Advertisement

Peer-to-Peer Networking and Applications

, Volume 4, Issue 4, pp 420–438 | Cite as

An identity-based approach to secure P2P applications with Likir

  • Luca Maria Aiello
  • Marco Milanesio
  • Giancarlo Ruffo
  • Rossano Schifanella
Article

Abstract

Structured overlay networks are highly susceptible to attacks aimed at subverting their structure or functionalities. Although many secure architectural design proposals have been presented in the past, a widely accepted and comprehensive solution is lacking. Likir (Layered Identity-based Kademlia-like Infrastructure) is our solution for implementing a secure Peer-to-Peer network based on a Distributed Hash Table. Our purpose is to focus on three main goals: (1) providing security services and a secure overlay infrastructure against the vast majority of security threats on P2P systems, (2) dynamically creating a bridge between randomly generated peer identifiers and user identities, and (3) supplying the developer with a middleware API that can easily deal with peers’ identities. Placing the emphasis on user identity results in a highly secure distributed framework which is very fitting for privacy-aware and efficient implementation of identity-based applications like social networking applications. Detailed security analysis and performance evaluation are provided. Moreover, an implementation of Likir is introduced and a case study is presented in order to show its practical use in a real-life example.

Keywords

DHT Routing poisoning Sybil attack Storage attacks Distributed social networking systems 

Notes

Acknowledgements

This work was produced in part within the “TeTraCo” project, with support of MIUR (“Progetti di ricerca e formazione ai sensi dell’art.13 del D.M. 593/00—Distretto ICT Piemontese”).

We would like to thank the anonymous reviewers for their precious suggestions, that have been useful to improve the paper. A special thank to Mark Lillibridge, HP Senior Research Scientist, who gave us useful suggestions during the Eight International Conference on P2P Computing, Aachen 2008.

References

  1. 1.
    Abbas S, Pouwelse J, Epema D, Sips H (2009) A gossip-based distributed social networking system. In: WETICE’09: 18th IEEE international workshops on enabling technologies. Groningen, Netherlands. IEEE Computer Society, 29 June–1 July 2009, pp 93–98Google Scholar
  2. 2.
    Aiello LM, Milanesio M, Ruffo G, Schifanella R (2008) Tempering Kademlia with a robust identity based system. In: P2P ’08: Proceedings of the 2008 eighth international conference on peer-to-peer computing. IEEE Computer Society, Washington, DC, USA, pp 30–39. doi: 10.1109/P2P.2008.40
  3. 3.
    Aiello LM, Ruffo G (2010) Secure and flexible framework for decentralized social network services. In: SESOC ’10: Security and Social Networking Workshop. IEEE Computer Society, pp 594–599Google Scholar
  4. 4.
    Dharanipragada Janakiram J (2009) SyMon: Defending large structured P2P systems against sybil attack. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USAGoogle Scholar
  5. 5.
    Baumgart I, Mies S (2007) S/Kademlia: a practicable approach towards secure key-based routing. In: Proc. of P2P-NVE 2007 in conjunction with ICPADS 2007, Hsinchu, Taiwan, vol 2. doi: 10.1109/ICPADS.2007.4447808
  6. 6.
    Bender A, Sherwood R, Monner D, Goergen N, Spring N, Bhattacharjee B (2009) Fighting spam with the NeighborhoodWatch DHT. In: INFOCOMGoogle Scholar
  7. 7.
    Bird R, Gopal I, Herzberg A, Janson P, Kutten S, Molva R, Yung M (1992) Systematic design of a family of attack-resistant authentication protocols. Tech. rep., IBM Raleigh, Watson and Zurich LaboratoriesGoogle Scholar
  8. 8.
    Boneh D, Franklin M (2003) Identity-based encryption from the Weil Pairing. SIAM J Comput 32(3):586–615. doi: 10.1137/S0097539701398521 MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Brunner R (2006) A performance evaluation of the kad protocol. Master’s thesis, Institut EurecomGoogle Scholar
  10. 10.
    Buchegger S, Datta A (2009) A Case for P2P infrastructure for social networks—opportunities and challenges. In: WONS’09: 6th international conference on wireless on-demand network systems and services. Snowbird, Utah, USAGoogle Scholar
  11. 11.
    Buchegger S, Schiöberg D, Vu LH, Datta A (2009) PeerSoN: P2P social networking—early experiences and insights. In: SNS’09: 2nd ACM workshop on social network systems social network systems. Nürnberg, GermanyGoogle Scholar
  12. 12.
    Castro M, Druschel P, Ganesh A, Rowstron A, Wallach DS (2002) Secure routing for structured peer-to-peer overlay networks. In: OSDI ’02: proceedings of the 5th symposium on operating systems design and implementation. ACM, New York, NY, USA, pp 299–314. doi: 10.1145/1060289.1060317
  13. 13.
    Cheng BN, Yuksel M, Kalyanaraman S (2009) Virtual direction routing for overlay networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USAGoogle Scholar
  14. 14.
    Cocks C (2001) An identity based encryption scheme based on quadratic residues. In: Proc. of the 8th IMA int. conf. on cryptography and coding. Springer, London, UK, pp 360–363Google Scholar
  15. 15.
    Condie T, Kacholia V, Sankararaman S, Hellerstein JM, Maniatis P (2006) Induced churn as shelter from routing-table poisoning. In: Proc. of NDSS 2006, San Diego, California, USAGoogle Scholar
  16. 16.
    Cutillo LA, Molva R, Strufe T (2009) Leveraging social links for trust and privacy in networks. In: INet Sec 2009. Open Research Problems in Network Security. Zurich, SwitzerlandGoogle Scholar
  17. 17.
    Douceur J (2002) The sybil attack. In: Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS)Google Scholar
  18. 18.
    Ennan Z, Ruichuan C, Zhuhua C, Long Z, Huiping S, Eng KL, Sihan Q, Liyong T, Zhong C (2009) Virtual direction routing for overlay networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USAGoogle Scholar
  19. 19.
    Gangishetti R, Gorantla MC, Saxena A (2005) A survey on ID-based cryptographic primitives. Cryptology eprint archive, report2005/094Google Scholar
  20. 20.
    Guerraoui R, Huguenin K, Kermarrec AM, Monod M (2009) On tracking freeriders in gossip protocols. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USAGoogle Scholar
  21. 21.
    Iamnitchi A, Ripeanu M, Foster I (2004) Small world file sharing communities. In: InfoCom ’04: proceedings of the 23rd conference of the IEEE communications society. http://citeseer.ist.psu.edu/iamnitchi04smallworld.html
  22. 22.
    Josang A, Ismail R, Boyd C (2007) A survey of trust and reputation systems for online service provision. Decis Support Syst 43(2):618–644CrossRefGoogle Scholar
  23. 23.
    Kamvar SD, Schlosser MT, Garcia-Molina H (2003) The eigentrust algorithm for reputation management in P2P networks. In: WWW ’03: proceedings of the 12th international conference on World Wide Web. ACM, New York, NY, USA, pp 640–651Google Scholar
  24. 24.
    Kubiatowicz J, Bindel D, Chen Y, Czerwinski S, Eaton P, Geels D, Gummadi R, Rhea S, Weatherspoon H, Weimer W, Wells C, Zhao B (2000) Oceanstore: an architecture for global-scale persistent storage, pp 190–201Google Scholar
  25. 25.
    Lesueur F, Me L, Viet Triem Tong V (2009) An efficient distributed pki for structured P2P networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USAGoogle Scholar
  26. 26.
    Liang J, Kumar R, Xi Y, Ross K (2005) Pollution in P2P file sharing systems. In: INFOCOM 2005. 24th annual joint conference of the IEEE computer and communications societies. Proceedings IEEE, pp 1174–1185Google Scholar
  27. 27.
    Liang J, Naoumov N, Ross KW (2006) The index poisoning attack in P2P file sharing systems. In: INFOCOMGoogle Scholar
  28. 28.
    Lou X, Hwang K (2006) Prevention of index-poisoning DDoS attacks in peer-to-peer file-sharing networks (submitted to IEEE Trans. on Multimedia, Special Issue on Content Storage and Delivery in P2P Networks)Google Scholar
  29. 29.
    Lynn B (2007) On the implementation of pairing-based cryptosystems. PhD thesis, Stanford UniversityGoogle Scholar
  30. 30.
    Maccari L, Rosi M, Fantacci R, Chisci L, Milanesio M, Aiello LM (2009) Avoiding eclipse attacks on Kad/Kademlia: an identity based approach. In: ICC 2009 communication and information systems security symposium. Dresden, GermanyGoogle Scholar
  31. 31.
    Maymounkov P, Mazières D (2002) Kademlia: a peer-to-peer information system based on the XOR metric. In: IPTPS 2002, pp 53–65Google Scholar
  32. 32.
    Mislove A, Post A, Reis C, Willmann P, Druschel P, Wallach DS, Bonnaire X, Sens P, Busca JM, Arantes-Bezerra L (2003) POST: a secure, resilient, cooperative messaging system. In: HOTOS’03: proceedings of the 9th conference on Hot Topics in Operating Systems. USENIX Association, Berkeley, CA, USA, pp 11–11Google Scholar
  33. 33.
    Naoumov N, Ross K (2006) Exploiting P2P systems for DDoS attacks. In: InfoScale ’06: Proceedings of the 1st international conference on scalable information systems. ACM, New York, NY, USA, p 47CrossRefGoogle Scholar
  34. 34.
    Recordon D, Reed D (2006) Openid 2.0: a platform for user-centric identity management. In: DIM ’06: proceedings of the second ACM workshop on Digital identity management. ACM, New York, NY, USA, pp 11–16. doi: 10.1145/1179529.1179532
  35. 35.
    Ross K, Liang J, Naoumov N (2005) Efficient blacklisting and pollution-level estimation in P2P file-sharing systems. In: Proc. of Asian internet engineering conferenceGoogle Scholar
  36. 36.
    Rowaihy H, Enck W, McDaniel P, Porta TL (2005) Limiting sybil attacks in structured peer-to-peer networks. Tech. Rep. NAS-TR-0017-2005, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USAGoogle Scholar
  37. 37.
    Rowstron A, Druschel P (2001) Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Middleware’01: proceedings of the IFIP/ACM international conference on distributed systems platforms. Springer-Verlag, London, UK, pp 329–350Google Scholar
  38. 38.
    Rowstron A, Kermarrec AM, Castro M, Druschel P (2001) Scribe: the design of a large-scale event notification infrastructure. In: Proc. of the third international workshop on Networked Group Communication (NGC 2001), pp 30–43Google Scholar
  39. 39.
    Ryu S, Butler K, Traynor P, McDaniel P (2007) Leveraging identity-based cryptography for node id assignment in structured P2P systems. In: Proc. of AINAW ’07. IEEE Computer Society, Washington, DC, USA, pp 519–524. doi: 10.1109/AINAW.2007.221
  40. 40.
    Shamir A (1985) Identity based cryptosystems and signature schemes. In: CRYPTO 84: proceedings of advances in cryptology. Springer, New York, NY, USA, pp 47–53Google Scholar
  41. 41.
    Singh A, Ngan TW, Druschel P, Wallach D (2006) Eclipse attacks on overlays: threats and defenses. In: Proc. of the 25th IEEE InfoCom 2006. IEEE Computer Society, Barcelona, SpanienGoogle Scholar
  42. 42.
    Sit E, Morris R (2002) Security considerations for peer-to-peer distributed hash tables. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer, London, UK, pp 261–269Google Scholar
  43. 43.
    Srivatsa M, Xiong L, Liu L (2005) TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks. In: WWW ’05: 14th international conference on World Wide Web, pp 422–431. doi: 10.1145/1060745.1060808
  44. 44.
    Steiner M, En-Najjary T, Biersack EW (2007) Exploiting KAD: possible uses and misuses. SIGCOMM Comput Commun Rev 37(5):65–70CrossRefGoogle Scholar
  45. 45.
    Steiner M, En-Najjary T, Biersack EW (2007) A global view of KAD. In: IMC ’07: proc. of the 7th ACM SIGCOMM. ACM, New York, NY, USA, pp 117–122. doi: 10.1145/1298306.1298323
  46. 46.
    Stoica I, Morris R, Karger D, Kaashoek MF, Balakrishnan H (2001) Chord: a scalable peer-to-peer lookup service for internet applications. In: SIGCOMM ’01: proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications. ACM, New York, NY, USA, pp 149–160. doi: 10.1145/383059.383071
  47. 47.
    Urdaneta G, Pierre G, Van Steen M (2009) A survey of DHT security techniques. ACM Computing Surveys. http://www.globule.org/publi/SDST_acmcs2009.html
  48. 48.
    Wang H, Zhu Y, Hu Y (2005) An efficient and secure peer-to-peer overlay network. In: LCN ’05: proceedings of the the IEEE conference on local computer networks. IEEE Computer Society, Washington, DC, USA, pp 764–771. doi: 10.1109/LCN.2005.27
  49. 49.
    Wang P, Osipkov I, Hopper N, Kim Y (2006) Myrmic: secure and robust dht routing. Tech. rep., DTC ResearchGoogle Scholar
  50. 50.
    Yu H, Gibbons PB, Kaminsky M, Xiao F (2008) Sybillimit: a near-optimal social network defense against sybil attacks. In: IEEE symposium on security and privacy, 2008. SP 2008, pp 3–17Google Scholar

Copyright information

© Springer Science + Business Media, LLC 2011

Authors and Affiliations

  • Luca Maria Aiello
    • 1
  • Marco Milanesio
    • 1
  • Giancarlo Ruffo
    • 1
  • Rossano Schifanella
    • 1
  1. 1.Computer Science DepartmentUniversità degli Studi, di TorinoTorinoItaly

Personalised recommendations