343 research outputs found
X-Vine: Secure and Pseudonymous Routing Using Social Networks
Distributed hash tables suffer from several security and privacy
vulnerabilities, including the problem of Sybil attacks. Existing social
network-based solutions to mitigate the Sybil attacks in DHT routing have a
high state requirement and do not provide an adequate level of privacy. For
instance, such techniques require a user to reveal their social network
contacts. We design X-Vine, a protection mechanism for distributed hash tables
that operates entirely by communicating over social network links. As with
traditional peer-to-peer systems, X-Vine provides robustness, scalability, and
a platform for innovation. The use of social network links for communication
helps protect participant privacy and adds a new dimension of trust absent from
previous designs. X-Vine is resilient to denial of service via Sybil attacks,
and in fact is the first Sybil defense that requires only a logarithmic amount
of state per node, making it suitable for large-scale and dynamic settings.
X-Vine also helps protect the privacy of users social network contacts and
keeps their IP addresses hidden from those outside of their social circle,
providing a basis for pseudonymous communication. We first evaluate our design
with analysis and simulations, using several real world large-scale social
networking topologies. We show that the constraints of X-Vine allow the
insertion of only a logarithmic number of Sybil identities per attack edge; we
show this mitigates the impact of malicious attacks while not affecting the
performance of honest nodes. Moreover, our algorithms are efficient, maintain
low stretch, and avoid hot spots in the network. We validate our design with a
PlanetLab implementation and a Facebook plugin.Comment: 15 page
Octopus: A Secure and Anonymous DHT Lookup
Distributed Hash Table (DHT) lookup is a core technique in structured
peer-to-peer (P2P) networks. Its decentralized nature introduces security and
privacy vulnerabilities for applications built on top of them; we thus set out
to design a lookup mechanism achieving both security and anonymity, heretofore
an open problem. We present Octopus, a novel DHT lookup which provides strong
guarantees for both security and anonymity. Octopus uses attacker
identification mechanisms to discover and remove malicious nodes, severely
limiting an adversary's ability to carry out active attacks, and splits lookup
queries over separate anonymous paths and introduces dummy queries to achieve
high levels of anonymity. We analyze the security of Octopus by developing an
event-based simulator to show that the attacker discovery mechanisms can
rapidly identify malicious nodes with low error rate. We calculate the
anonymity of Octopus using probabilistic modeling and show that Octopus can
achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab
with 207 nodes and show that Octopus has reasonable lookup latency and
manageable communication overhead
Detection and mitigation of the eclipse attack in chord overlays
Distributed hash table-based overlays are widely used to support efficient information
routing and storage in structured peer-to-peer networks, but they are also subject to numerous
attacks aimed at disrupting their correct functioning. In this paper, we analyse the impact of the
eclipse attack on a chord-based overlay in terms of number of key lookups intercepted by a
collusion of malicious nodes. We propose a detection algorithm for the individuation of ongoing
attacks to the chord overlay, relying on features that can be independently estimated by each
network peer, which are given as input to a C4.5-based binary classifier. Moreover, we propose
some modifications to the chord routing protocol in order to mitigate the effects of such attacks.
The countermeasures introduce a limited traffic overhead and can operate either in a distributed
fashion or assuming the presence of a centralised trusted entity. Numerical results show the
effectiveness of the proposed mitigation techniques
Collusion in Peer-to-Peer Systems
Peer-to-peer systems have reached a widespread use, ranging from academic and industrial applications to home entertainment. The key advantage of this paradigm lies in its scalability and flexibility, consequences of the participants sharing their resources for the common welfare. Security in such systems is a desirable goal. For example, when mission-critical operations or bank transactions are involved, their effectiveness strongly depends on the perception that users have about the system dependability and trustworthiness. A major threat to the security of these systems is the phenomenon of collusion. Peers can be selfish colluders, when they try to fool the system to gain unfair advantages over other peers, or malicious, when their purpose is to subvert the system or disturb other users. The problem, however, has received so far only a marginal attention by the research community. While several solutions exist to counter attacks in peer-to-peer systems, very few of them are meant to directly counter colluders and their attacks. Reputation, micro-payments, and concepts of game theory are currently used as the main means to obtain fairness in the usage of the resources. Our goal is to provide an overview of the topic by examining the key issues involved. We measure the relevance of the problem in the current literature and the effectiveness of existing philosophies against it, to suggest fruitful directions in the further development of the field
A Balanced Trust-Based Method to Counter Sybil and Spartacus Attacks in Chord
A Sybil attack is one of the main challenges to be addressed when securing peer-to-peer networks, especially those based on Distributed Hash Tables (DHTs). Tampering routing tables by means of multiple fake identities can make routing, storing, and retrieving operations significantly more difficult and time-consuming. Countermeasures based on trust and reputation have already proven to be effective in some contexts, but one variant of the Sybil attack, the Spartacus attack, is emerging as a new threat and its effects are even riskier and more difficult to stymie. In this paper, we first improve a well-known and deployed DHT (Chord) through a solution mixing trust with standard operations, for facing a Sybil attack affecting either routing or storage and retrieval operations. This is done by maintaining the least possible overhead for peers. Moreover, we extend the solution we propose in order for it to be resilient also against a Spartacus attack, both for an iterative and for a recursive lookup procedure. Finally, we validate our findings by showing that the proposed techniques outperform other trust-based solutions already known in the literature as well
Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review
Background: Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective: This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods: A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results: Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions: Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients\u27 intention to use PHSs on P2P networks by making them safe to use
- …