generación conjunta de nodeIDs por parte la Autoridad de Certificación (CA) y el nuevo usuario.Este trabajo ha sido parcialmente subvencionado por la Secretaría de Estado de Investigación, Desarrollo e Innovación bajo los proyectos SERVET TEC2011-26452 y CONSOLIDER CSD2007-00004 (ARES), y por la Generalitat de Catalunya bajo la ayuda 2009 SGR-1362 para grupos consolidados

X-Vine: Secure and Pseudonymous Routing Using Social Networks

Distributed hash tables suffer from several security and privacy vulnerabilities, including the problem of Sybil attacks. Existing social network-based solutions to mitigate the Sybil attacks in DHT routing have a high state requirement and do not provide an adequate level of privacy. For instance, such techniques require a user to reveal their social network contacts. We design X-Vine, a protection mechanism for distributed hash tables that operates entirely by communicating over social network links. As with traditional peer-to-peer systems, X-Vine provides robustness, scalability, and a platform for innovation. The use of social network links for communication helps protect participant privacy and adds a new dimension of trust absent from previous designs. X-Vine is resilient to denial of service via Sybil attacks, and in fact is the first Sybil defense that requires only a logarithmic amount of state per node, making it suitable for large-scale and dynamic settings. X-Vine also helps protect the privacy of users social network contacts and keeps their IP addresses hidden from those outside of their social circle, providing a basis for pseudonymous communication. We first evaluate our design with analysis and simulations, using several real world large-scale social networking topologies. We show that the constraints of X-Vine allow the insertion of only a logarithmic number of Sybil identities per attack edge; we show this mitigates the impact of malicious attacks while not affecting the performance of honest nodes. Moreover, our algorithms are efficient, maintain low stretch, and avoid hot spots in the network. We validate our design with a PlanetLab implementation and a Facebook plugin.Comment: 15 page

Analysis of threats and security issues evaluation in mobile P2P networks

Technically, mobile P2P network system architecture can consider as a distributed architecture system (like a community), where the nodes or users can share all or some of their own software and hardware resources such as (applications store, processing time, storage, network bandwidth) with the other nodes (users) through Internet, and these resources can be accessible directly by the nodes in that system without the need of a central coordination node. The main structure of our proposed network architecture is that all the nodes are symmetric in their functions. In this work, the security issues of mobile P2P network system architecture such as (web threats, attacks and encryption) will be discussed deeply and then we propose different approaches and we analysis and evaluation of these mobile P2P network security issues and submit some proposal solutions to resolve the related problems with threats and other different attacks since these threats and attacks will be serious issue as networks are growing up especially with mobility attribute in current P2P networks

Privacy preservation using spherical chord

Structured overlay networks are primarily used in data storage and data lookup, but they are vulnerable against many kinds of attacks. Within the realm of security, overlay networks have demonstrated applicability in providing privacy, availability, integrity, along with scalability. The thesis first analyses the Chord and the SALSA protocols which are organized in structured overlays to provide data with a certain degree of privacy, and then defines a new protocol called Spherical Chord which provides data lookup with privacy, while also being scalable, and addresses critical existing weaknesses in Chord and SALSA protocols. Spherical Chord is a variant of the Chord, and utilizes the concept of distributed hash table (DHT). Chord sends packets uni-directionally over a virtual id space in the overlay. While this feature provides lower latencies, it can be used by attackers to misroute and drop packets. Spherical Chord protocol introduces additional connections in the structured overlay and increases the path length and the number of paths for sending messages, hence making it more resilient to routing attacks. A new protocol focusing for constructing the Spherical Chord, followed by a new lookup protocol is defined in this thesis. The protocols are analyzed and it is demonstrated using both theoretical analysis and simulations that improved path availability helps in maintaining privacy, while also limiting the impact of routing attacks. --Abstract, page iii

Harnessing the power of BitTorrent for distributed denial-of-service attacks

BitTorrent is a popular peer-to-peer (P2P) file-sharing protocol that utilizes a central server, known as a \u27tracker\u27, to coordinate connections between peers in a \u27swarm\u27, a term used to describe a Bit Torrent ad-hoc file sharing network. The tracker of a swarm is specified by the original file distributor and trusted unconditionally by peers in the swarm. This central point of control provides an opportunity for a file distributor to deploy a modified tracker to provide peers in a swarm with malicious coordination data, directing peer connection traffic toward an arbitrary target machine on an arbitrary service port. Although such an attack does not generate huge amount of attack traffic, it would set up many connections with the victim server successfully, which could cause serious denial-of-service by exhausting the victim server\u27s connection resource. In this paper, we present and demonstrate such an attack that is entirely tracker-based, requiring no modifications to Bit Torrent client software and could be deployed by an attacker right now. The results from both emulation and real-world experiments show the applicability of this attack. Due to the skyrocketing popularity of Bit Torrent and numerous large-scale swarms existed in the Internet, Bit Torrent swarms provide an intriguing platform for launching distributed denial-of-service (DDoS) attacks based on connection exhaustion. Copyright (C) 2010 John Wiley & Sons, Ltd