User-Relative Names for Globally Connected Personal Devices

Nontechnical users who own increasingly ubiquitous network-enabled personal devices such as laptops, digital cameras, and smart phones need a simple, intuitive, and secure way to share information and services between their devices. User Information Architecture, or UIA, is a novel naming and peer-to-peer connectivity architecture addressing this need. Users assign UIA names by "introducing" devices to each other on a common local-area network, but these names remain securely bound to their target as devices migrate. Multiple devices owned by the same user, once introduced, automatically merge their namespaces to form a distributed "personal cluster" that the owner can access or modify from any of his devices. Instead of requiring users to allocate globally unique names from a central authority, UIA enables users to assign their own "user-relative" names both to their own devices and to other users. With UIA, for example, Alice can always access her iPod from any of her own personal devices at any location via the name "ipod", and her friend Bob can access her iPod via a relative name like "ipod.Alice".Comment: 7 pages, 1 figure, 1 tabl

Deniable group communications in the presence of global unlimited adversary

Предлагается использовать децентрализованные отказуемые групповые коммуникации для обеспечения защищённости общения в модели нарушителя, имеющего доступ к инфраструктуре передачи данных, а также неограниченное финансирование. За основу взят существующий протокол групповых отказуемых коммуникаций multi-party Off-the-Record (mpOTR), допускающий работу на децентрализованном транспорте, его свойства совершенной прямой секретности улучшены за счёт введения процедуры продвижения ключевого материала (Key Ratcheting). Предложена полностью децентрализованная система защищённых групповых коммуникаций, обладающая свойствами отказуемости, согласованности текста переписки и улучшеными свойствами совершенной прямой секретности, а также способная противостоять Sybil-атакам. Соответствующее программное средство реализовано на языке JavaScript и обеспечивает защищённую передачу сообщений между браузерами в условиях отсутствия центрального сервера

Sybil attacks against mobile users: friends and foes to the rescue

Collaborative applications for co-located mobile users can be severely disrupted by a sybil attack to the point of being unusable. Existing decentralized defences have largely been designed for peer-to-peer networks but not for mobile networks. That is why we propose a new decentralized defence for portable devices and call it MobID. The idea is that a device manages two small networks in which it stores information about the devices it meets: its network of friends contains honest devices, and its network of foes contains suspicious devices. By reasoning on these two networks, the device is then able to determine whether an unknown individual is carrying out a sybil attack or not. We evaluate the extent to which MobID reduces the number of interactions with sybil attackers and consequently enables collaborative applications.We do so using real mobility and social network data. We also assess computational and communication costs of MobID on mobile phones

Next-Generation Distributed Hash Tables

Distributed Hash Tables (DHTs) serve as the backbone of numerous modern decentralized systems like the InterPlanetary File System (IPFS) and Ethereum. As these systems evolve and expand, there is a growing need to enhance and optimize their underlying network support. In response to these challenges, we embark on the development of a new class of DHTs, marked by efficiency, security, and suitability for real-world deployments. We achieve this by making changes in the routing procedures, incorporating latency-aware routing, and harnessing recent hardware advancements

Detection and mitigation of the eclipse attack in chord overlays

Distributed hash table-based overlays are widely used to support efficient information routing and storage in structured peer-to-peer networks, but they are also subject to numerous attacks aimed at disrupting their correct functioning. In this paper, we analyse the impact of the eclipse attack on a chord-based overlay in terms of number of key lookups intercepted by a collusion of malicious nodes. We propose a detection algorithm for the individuation of ongoing attacks to the chord overlay, relying on features that can be independently estimated by each network peer, which are given as input to a C4.5-based binary classifier. Moreover, we propose some modifications to the chord routing protocol in order to mitigate the effects of such attacks. The countermeasures introduce a limited traffic overhead and can operate either in a distributed fashion or assuming the presence of a centralised trusted entity. Numerical results show the effectiveness of the proposed mitigation techniques

X-Vine: Secure and Pseudonymous Routing Using Social Networks

Distributed hash tables suffer from several security and privacy vulnerabilities, including the problem of Sybil attacks. Existing social network-based solutions to mitigate the Sybil attacks in DHT routing have a high state requirement and do not provide an adequate level of privacy. For instance, such techniques require a user to reveal their social network contacts. We design X-Vine, a protection mechanism for distributed hash tables that operates entirely by communicating over social network links. As with traditional peer-to-peer systems, X-Vine provides robustness, scalability, and a platform for innovation. The use of social network links for communication helps protect participant privacy and adds a new dimension of trust absent from previous designs. X-Vine is resilient to denial of service via Sybil attacks, and in fact is the first Sybil defense that requires only a logarithmic amount of state per node, making it suitable for large-scale and dynamic settings. X-Vine also helps protect the privacy of users social network contacts and keeps their IP addresses hidden from those outside of their social circle, providing a basis for pseudonymous communication. We first evaluate our design with analysis and simulations, using several real world large-scale social networking topologies. We show that the constraints of X-Vine allow the insertion of only a logarithmic number of Sybil identities per attack edge; we show this mitigates the impact of malicious attacks while not affecting the performance of honest nodes. Moreover, our algorithms are efficient, maintain low stretch, and avoid hot spots in the network. We validate our design with a PlanetLab implementation and a Facebook plugin.Comment: 15 page