41 research outputs found
User-Relative Names for Globally Connected Personal Devices
Nontechnical users who own increasingly ubiquitous network-enabled personal
devices such as laptops, digital cameras, and smart phones need a simple,
intuitive, and secure way to share information and services between their
devices. User Information Architecture, or UIA, is a novel naming and
peer-to-peer connectivity architecture addressing this need. Users assign UIA
names by "introducing" devices to each other on a common local-area network,
but these names remain securely bound to their target as devices migrate.
Multiple devices owned by the same user, once introduced, automatically merge
their namespaces to form a distributed "personal cluster" that the owner can
access or modify from any of his devices. Instead of requiring users to
allocate globally unique names from a central authority, UIA enables users to
assign their own "user-relative" names both to their own devices and to other
users. With UIA, for example, Alice can always access her iPod from any of her
own personal devices at any location via the name "ipod", and her friend Bob
can access her iPod via a relative name like "ipod.Alice".Comment: 7 pages, 1 figure, 1 tabl
Deniable group communications in the presence of global unlimited adversary
Предлагается использовать децентрализованные отказуемые групповые коммуникации для обеспечения защищённости общения в модели нарушителя, имеющего доступ к инфраструктуре передачи данных, а также неограниченное финансирование. За основу взят существующий протокол групповых отказуемых коммуникаций multi-party Off-the-Record (mpOTR), допускающий работу на децентрализованном транспорте, его свойства совершенной прямой секретности улучшены за счёт введения процедуры продвижения ключевого материала (Key Ratcheting). Предложена полностью децентрализованная система защищённых групповых коммуникаций, обладающая свойствами отказуемости, согласованности текста переписки и улучшеными свойствами совершенной прямой секретности, а также способная противостоять Sybil-атакам. Соответствующее программное средство реализовано на языке JavaScript и обеспечивает защищённую передачу сообщений между браузерами в условиях отсутствия центрального сервера
Sybil attacks against mobile users: friends and foes to the rescue
Collaborative applications for co-located mobile
users can be severely disrupted by a sybil attack to the point of
being unusable. Existing decentralized defences have largely been
designed for peer-to-peer networks but not for mobile networks.
That is why we propose a new decentralized defence for portable
devices and call it MobID. The idea is that a device manages two
small networks in which it stores information about the devices
it meets: its network of friends contains honest devices, and its
network of foes contains suspicious devices. By reasoning on these
two networks, the device is then able to determine whether
an unknown individual is carrying out a sybil attack or not.
We evaluate the extent to which MobID reduces the number
of interactions with sybil attackers and consequently enables
collaborative applications.We do so using real mobility and social
network data. We also assess computational and communication
costs of MobID on mobile phones
Recommended from our members
Next-Generation Distributed Hash Tables
Distributed Hash Tables (DHTs) serve as the backbone of numerous modern decentralized systems like the InterPlanetary File System (IPFS) and Ethereum. As these systems evolve and expand, there is a growing need to enhance and optimize their underlying network support. In response to these challenges, we embark on the development of a new class of DHTs, marked by efficiency, security, and suitability for real-world deployments. We achieve this by making changes in the routing procedures, incorporating latency-aware routing, and harnessing recent hardware advancements
Detection and mitigation of the eclipse attack in chord overlays
Distributed hash table-based overlays are widely used to support efficient information
routing and storage in structured peer-to-peer networks, but they are also subject to numerous
attacks aimed at disrupting their correct functioning. In this paper, we analyse the impact of the
eclipse attack on a chord-based overlay in terms of number of key lookups intercepted by a
collusion of malicious nodes. We propose a detection algorithm for the individuation of ongoing
attacks to the chord overlay, relying on features that can be independently estimated by each
network peer, which are given as input to a C4.5-based binary classifier. Moreover, we propose
some modifications to the chord routing protocol in order to mitigate the effects of such attacks.
The countermeasures introduce a limited traffic overhead and can operate either in a distributed
fashion or assuming the presence of a centralised trusted entity. Numerical results show the
effectiveness of the proposed mitigation techniques
X-Vine: Secure and Pseudonymous Routing Using Social Networks
Distributed hash tables suffer from several security and privacy
vulnerabilities, including the problem of Sybil attacks. Existing social
network-based solutions to mitigate the Sybil attacks in DHT routing have a
high state requirement and do not provide an adequate level of privacy. For
instance, such techniques require a user to reveal their social network
contacts. We design X-Vine, a protection mechanism for distributed hash tables
that operates entirely by communicating over social network links. As with
traditional peer-to-peer systems, X-Vine provides robustness, scalability, and
a platform for innovation. The use of social network links for communication
helps protect participant privacy and adds a new dimension of trust absent from
previous designs. X-Vine is resilient to denial of service via Sybil attacks,
and in fact is the first Sybil defense that requires only a logarithmic amount
of state per node, making it suitable for large-scale and dynamic settings.
X-Vine also helps protect the privacy of users social network contacts and
keeps their IP addresses hidden from those outside of their social circle,
providing a basis for pseudonymous communication. We first evaluate our design
with analysis and simulations, using several real world large-scale social
networking topologies. We show that the constraints of X-Vine allow the
insertion of only a logarithmic number of Sybil identities per attack edge; we
show this mitigates the impact of malicious attacks while not affecting the
performance of honest nodes. Moreover, our algorithms are efficient, maintain
low stretch, and avoid hot spots in the network. We validate our design with a
PlanetLab implementation and a Facebook plugin.Comment: 15 page