An identity-based approach to secure P2P applications with Likir


Structured overlay networks are highly susceptible to attacks aimed at subverting their structure or functionalities. Although many secure architectural design proposals have been presented in the past, a widely accepted and comprehensive solution is lacking. Likir (Layered Identity-based Kademlia-like Infrastructure) is our solution for implementing a secure Peer-to-Peer network based on a Distributed Hash Table. Our purpose is to focus on three main goals: (1) providing security services and a secure overlay infrastructure against the vast majority of security threats on P2P systems, (2) dynamically creating a bridge between randomly generated peer identifiers and user identities, and (3) supplying the developer with a middleware API that can easily deal with peers’ identities. Placing the emphasis on user identity results in a highly secure distributed framework which is very fitting for privacy-aware and efficient implementation of identity-based applications like social networking applications. Detailed security analysis and performance evaluation are provided. Moreover, an implementation of Likir is introduced and a case study is presented in order to show its practical use in a real-life example.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4


  1. 1.

  2. 2.

    The RC design is just functional to our experiment, it is not an element of the Likir architecture.

  3. 3.

    Likir library is available at

  4. 4.


  1. 1.

    Abbas S, Pouwelse J, Epema D, Sips H (2009) A gossip-based distributed social networking system. In: WETICE’09: 18th IEEE international workshops on enabling technologies. Groningen, Netherlands. IEEE Computer Society, 29 June–1 July 2009, pp 93–98

  2. 2.

    Aiello LM, Milanesio M, Ruffo G, Schifanella R (2008) Tempering Kademlia with a robust identity based system. In: P2P ’08: Proceedings of the 2008 eighth international conference on peer-to-peer computing. IEEE Computer Society, Washington, DC, USA, pp 30–39. doi:10.1109/P2P.2008.40

  3. 3.

    Aiello LM, Ruffo G (2010) Secure and flexible framework for decentralized social network services. In: SESOC ’10: Security and Social Networking Workshop. IEEE Computer Society, pp 594–599

  4. 4.

    Dharanipragada Janakiram J (2009) SyMon: Defending large structured P2P systems against sybil attack. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA

    Google Scholar 

  5. 5.

    Baumgart I, Mies S (2007) S/Kademlia: a practicable approach towards secure key-based routing. In: Proc. of P2P-NVE 2007 in conjunction with ICPADS 2007, Hsinchu, Taiwan, vol 2. doi:10.1109/ICPADS.2007.4447808

  6. 6.

    Bender A, Sherwood R, Monner D, Goergen N, Spring N, Bhattacharjee B (2009) Fighting spam with the NeighborhoodWatch DHT. In: INFOCOM

  7. 7.

    Bird R, Gopal I, Herzberg A, Janson P, Kutten S, Molva R, Yung M (1992) Systematic design of a family of attack-resistant authentication protocols. Tech. rep., IBM Raleigh, Watson and Zurich Laboratories

  8. 8.

    Boneh D, Franklin M (2003) Identity-based encryption from the Weil Pairing. SIAM J Comput 32(3):586–615. doi:10.1137/S0097539701398521

    MathSciNet  MATH  Article  Google Scholar 

  9. 9.

    Brunner R (2006) A performance evaluation of the kad protocol. Master’s thesis, Institut Eurecom

  10. 10.

    Buchegger S, Datta A (2009) A Case for P2P infrastructure for social networks—opportunities and challenges. In: WONS’09: 6th international conference on wireless on-demand network systems and services. Snowbird, Utah, USA

    Google Scholar 

  11. 11.

    Buchegger S, Schiöberg D, Vu LH, Datta A (2009) PeerSoN: P2P social networking—early experiences and insights. In: SNS’09: 2nd ACM workshop on social network systems social network systems. Nürnberg, Germany

  12. 12.

    Castro M, Druschel P, Ganesh A, Rowstron A, Wallach DS (2002) Secure routing for structured peer-to-peer overlay networks. In: OSDI ’02: proceedings of the 5th symposium on operating systems design and implementation. ACM, New York, NY, USA, pp 299–314. doi:10.1145/1060289.1060317

  13. 13.

    Cheng BN, Yuksel M, Kalyanaraman S (2009) Virtual direction routing for overlay networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA

    Google Scholar 

  14. 14.

    Cocks C (2001) An identity based encryption scheme based on quadratic residues. In: Proc. of the 8th IMA int. conf. on cryptography and coding. Springer, London, UK, pp 360–363

    Google Scholar 

  15. 15.

    Condie T, Kacholia V, Sankararaman S, Hellerstein JM, Maniatis P (2006) Induced churn as shelter from routing-table poisoning. In: Proc. of NDSS 2006, San Diego, California, USA

  16. 16.

    Cutillo LA, Molva R, Strufe T (2009) Leveraging social links for trust and privacy in networks. In: INet Sec 2009. Open Research Problems in Network Security. Zurich, Switzerland

  17. 17.

    Douceur J (2002) The sybil attack. In: Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS)

  18. 18.

    Ennan Z, Ruichuan C, Zhuhua C, Long Z, Huiping S, Eng KL, Sihan Q, Liyong T, Zhong C (2009) Virtual direction routing for overlay networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA

    Google Scholar 

  19. 19.

    Gangishetti R, Gorantla MC, Saxena A (2005) A survey on ID-based cryptographic primitives. Cryptology eprint archive, report2005/094

  20. 20.

    Guerraoui R, Huguenin K, Kermarrec AM, Monod M (2009) On tracking freeriders in gossip protocols. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA

    Google Scholar 

  21. 21.

    Iamnitchi A, Ripeanu M, Foster I (2004) Small world file sharing communities. In: InfoCom ’04: proceedings of the 23rd conference of the IEEE communications society.

  22. 22.

    Josang A, Ismail R, Boyd C (2007) A survey of trust and reputation systems for online service provision. Decis Support Syst 43(2):618–644

    Article  Google Scholar 

  23. 23.

    Kamvar SD, Schlosser MT, Garcia-Molina H (2003) The eigentrust algorithm for reputation management in P2P networks. In: WWW ’03: proceedings of the 12th international conference on World Wide Web. ACM, New York, NY, USA, pp 640–651

    Google Scholar 

  24. 24.

    Kubiatowicz J, Bindel D, Chen Y, Czerwinski S, Eaton P, Geels D, Gummadi R, Rhea S, Weatherspoon H, Weimer W, Wells C, Zhao B (2000) Oceanstore: an architecture for global-scale persistent storage, pp 190–201

  25. 25.

    Lesueur F, Me L, Viet Triem Tong V (2009) An efficient distributed pki for structured P2P networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA

    Google Scholar 

  26. 26.

    Liang J, Kumar R, Xi Y, Ross K (2005) Pollution in P2P file sharing systems. In: INFOCOM 2005. 24th annual joint conference of the IEEE computer and communications societies. Proceedings IEEE, pp 1174–1185

  27. 27.

    Liang J, Naoumov N, Ross KW (2006) The index poisoning attack in P2P file sharing systems. In: INFOCOM

  28. 28.

    Lou X, Hwang K (2006) Prevention of index-poisoning DDoS attacks in peer-to-peer file-sharing networks (submitted to IEEE Trans. on Multimedia, Special Issue on Content Storage and Delivery in P2P Networks)

  29. 29.

    Lynn B (2007) On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University

  30. 30.

    Maccari L, Rosi M, Fantacci R, Chisci L, Milanesio M, Aiello LM (2009) Avoiding eclipse attacks on Kad/Kademlia: an identity based approach. In: ICC 2009 communication and information systems security symposium. Dresden, Germany

    Google Scholar 

  31. 31.

    Maymounkov P, Mazières D (2002) Kademlia: a peer-to-peer information system based on the XOR metric. In: IPTPS 2002, pp 53–65

  32. 32.

    Mislove A, Post A, Reis C, Willmann P, Druschel P, Wallach DS, Bonnaire X, Sens P, Busca JM, Arantes-Bezerra L (2003) POST: a secure, resilient, cooperative messaging system. In: HOTOS’03: proceedings of the 9th conference on Hot Topics in Operating Systems. USENIX Association, Berkeley, CA, USA, pp 11–11

  33. 33.

    Naoumov N, Ross K (2006) Exploiting P2P systems for DDoS attacks. In: InfoScale ’06: Proceedings of the 1st international conference on scalable information systems. ACM, New York, NY, USA, p 47

    Google Scholar 

  34. 34.

    Recordon D, Reed D (2006) Openid 2.0: a platform for user-centric identity management. In: DIM ’06: proceedings of the second ACM workshop on Digital identity management. ACM, New York, NY, USA, pp 11–16. doi:10.1145/1179529.1179532

  35. 35.

    Ross K, Liang J, Naoumov N (2005) Efficient blacklisting and pollution-level estimation in P2P file-sharing systems. In: Proc. of Asian internet engineering conference

  36. 36.

    Rowaihy H, Enck W, McDaniel P, Porta TL (2005) Limiting sybil attacks in structured peer-to-peer networks. Tech. Rep. NAS-TR-0017-2005, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA

  37. 37.

    Rowstron A, Druschel P (2001) Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Middleware’01: proceedings of the IFIP/ACM international conference on distributed systems platforms. Springer-Verlag, London, UK, pp 329–350

    Google Scholar 

  38. 38.

    Rowstron A, Kermarrec AM, Castro M, Druschel P (2001) Scribe: the design of a large-scale event notification infrastructure. In: Proc. of the third international workshop on Networked Group Communication (NGC 2001), pp 30–43

  39. 39.

    Ryu S, Butler K, Traynor P, McDaniel P (2007) Leveraging identity-based cryptography for node id assignment in structured P2P systems. In: Proc. of AINAW ’07. IEEE Computer Society, Washington, DC, USA, pp 519–524. doi:10.1109/AINAW.2007.221

  40. 40.

    Shamir A (1985) Identity based cryptosystems and signature schemes. In: CRYPTO 84: proceedings of advances in cryptology. Springer, New York, NY, USA, pp 47–53

    Google Scholar 

  41. 41.

    Singh A, Ngan TW, Druschel P, Wallach D (2006) Eclipse attacks on overlays: threats and defenses. In: Proc. of the 25th IEEE InfoCom 2006. IEEE Computer Society, Barcelona, Spanien

    Google Scholar 

  42. 42.

    Sit E, Morris R (2002) Security considerations for peer-to-peer distributed hash tables. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer, London, UK, pp 261–269

    Google Scholar 

  43. 43.

    Srivatsa M, Xiong L, Liu L (2005) TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks. In: WWW ’05: 14th international conference on World Wide Web, pp 422–431. doi:10.1145/1060745.1060808

  44. 44.

    Steiner M, En-Najjary T, Biersack EW (2007) Exploiting KAD: possible uses and misuses. SIGCOMM Comput Commun Rev 37(5):65–70

    Article  Google Scholar 

  45. 45.

    Steiner M, En-Najjary T, Biersack EW (2007) A global view of KAD. In: IMC ’07: proc. of the 7th ACM SIGCOMM. ACM, New York, NY, USA, pp 117–122. doi:10.1145/1298306.1298323

  46. 46.

    Stoica I, Morris R, Karger D, Kaashoek MF, Balakrishnan H (2001) Chord: a scalable peer-to-peer lookup service for internet applications. In: SIGCOMM ’01: proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications. ACM, New York, NY, USA, pp 149–160. doi:10.1145/383059.383071

  47. 47.

    Urdaneta G, Pierre G, Van Steen M (2009) A survey of DHT security techniques. ACM Computing Surveys.

  48. 48.

    Wang H, Zhu Y, Hu Y (2005) An efficient and secure peer-to-peer overlay network. In: LCN ’05: proceedings of the the IEEE conference on local computer networks. IEEE Computer Society, Washington, DC, USA, pp 764–771. doi:10.1109/LCN.2005.27

  49. 49.

    Wang P, Osipkov I, Hopper N, Kim Y (2006) Myrmic: secure and robust dht routing. Tech. rep., DTC Research

  50. 50.

    Yu H, Gibbons PB, Kaminsky M, Xiao F (2008) Sybillimit: a near-optimal social network defense against sybil attacks. In: IEEE symposium on security and privacy, 2008. SP 2008, pp 3–17

Download references


This work was produced in part within the “TeTraCo” project, with support of MIUR (“Progetti di ricerca e formazione ai sensi dell’art.13 del D.M. 593/00—Distretto ICT Piemontese”).

We would like to thank the anonymous reviewers for their precious suggestions, that have been useful to improve the paper. A special thank to Mark Lillibridge, HP Senior Research Scientist, who gave us useful suggestions during the Eight International Conference on P2P Computing, Aachen 2008.

Author information



Corresponding author

Correspondence to Luca Maria Aiello.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Aiello, L.M., Milanesio, M., Ruffo, G. et al. An identity-based approach to secure P2P applications with Likir. Peer-to-Peer Netw. Appl. 4, 420–438 (2011).

Download citation


  • DHT
  • Routing poisoning
  • Sybil attack
  • Storage attacks
  • Distributed social networking systems