Secure identity management in structured peer-to-peer (P2P) networks

Structured Peer-to-Peer (P2P) networks were proposed to solve routing problems of big distributed infrastructures. But the research community has been questioning their security for years. Most prior work in security services was focused on secure routing, reputation systems, anonymity, etc. However, the proper management of identities is an important prerequisite to provide most of these security services. The existence of anonymous nodes and the lack of a centralized authority capable of monitoring (and/or punishing) nodes make these systems more vulnerable against selfish or malicious behaviors. Moreover, these improper usages cannot be faced only with data confidentiality, nodes authentication, non-repudiation, etc. In particular, structured P2P networks should follow the following secure routing primitives: (1) secure maintenance of routing tables, (2) secure routing of messages, and (3) secure identity assignment to nodes. But the first two problems depend in some way on the third one. If nodes’ identifiers can be chosen by users without any control, these networks can have security and operational problems. Therefore, like any other network or service, structured P2P networks require a robust access control to prevent potential attackers joining the network and a robust identity assignment system to guarantee their proper operation. In this thesis, firstly, we analyze the operation of the current structured P2P networks when managing identities in order to identify what security problems are related to the nodes’ identifiers within the overlay, and propose a series of requirements to be accomplished by any generated node ID to provide more security to a DHT-based structured P2P network. Secondly, we propose the use of implicit certificates to provide more security and to exploit the improvement in bandwidth, storage and performance that these certificates present compared to explicit certificates, design three protocols to assign nodes’ identifiers avoiding the identified problems, while maintaining user anonymity and allowing users’ traceability. Finally, we analyze the operation of the most used mechanisms to distribute revocation data in the Internet, with special focus on the proposed systems to work in P2P networks, and design a new mechanism to distribute revocation data more efficiently in a structured P2P network.Las redes P2P estructuradas fueron propuestas para solventar problemas de enrutamiento en infraestructuras de grandes dimensiones pero su nivel de seguridad lleva años siendo cuestionado por la comunidad investigadora. La mayor parte de los trabajos que intentan mejorar la seguridad de estas redes se han centrado en proporcionar encaminamiento seguro, sistemas de reputación, anonimato de los usuarios, etc. Sin embargo, la adecuada gestión de las identidades es un requisito sumamente importante para proporcionar los servicios mencionados anteriormente. La existencia de nodos anónimos y la falta de una autoridad centralizada capaz de monitorizar (y/o penalizar) a los nodos hace que estos sistemas sean más vulnerables que otros a comportamientos maliciosos por parte de los usuarios. Además, esos comportamientos inadecuados no pueden ser detectados proporcionando únicamente confidencialidad de los datos, autenticación de los nodos, no repudio, etc. Las redes P2P estructuradas deberían seguir las siguientes primitivas de enrutamiento seguro: (1) mantenimiento seguro de las tablas de enrutamiento, (2) enrutamiento seguro de los mensajes, and (3) asignación segura de las identidades. Pero la primera de los dos primitivas depende de alguna forma de la tercera. Si las identidades de los nodos pueden ser elegidas por sus usuarios sin ningún tipo de control, muy probablemente aparecerán muchos problemas de funcionamiento y seguridad. Por lo tanto, de la misma forma que otras redes y servicios, las redes P2P estructuradas requieren de un control de acceso robusto para prevenir la presencia de atacantes potenciales, y un sistema robusto de asignación de identidades para garantizar su adecuado funcionamiento. En esta tesis, primero de todo analizamos el funcionamiento de las redes P2P estructuradas basadas en el uso de DHTs (Tablas de Hash Distribuidas), cómo gestionan las identidades de sus nodos, identificamos qué problemas de seguridad están relacionados con la identificación de los nodos y proponemos una serie de requisitos para generar identificadores de forma segura. Más adelante proponemos el uso de certificados implícitos para proporcionar más seguridad y explotar las mejoras en consumo de ancho de banda, almacenamiento y rendimiento que proporcionan estos certificados en comparación con los certificados explícitos. También hemos diseñado tres protocolos de asignación segura de identidades, los cuales evitan la mayor parte de los problemas identificados mientras mantienen el anonimato de los usuarios y la trazabilidad. Finalmente hemos analizado el funcionamiento de la mayoría de los mecanismos utilizados para distribuir datos de revocación en Internet, con especial interés en los sistemas propuestos para operar en redes P2P, y hemos diseñado un nuevo mecanismo para distribuir datos de revocación de forma más eficiente en redes P2P estructuradas.Postprint (published version

Group signature revocable anonymity scheme for network monitoring

Subscriber’s Privacy is in a constant conflict with security and accountability providing controls employed for network monitoring activities of service providers and enterprises. This paper presents the results of the author’s research in the field of distributed network security monitoring architectures and the proposal of such a system that incorporates cryptographic protocols and a group signature scheme to deliver privacy protecting, network surveillance system architecture that provides subscriber’s accountability and controlled, revocable anonymity

Octopus: A Secure and Anonymous DHT Lookup

Distributed Hash Table (DHT) lookup is a core technique in structured peer-to-peer (P2P) networks. Its decentralized nature introduces security and privacy vulnerabilities for applications built on top of them; we thus set out to design a lookup mechanism achieving both security and anonymity, heretofore an open problem. We present Octopus, a novel DHT lookup which provides strong guarantees for both security and anonymity. Octopus uses attacker identification mechanisms to discover and remove malicious nodes, severely limiting an adversary's ability to carry out active attacks, and splits lookup queries over separate anonymous paths and introduces dummy queries to achieve high levels of anonymity. We analyze the security of Octopus by developing an event-based simulator to show that the attacker discovery mechanisms can rapidly identify malicious nodes with low error rate. We calculate the anonymity of Octopus using probabilistic modeling and show that Octopus can achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab with 207 nodes and show that Octopus has reasonable lookup latency and manageable communication overhead

A Trustful Routing Protocol for Ad-hoc Network

Mobile Ad-hoc Network (MANET) is a wireless system that comprises mobile nodes. It is usually referred to a decentralized autonomous system. Self configurability and easy deployment feature of the MANET resulted in numerous applications in this modern era. Its routing protocol has to be able to cope with the new challenges that a MANET creates such as nodes mobility, security maintenance, and quality of service, limited bandwidth and limited power supply. These challenges set new demands on MANET routing protocols. With the increasing interest in MANETs, there has been a greater focus on the subject of securing such networks. However, the majority of these MANET secure routing protocols did not provide a complete solution for all the MANETs2019; attacks and assumed that any node participating in the MANET is not selfish and that it will cooperate to support different network functionalities. My thesis strategy is to choose one of the secure routing protocols According to its security-effectiveness, study it and analyze its functionality and performance. The authenticated routing for ad hoc networks (ARAN) secure routing protocol was chosen for analysis. Then, the different existing cooperation enforcement schemes were surveyed so that to come up with a reputation-based scheme to integrate with the ARAN protocol. The result of that integration is called: Trustful-ARAN. Consequently, the ARAN is capable of handling both selfish and malicious nodes2019; attacks. The improvement is obtained at the cost of a higher overhead percentage with minimal increase in the average number of hops. The Trustful-ARAN proves to be more efficient and more secure than normal ARAN secure routing protocol in defending against both malicious and authenticated selfish nodes

Trust Management for Vehicular Networks: An Adversary-Oriented Overview

© 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more informationCooperative Intelligent Transportation Systems, mainly represented by vehicular ad hoc networks (VANETs), are among the key components contributing to the Smart City and Smart World paradigms. Based on the continuous exchange of both periodic and event triggered messages, smart vehicles can enhance road safety, while also providing support for comfort applications. In addition to the different communication protocols, securing such communications and establishing a certain trustiness among vehicles are among the main challenges to address, since the presence of dishonest peers can lead to unwanted situations. To this end, existing security solutions are typically divided into two main categories, cryptography and trust, where trust appeared as a complement to cryptography on some specific adversary models and environments where the latter was not enough to mitigate all possible attacks. In this paper, we provide an adversary-oriented survey of the existing trust models for VANETs. We also show when trust is preferable to cryptography, and the opposite. In addition, we show how trust models are usually evaluated in VANET contexts, and finally, we point out some critical scenarios that existing trust models cannot handle, together with some possible solutions.This work was supported by the Ministerio de Economia y Competitividad, Programa Estatal de Investigacion, Desarrollo e Innovacion Orientada a los Retos de la Sociedad, Proyectos I+D+I 2014, Spain, under Grant TEC2014-52690-R.Kerrache, CA.; Tavares De Araujo Cesariny Calafate, CM.; Cano Escribá, JC.; Lagraa, N.; Manzoni, P. (2016). Trust Management for Vehicular Networks: An Adversary-Oriented Overview. IEEE Access. 4:9293-9307. https://doi.org/10.1109/ACCESS.2016.2645452S92939307

Security in peer-to-peer multimedia communications

Le architetture peer-to-peer (p2p) sono diventate molto popolari negli ultimi anni in conseguenza della grande varietà di servizi che esse possono fornire. Nate principalmente per l'utilizzo come semplice metodo scalabile e decentralizzato per scambiarsi file, sono adesso diventate molto popolari anche per una gran quantità di altri servizi, sfruttando la possibilità di condividere tra peer la banda, la potenza computazionale, la capacità di memorizzazione ed altre risorse. Tra i possibili usi per cui una tale architettura può essere sfruttata, un campo emergente è lo studio dell’applicazione di tecnologie p2p a comunicazioni VoIP in modo da superare alcuni dei problemi di cui soffrono correntemente le piattaforme centralizzate basate su SIP. Sfortunatamente, i problemi di sicurezza delle reti p2p sono ancora un campo di studio aperto, sia per il recente sviluppo di una tale piattaforma, sia per i rischi intrinseci di un ambiente distribuito stesso. Questa tesi ha lo scopo di studiare i problemi di sicurezza e le possibili soluzioni in modo da garantire una comunicazione sicura p2p. La ricerca è stata condotta in due direzioni: sicurezza a livello di routing e sicurezza a livello applicativo. Questi rappresentano I due possibili step di uno scenario di comunicazione: prima di tutto si deve trovare in modo sicuro la posizione di chi si vuole chiamare (che può essere memorizzata in una rete p2p stessa), e questo è un problema di lookup sicuro; in un secondo momento bisogna assicurarsi che la persona con cui si sta andando a parlare è veramente chi si voleva e che la comunicazione stessa sia confidenziale e non possa essere modificata; questi sono problemi di autenticazione e confidenzialità. Per quanto riguarda il primo punto, si sono studiati molti possibili attacchi a reti p2p strutturate e non strutturate, concentrandosi particolarmente sul Sybil attack da cui molti altri attacchi possono derivare. Dopo un analisi delle possibili contromisure presentate negli anni, ci siamo focalizzati sull’algoritmo DHT Kademlia, uno dei più usati nel mondo, studiando tramite simulazioni la degradazione delle performance in presenza di nodi malevoli. Si sono inoltre studiate contromisure basate su fiducia e reputazione e si è cercato di applicarle ad una rete Kademlia operante in un ambiente con un numero crescente di nodi malevoli. Per quanto riguarda il secondo punto, come prima cosa abbiamo studiato gli attuali key agreement protocol, focalizzandoci sul numero di messaggi scambiati e cercando di trovare possibili punti deboli persino in protocolli ed algoritmi largamente utilizzati. In un secondo tempo si è proposto un nuovo key agreement protocol basato su MIKEY e ZRTP che li integra nella procedura standard di INVITE di SIP. E’ stata inoltre fatta un’analisi del protocollo proposto. Su queste basi, si è andati oltre, aggiungendo anche metodi di autenticazione basati sui certificati ed un modo per gestire in maniera p2p certificati e firme. Infine, si è anche pensato ad un’architettura dove i certificati sono memorizzati in una rete p2p stessa tramite l’utilizzo di DHT.Peer-to-peer (P2P) architectures became very popular in the last years as a consequence of the great variety of services they can provide. When they were born, they were mainly deployed as a simple, decentralized and scalable way to exchange files, but they have now become very popular also for a lot of different services, exploiting the possibility of sharing bandwidth, computing power, storage capacity and other resources between peers. Among the possible uses such an architecture can be deployed for, an emerging field of study is the application of P2P technologies to VoIP communication scenarios in order to overcome some of the current issues centralized SIP-based platforms suffer of. Unfortunately, security issues in P2P networks are still an open field of investigation both because of the recent development of such a platform and for the inherent risks of a distributed environment itself. This thesis is meant to investigate the security issues and the possible solutions in order to setup a secure P2P communication. The research was conducted into two directions: - Security issues at routing level; - Security issues at application level. They represent the two steps of a possible communication scenario: first of all one must find in a secure way the location of the callee (maybe stored in a peer-to-peer network), this is a problem of secure lookup; then one must ensure that the person he is going to talk with is really who he wanted and that the communication itself is secret and cannot be tampered, these are problems of authentication and confidentiality. As regards the first point, we studied several possible attacks to structured and unstructured peer-to-peer networks particularly focalizing onto the disruptive Sybil attack from which many other attack can be derived. After an analysis of the possible countermeasures presented over the years, we focalized onto the Kademlia algorithm, one of the most used in the world, studying through simulations the degradation of performances in presence of malicious nodes. We also studied trust and reputation countermeasures and tried to apply them to a Kademlia-based network operating in an environment where there is a growing number of malicious nodes. For the second point, first of all we studied current key agreement protocols focusing on the number of messages and trying to find out possible drawbacks even in widely accepted protocols and algorithms. In a second time we proposed a new key agreement protocol based upon MIKEY and ZRTP integrating them into the standard SIP invite procedure. An analysis of the proposed protocol is also provided. On this basis we got further, adding also certificate-based authentication to our model and a way to manage in a P2P way certificates and signatures. Finally we also provided an architecture where certificates are stored in a P2P network itself with the use of a DHT

Implementación y pruebas de REsource LOcation And Discovery (RELOAD) Parser and Encoder

El ampliamente utilizado paradigma cliente/servidor está siendo complementado e incluso reemplazado por otros planteamientos de tipo Peer-to-Peer (P2P). Las redes P2P ofrecen un sistema descentralizado de distribución de la información, son más estables, y representan una solución al problema de la escalabilidad. Al mismo tiempo, el Session Initiation Protocol (SIP), un protocolo de señalización diseñado inicialmente para arquitecturas de tipo ciente/servidor, ha sido ampliamente adoptado para servicios de comunicación tipo Voice-over-IP (VoIP). El actual proceso de estandarización llevado a cabo por el Peer-to-Peer Session Initiation Protocol (P2PSIP) Working Group del IETF se está acercando al desarrollo de aplicaciones que puedan utilizar tecnologías P2P junto con SIP. RELOAD es un protocolo P2P de señalización, que está todavía en desarrollo. RELOAD trabaja en entornos en los que existen Network Address Translators (NATs) o firewalls. RELOAD soporta diferentes aplicaciones y proporciona un marco de seguridad, también permite el uso de diversos algoritmos para las Distributed Hash Tables (DHTs) mediante los llamados "topology plugins". Esta tesis tiene como objetivos la implementación de un codificador y decodificador para mensajes de RELOAD, y el análisis de su rendimiento. Para este último punto se implementará un programa de prueba ejecutable en un teléfono móvil y en un servidor para la simulación de una red RELOAD. ________________________________________The widely used classic client/server paradigm is being complemented and sometimes replaced by current Peer-to-Peer (P2P) approaches. P2P networks offer decentralized distribution of information, are more stable, and represent a solution to the problem of scalability. At the same time the Session Initiation Protocol (SIP), a signalling protocol initially designed for client/server architectures, has been widely adopted for Voice-over-IP (VoIP) communication. The current standardization process of the Peer-to-Peer Session Initiation Protocol (P2PSIP) working group of the IETF is moving towards the development of applications that can use both P2P and Session Initiation Protocol (SIP) technologies in conjuntion. RELOAD is a P2P signalling protocol, which is still under development. RELOAD works in environments where there are Network Address Translators (NATs) or firewalls. RELOAD can support various applications and provides a security frameworks. RELOAD also allows the use of various Distributed Hash Table (DHT) algorithms in the form of topology plugins. This thesis aims at implementing a parser and encoder for RELOAD messages, and analyzing its performance by implementing a test program that will run on a mobile phone and on a server simulating a RELOAD overlay network.Ingeniería Técnica en Informática de Gestió

Security for Decentralised Service Location - Exemplified with Real-Time Communication Session Establishment

Decentralised Service Location, i.e. finding an application communication endpoint based on a Distributed Hash Table (DHT), is a fairly new concept. The precise security implications of this approach have not been studied in detail. More importantly, a detailed analysis regarding the applicability of existing security solutions to this concept has not been conducted. In many cases existing client-server approaches to security may not be feasible. In addition, to understand the necessity for such an analysis, it is key to acknowledge that Decentralised Service Location has some unique security requirements compared to other P2P applications such as filesharing or live streaming. This thesis concerns the security challenges for Decentralised Service Location. The goals of our work are on the one hand to precisely understand the security requirements and research challenges for Decentralised Service Location, and on the other hand to develop and evaluate corresponding security mechanisms. The thesis is organised as follows. First, fundamentals are explained and the scope of the thesis is defined. Decentralised Service Location is defined and P2PSIP is explained technically as a prototypical example. Then, a security analysis for P2PSIP is presented. Based on this security analysis, security requirements for Decentralised Service Location and the corresponding research challenges -- i.e. security concerns not suitably mitigated by existing solutions -- are derived. Second, several decentralised solutions are presented and evaluated to tackle the security challenges for Decentralised Service Location. We present decentralised algorithms to enable availability of the DHTs lookup service in the presence of adversary nodes. These algorithms are evaluated via simulation and compared to analytical bounds. Further, a cryptographic approach based on self-certifying identities is illustrated and discussed. This approach enables decentralised integrity protection of location-bindings. Finally, a decentralised approach to assess unknown identities is introduced. The approach is based on a Web-of-Trust model. It is evaluated via prototypical implementation. Finally, the thesis closes with a summary of the main contributions and a discussion of open issues