Enabling individually entrusted routing security for open and decentralized community networks

Routing in open and decentralized networks relies on cooperation. However, the participation of unknown nodes and node administrators pursuing heterogeneous trust and security goals is a challenge. Community-mesh networks are good examples of such environments due to their open structure, decentralized management, and ownership. As a result, existing community networks are vulnerable to various attacks and are seriously challenged by the obligation to find consensus on the trustability of participants within an increasing user size and diversity. We propose a practical and novel solution enabling a secured but decentralized trust management. This work presents the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. The proposed mechanisms have been implemented, tested, and evaluated for their correctness and performance to exclude non-trusted nodes from the network. Respective safety and liveness properties that are guaranteed by our protocol have been identified and proven with formal reasoning. Benchmarking results, based on our implementation as part of the BMX7 routing protocol and tested on real and minimal (OpenWRT, 10 Euro) routers, qualify the behaviour, performance, and scalability of our approach, supporting networks with hundreds of nodes despite the use of strong asymmetric cryptography.Peer ReviewedPostprint (author's final draft

Theoretical review of routing protocols used for wireless community networks

Wireless community networks (WCNs) are a solution for people who are living in some areas facing difficulties for accessing the internet because no ISPs are providing them with the service due to the long distance, the high cost of infrastructure, and the less no of people in these areas. So people decided to build their own internet without the need for ISPs. They build mesh networks to provide WiFi access to the internet. WCNs are consideredas large-scale, distributed and decentralized systems. Inaddition, it consists of numerous nodes, links, content, and services. These networks are constructed in a decentralized way, mixing wired and wireless links with different routing techniques with a different range of applications and services. Therefore, they are very dynamic and diverse. There is an open peering agreement that governs these networks, where it avoids impediments for the participation in the network. The ownership, governance, and knowledge of the network are open. For that reason, WCNs are decentralized as well as they are self-managed and self-owned by community members. Moreover, they are self-growing networks in links, capacity, and services provided. This paper presents a critical analysis of thecurrent routing protocols that are employed for WCNs. In addition, it highlights the strengths and weaknesses of each routing protocol

Enabling Social Applications via Decentralized Social Data Management

An unprecedented information wealth produced by online social networks, further augmented by location/collocation data, is currently fragmented across different proprietary services. Combined, it can accurately represent the social world and enable novel socially-aware applications. We present Prometheus, a socially-aware peer-to-peer service that collects social information from multiple sources into a multigraph managed in a decentralized fashion on user-contributed nodes, and exposes it through an interface implementing non-trivial social inferences while complying with user-defined access policies. Simulations and experiments on PlanetLab with emulated application workloads show the system exhibits good end-to-end response time, low communication overhead and resilience to malicious attacks.Comment: 27 pages, single ACM column, 9 figures, accepted in Special Issue of Foundations of Social Computing, ACM Transactions on Internet Technolog

Cooperation in open, decentralized, and heterogeneous computer networks

Community Networks (CN) are naturally open and decentralized structures, that grow organically with the addition of heterogeneous network devices, contributed and configured as needed by their participants. The continuous growth in popularity and dissemination of CNs in recent years has raised the perception of a mature and sustainable model for the provisioning of networking services. However, because such infrastructures include uncontrolled entities with non delimited responsibilities, every single network entity does indeed represent a potential single-point of failure that can stop the entire network from working, and that no other entity can prevent or even circumvent. Given the open and decentralized nature of CNs, that brings together individuals and organizations with different and even conflicting economic, political, and technical interests, the achievement of no more than basic consensus on the correctness of all network nodes is challenging. In such environment, the lack of self-determination for CN participants in terms of control and security of routing can be regarded as an obstacle for growth or even as a risk of collapse. To address this problem we first consider deployments of existing Wireless CN and we analyze their technology, characteristics, and performance. We perform an experimental evaluation of a production 802.11an Wireless CN, and compare to studies of other Wireless CN deployments in the literature. We compare experimentally obtained throughput traces with path-capacity calculations based on well-known conflict graph models. We observe that in the majority of cases the path chosen by the employed BMX6 routing protocol corresponds with the best identified path in our model. We analyze monitoring and interaction shortcomings of CNs and address these with Network Characterization Tool (NCT), a novel tool that allows users to assess network state and performance, and improve their quality of experience by individually modifying the routing parameters of their devices. We also evaluate performance outcomes when different routing policies are in use. Routing protocols provide self-management mechanisms that allow the continuous operation of a Community Mesh Network (CMN). We focus on three widely used proactive mesh routing protocols and their implementations: BMX6, OLSR, and Babel. We describe the core idea behind these protocols and study the implications of these in terms of scalability, performance, and stability by exposing them to typical but challenging network topologies and scenarios. Our results show the relative merits, costs, and limitations of the three protocols. Built upon the studied characteristics of typical CN deployments, their requirements on open and decentralized cooperation, and the potential controversy on the trustiness of particular components of a network infrastructure, we propose and evaluate SEMTOR, a novel routing-protocol that can satisfy these demands. SEMTOR allows the verifiable and undeniable definition and distributed application of individually trusted topologies for routing traffic towards each node. One unique advantage of SEMTOR is that it does not require a global consensus on the trustiness of any node and thus preserves cooperation among nodes with even oppositional defined trust specification. This gives each node admin the freedom to individually define the subset, and the resulting sub-topology, from the whole set of participating nodes that he considers sufficiently trustworthy to meet their security, data-delivery objectives and concerns. The proposed mechanisms have been realized as a usable and open-source implementation called BMX7, as successor of BMX6. We have evaluated its scalability, contributed robustness, and security. These results show that the usage of SEMTOR for securing trusted routing topologies is feasible, even when executed on real and very cheap (10 Euro, Linux SoC) routers as commonly used in Community Mesh Networks.Las Redes Comunitarias (CNs) son estructuras de naturaleza abierta y descentralizada, que crecen orgánicamente con la adición de dispositivos de red heterogéneos que aportan y configuran sus participantes según sea necesario. Sin embargo, debido a que estas infraestructuras incluyen entidades con responsabilidades poco delimitadas, cada entidad puede representar un punto de fallo que puede impedir que la red funcione y que ninguna otra entidad pueda prevenir o eludir. Dada la naturaleza abierta y descentralizada de las CNs, que agrupa individuos y organizaciones con diferentes e incluso contrapuestos intereses económicos, políticos y técnicos, conseguir poco más que un consenso básico sobre los nodos correctos en la red puede ser un reto. En este entorno, la falta de autodeterminación para los participantes de una CN en cuanto a control y seguridad del encaminamiento puede considerarse un obstáculo para el crecimiento o incluso un riesgo de colapso. Para abordar este problema consideramos las implementaciones de redes comunitarias inalámbricas (WCN) y se analiza su tecnología, características y desempeño. Realizamos una evaluación experimental de una WCN establecida y se compara con estudios de otros despliegues. Comparamos las trazas de rendimiento experimentales con cálculos de la capacidad de los caminos basados en modelos bien conocidos del grafo. Se observa que en la mayoría de los casos el camino elegido por el protocolo de encaminamiento BMX6 corresponde con el mejor camino identificado en nuestro modelo. Analizamos las limitaciones de monitorización e interacción en CNs y los tratamos con NCT, una nueva herramienta que permite evaluar el estado y rendimiento de la red, y mejorar la calidad de experiencia modificando los parámetros de sus dispositivos individuales. También evaluamos el rendimiento resultante para diferentes políticas de encaminamiento. Los protocolos de encaminamiento proporcionan mecanismos de autogestión que hacen posible el funcionamiento continuo de una red comunitaria mesh (CMN). Nos centramos en tres protocolos de encaminamiento proactivos para redes mesh ampliamente utilizados y sus implementaciones: BMX6, OLSR y Babel. Se describe la idea central de estos protocolos y se estudian la implicaciones de éstos en términos de escalabilidad, rendimiento y estabilidad al exponerlos a topologías y escenarios de red típicos pero exigentes. Nuestros resultados muestran los méritos, costes y limitaciones de los tres protocolos. A partir de las características analizadas en despliegues típicos de redes comunitarias, y de las necesidades en cuanto a cooperación abierta y descentralizada, y la esperable divergencia sobre la confiabilidad en ciertos componentes de la infraestructura de red, proponemos y evaluamos SEMTOR, un nuevo protocolo de encaminamiento que puede satisfacer estas necesidades. SEMTOR permite definir de forma verificable e innegable, así como aplicar de forma distribuida, topologías de confianza individualizadas para encaminar tráfico hacia cada nodo. Una ventaja única de SEMTOR es que no precisa de consenso global sobre la confianza en cualquier nodo y por tanto preserva la cooperación entre los nodos, incluso con especificaciones de confianza definidas por oposición. Esto proporciona a cada administrador de nodo la libertad para definir el subconjunto, y la sub-topología resultante, entre el conjunto de todos los nodos participantes que considere dignos de suficiente confianza para cumplir con su objetivo y criterio de seguridad y entrega de datos. Los mecanismos propuestos se han realizado en forma de una implementación utilizable de código abierto llamada BMX7. Se ha evaluado su escalabilidad, robustez y seguridad. Estos resultados demuestran que el uso de SEMTOR para asegurar topologías de encaminamiento de confianza es factible, incluso cuando se ejecuta en routers reales y muy baratos utilizados de forma habitual en WCN.Postprint (published version

Randomness, Age, Work: Ingredients for Secure Distributed Hash Tables

Distributed Hash Tables (DHTs) are a popular and natural choice when dealing with dynamic resource location and routing. DHTs basically provide two main functions: saving (key, value) records in a network environment and, given a key, find the node responsible for it, optionally retrieving the associated value. However, all predominant DHT designs suffer a number of security flaws that expose nodes and stored data to a number of malicious attacks, ranging from disrupting correct DHT routing to corrupting data or making it unavailable. Thus even if DHTs are a standard layer for some mainstream systems (like BitTorrent or KAD clients), said vulnerabilities may prevent more security-aware systems from taking advantage of the ease of indexing and publishing on DHTs. Through the years a variety of solutions to the security flaws of DHTs have been proposed both from academia and practitioners, ranging from authentication via Central Authorities to social-network based ones. These solutions are often tailored to DHT specific implementations, simply try to mitigate without eliminating hostile actions aimed at resources or nodes. Moreover all these solutions often sports serious limitations or make strong assumptions on the underlying network. We present, after after providing a useful abstract model of the DHT protocol and infrastructure, two new primitives. We extend a “standard” proof-of-work primitive making of it also a “proof of age” primitive (informally, allowing a node to prove it is “sufficiently old”) and a “shared random seed” primitive (informally, producing a new, shared, seed that was completely unpredictable in a “sufficiently remote” past). These primitives are then integrated into the basic DHT model obtaining an “enhanced” DHT design, resilient to many common attacks. This work also shows how to adapt a Block Chain scheme – a continuously growing list of records (or blocks) protected from alteration or forgery – to provide a possible infrastructure for our proposed secure design. Finally a working proof-of-concept software implementing an “enhanced” Kademlia-based DHT is presented, together with some experimental results showing that, in practice, the performance overhead of the additional security layer is more than tolerable. Therefore this work provides a threefold contribution. It describes a general set of new primitives (adaptable to any DHT matching our basic model) achieving a secure DHT; it proposes an actionable design to attain said primitives; it makes public a proof-of-concept implementation of a full “enhanced” DHT system, which a preliminary performance evaluation shows to be actually usable in practice

Towards scalable Community Networks topologies

Community Networks (CNs) are grassroots bottom-up initiatives that build local infrastructures, normally using Wi-Fi technology, to bring broadband networking in areas with inadequate offer of traditional infrastructures such as ADSL, FTTx or wide-band cellular (LTE, 5G). Albeit they normally operate as access networks to the Internet, CNs are ad-hoc networks that evolve based on local requirements and constraints, often including additional local services on top of Internet access. These networks grow in highly decentralized manner that radically deviates from the top-down network planning practiced in commercial mobile networks, depending, on the one hand, on the willingness of people to participate, and, on the other hand, on the feasibility of wireless links connecting the houses of potential participants with each other. In this paper, we present a novel methodology and its implementation into an automated tool, which enables the exercise of (light) centralized control to the dynamic and otherwise spontaneous CN growth process. The goal of the methodology is influencing the choices to connect a new node to the CN so that it can grow with more balance and to a larger size. Input to our methodology are open source resources about the physical terrain of the CN deployment area, such as Open Street Map and very detailed (less than 1 m resolution) LIDAR-based data about buildings layout and height, as well as technical descriptions and pricing data about off-the-shelf networking devices that are made available by manufacturers. Data related to demographics can be easily added to refine the environment description. With these data at hand, the tool can estimate the technical and economic feasibility of adding new nodes to the CN and actively assist new CN users in selecting proper equipment and CN node(s) to connect with to improve the CN scalability. We test our methodology in four different areas representing standard territorial characterization categories: urban, suburban, intermediate, and rural. In all four cases our tool shows that CNs scale to much larger size using the assisted, network-aware methodology when compared with de facto practices. Results also show that the CNs deployed with the assisted methodology are more balanced and have a lower per-node cost for the same per-node guaranteed bandwidth. Moreover, this is achieved with fewer devices per node, which means that the network is cheaper to build and easier to maintain.Peer ReviewedPostprint (author's final draft

P2P Network Trust Management Survey

Peer-to-peer applications (P2P) are no longer limited to home users, and start being accepted in academic and corporate environments. While file sharing and instant messaging applications are the most traditional examples, they are no longer the only ones benefiting from the potential advantages of P2P networks. For example, network file storage, data transmission, distributed computing, and collaboration systems have also taken advantage of such networks.The reasons why this model of computing is attractive unfold in three. First, P2P networks are scalable, i.e., deal well (efficiently) with both small groups and with large groups of participants. In this paper, we will present a summary of the main safety aspects to be considered in P2P networks, highlighting its importance for the development of P2P applications and systems on the Internet and deployment of enterprise applications with more critical needs in terms of security. P2P systems are no longer limited to home users, and start being accepted in academic and corporate environments

SoK: Layer-Two Blockchain Protocols

Blockchains have the potential to revolutionize markets and services. However, they currently exhibit high latencies and fail to handle transaction loads comparable to those managed by traditional financial systems. Layer-two protocols, built on top of layer-one blockchains, avoid disseminating every transaction to the whole network by exchanging authenticated transactions off-chain. Instead, they utilize the expensive and low-rate blockchain only as a recourse for disputes. The promise of layer-two protocols is to complete off-chain transactions in sub-seconds rather than minutes or hours while retaining asset security, reducing fees and allowing blockchains to scale. We systematize the evolution of layer-two protocols over the period from the inception of cryptocurrencies in 2009 until today, structuring the multifaceted body of research on layer-two transactions. Categorizing the research into payment and state channels, commit-chains and protocols for refereed delegation, we provide a comparison of the protocols and their properties. We provide a systematization of the associated synchronization and routing protocols along with their privacy and security aspects. This Systematization of Knowledge (SoK) clears the layer-two fog, highlights the potential of layer-two solutions and identifies their unsolved challenges, indicating propitious avenues of future work

4Sensing - decentralized processing for participatory sensing data

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática.Participatory sensing is a new application paradigm, stemming from both technical and social drives, which is currently gaining momentum as a research domain. It leverages the growing adoption of mobile phones equipped with sensors, such as camera, GPS and accelerometer, enabling users to collect and aggregate data, covering a wide area without incurring in the costs associated with a large-scale sensor network. Related research in participatory sensing usually proposes an architecture based on a centralized back-end. Centralized solutions raise a set of issues. On one side, there is the implications of having a centralized repository hosting privacy sensitive information. On the other side, this centralized model has financial costs that can discourage grassroots initiatives. This dissertation focuses on the data management aspects of a decentralized infrastructure for the support of participatory sensing applications, leveraging the body of work on participatory sensing and related areas, such as wireless and internet-wide sensor networks, peer-to-peer data management and stream processing. It proposes a framework covering a common set of data management requirements - from data acquisition, to processing, storage and querying - with the goal of lowering the barrier for the development and deployment of applications. Alternative architectural approaches - RTree, QTree and NTree - are proposed and evaluated experimentally in the context of a case-study application - SpeedSense - supporting the monitoring and prediction of traffic conditions, through the collection of speed and location samples in an urban setting, using GPS equipped mobile phones

Finance 4.0 - Towards a Socio-Ecological Finance System

This Open Access book outlines ideas for a novel, scalable and, above all, sustainable financial system. We all know that today’s global markets are unsustainable and global governance is not effective enough. Given this situation, could one boost smart human coordination, sustainability and resilience by tweaking society at its core: the monetary system? A Computational Social Science team at ETH Zürich has indeed worked on a concept and little demonstrator for a new financial system, called “Finance 4.0” or just “FIN4”, which combines blockchain technology with the Internet of Things (“IoT”). What if communities could reward sustainable actions by issuing their own money (“tokens”)? Would people behave differently, when various externalities became visible and were actionable through cryptographic tokens? Could a novel, participatory, multi-dimensional financial system be created? Could it be run by the people for the people and lead to more societal resilience than today’s financial system (which is effectively one-dimensional due to its almost frictionless exchange)? How could one manage such a system in an ethical and democratic way? This book presents some early attempts in a nascent field, but provides a fresh view on what cryptoeconomic systems could do for us, for a circular economy, and for scalable, sustainable action