Abstract
Structured overlay networks are highly susceptible to attacks aimed at subverting their structure or functionalities. Although many secure architectural design proposals have been presented in the past, a widely accepted and comprehensive solution is lacking. Likir (Layered Identity-based Kademlia-like Infrastructure) is our solution for implementing a secure Peer-to-Peer network based on a Distributed Hash Table. Our purpose is to focus on three main goals: (1) providing security services and a secure overlay infrastructure against the vast majority of security threats on P2P systems, (2) dynamically creating a bridge between randomly generated peer identifiers and user identities, and (3) supplying the developer with a middleware API that can easily deal with peers’ identities. Placing the emphasis on user identity results in a highly secure distributed framework which is very fitting for privacy-aware and efficient implementation of identity-based applications like social networking applications. Detailed security analysis and performance evaluation are provided. Moreover, an implementation of Likir is introduced and a case study is presented in order to show its practical use in a real-life example.
Similar content being viewed by others
Notes
The RC design is just functional to our experiment, it is not an element of the Likir architecture.
Likir library is available at http://likir.di.unito.it.
References
Abbas S, Pouwelse J, Epema D, Sips H (2009) A gossip-based distributed social networking system. In: WETICE’09: 18th IEEE international workshops on enabling technologies. Groningen, Netherlands. IEEE Computer Society, 29 June–1 July 2009, pp 93–98
Aiello LM, Milanesio M, Ruffo G, Schifanella R (2008) Tempering Kademlia with a robust identity based system. In: P2P ’08: Proceedings of the 2008 eighth international conference on peer-to-peer computing. IEEE Computer Society, Washington, DC, USA, pp 30–39. doi:10.1109/P2P.2008.40
Aiello LM, Ruffo G (2010) Secure and flexible framework for decentralized social network services. In: SESOC ’10: Security and Social Networking Workshop. IEEE Computer Society, pp 594–599
Dharanipragada Janakiram J (2009) SyMon: Defending large structured P2P systems against sybil attack. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA
Baumgart I, Mies S (2007) S/Kademlia: a practicable approach towards secure key-based routing. In: Proc. of P2P-NVE 2007 in conjunction with ICPADS 2007, Hsinchu, Taiwan, vol 2. doi:10.1109/ICPADS.2007.4447808
Bender A, Sherwood R, Monner D, Goergen N, Spring N, Bhattacharjee B (2009) Fighting spam with the NeighborhoodWatch DHT. In: INFOCOM
Bird R, Gopal I, Herzberg A, Janson P, Kutten S, Molva R, Yung M (1992) Systematic design of a family of attack-resistant authentication protocols. Tech. rep., IBM Raleigh, Watson and Zurich Laboratories
Boneh D, Franklin M (2003) Identity-based encryption from the Weil Pairing. SIAM J Comput 32(3):586–615. doi:10.1137/S0097539701398521
Brunner R (2006) A performance evaluation of the kad protocol. Master’s thesis, Institut Eurecom
Buchegger S, Datta A (2009) A Case for P2P infrastructure for social networks—opportunities and challenges. In: WONS’09: 6th international conference on wireless on-demand network systems and services. Snowbird, Utah, USA
Buchegger S, Schiöberg D, Vu LH, Datta A (2009) PeerSoN: P2P social networking—early experiences and insights. In: SNS’09: 2nd ACM workshop on social network systems social network systems. Nürnberg, Germany
Castro M, Druschel P, Ganesh A, Rowstron A, Wallach DS (2002) Secure routing for structured peer-to-peer overlay networks. In: OSDI ’02: proceedings of the 5th symposium on operating systems design and implementation. ACM, New York, NY, USA, pp 299–314. doi:10.1145/1060289.1060317
Cheng BN, Yuksel M, Kalyanaraman S (2009) Virtual direction routing for overlay networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA
Cocks C (2001) An identity based encryption scheme based on quadratic residues. In: Proc. of the 8th IMA int. conf. on cryptography and coding. Springer, London, UK, pp 360–363
Condie T, Kacholia V, Sankararaman S, Hellerstein JM, Maniatis P (2006) Induced churn as shelter from routing-table poisoning. In: Proc. of NDSS 2006, San Diego, California, USA
Cutillo LA, Molva R, Strufe T (2009) Leveraging social links for trust and privacy in networks. In: INet Sec 2009. Open Research Problems in Network Security. Zurich, Switzerland
Douceur J (2002) The sybil attack. In: Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS)
Ennan Z, Ruichuan C, Zhuhua C, Long Z, Huiping S, Eng KL, Sihan Q, Liyong T, Zhong C (2009) Virtual direction routing for overlay networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA
Gangishetti R, Gorantla MC, Saxena A (2005) A survey on ID-based cryptographic primitives. Cryptology eprint archive, report2005/094
Guerraoui R, Huguenin K, Kermarrec AM, Monod M (2009) On tracking freeriders in gossip protocols. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA
Iamnitchi A, Ripeanu M, Foster I (2004) Small world file sharing communities. In: InfoCom ’04: proceedings of the 23rd conference of the IEEE communications society. http://citeseer.ist.psu.edu/iamnitchi04smallworld.html
Josang A, Ismail R, Boyd C (2007) A survey of trust and reputation systems for online service provision. Decis Support Syst 43(2):618–644
Kamvar SD, Schlosser MT, Garcia-Molina H (2003) The eigentrust algorithm for reputation management in P2P networks. In: WWW ’03: proceedings of the 12th international conference on World Wide Web. ACM, New York, NY, USA, pp 640–651
Kubiatowicz J, Bindel D, Chen Y, Czerwinski S, Eaton P, Geels D, Gummadi R, Rhea S, Weatherspoon H, Weimer W, Wells C, Zhao B (2000) Oceanstore: an architecture for global-scale persistent storage, pp 190–201
Lesueur F, Me L, Viet Triem Tong V (2009) An efficient distributed pki for structured P2P networks. In: P2P ’09: proceedings of the 2009 ninth international conference on peer-to-peer computing. IEEE Computer Society, Seattle, WA, USA
Liang J, Kumar R, Xi Y, Ross K (2005) Pollution in P2P file sharing systems. In: INFOCOM 2005. 24th annual joint conference of the IEEE computer and communications societies. Proceedings IEEE, pp 1174–1185
Liang J, Naoumov N, Ross KW (2006) The index poisoning attack in P2P file sharing systems. In: INFOCOM
Lou X, Hwang K (2006) Prevention of index-poisoning DDoS attacks in peer-to-peer file-sharing networks (submitted to IEEE Trans. on Multimedia, Special Issue on Content Storage and Delivery in P2P Networks)
Lynn B (2007) On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University
Maccari L, Rosi M, Fantacci R, Chisci L, Milanesio M, Aiello LM (2009) Avoiding eclipse attacks on Kad/Kademlia: an identity based approach. In: ICC 2009 communication and information systems security symposium. Dresden, Germany
Maymounkov P, Mazières D (2002) Kademlia: a peer-to-peer information system based on the XOR metric. In: IPTPS 2002, pp 53–65
Mislove A, Post A, Reis C, Willmann P, Druschel P, Wallach DS, Bonnaire X, Sens P, Busca JM, Arantes-Bezerra L (2003) POST: a secure, resilient, cooperative messaging system. In: HOTOS’03: proceedings of the 9th conference on Hot Topics in Operating Systems. USENIX Association, Berkeley, CA, USA, pp 11–11
Naoumov N, Ross K (2006) Exploiting P2P systems for DDoS attacks. In: InfoScale ’06: Proceedings of the 1st international conference on scalable information systems. ACM, New York, NY, USA, p 47
Recordon D, Reed D (2006) Openid 2.0: a platform for user-centric identity management. In: DIM ’06: proceedings of the second ACM workshop on Digital identity management. ACM, New York, NY, USA, pp 11–16. doi:10.1145/1179529.1179532
Ross K, Liang J, Naoumov N (2005) Efficient blacklisting and pollution-level estimation in P2P file-sharing systems. In: Proc. of Asian internet engineering conference
Rowaihy H, Enck W, McDaniel P, Porta TL (2005) Limiting sybil attacks in structured peer-to-peer networks. Tech. Rep. NAS-TR-0017-2005, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA
Rowstron A, Druschel P (2001) Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Middleware’01: proceedings of the IFIP/ACM international conference on distributed systems platforms. Springer-Verlag, London, UK, pp 329–350
Rowstron A, Kermarrec AM, Castro M, Druschel P (2001) Scribe: the design of a large-scale event notification infrastructure. In: Proc. of the third international workshop on Networked Group Communication (NGC 2001), pp 30–43
Ryu S, Butler K, Traynor P, McDaniel P (2007) Leveraging identity-based cryptography for node id assignment in structured P2P systems. In: Proc. of AINAW ’07. IEEE Computer Society, Washington, DC, USA, pp 519–524. doi:10.1109/AINAW.2007.221
Shamir A (1985) Identity based cryptosystems and signature schemes. In: CRYPTO 84: proceedings of advances in cryptology. Springer, New York, NY, USA, pp 47–53
Singh A, Ngan TW, Druschel P, Wallach D (2006) Eclipse attacks on overlays: threats and defenses. In: Proc. of the 25th IEEE InfoCom 2006. IEEE Computer Society, Barcelona, Spanien
Sit E, Morris R (2002) Security considerations for peer-to-peer distributed hash tables. In: IPTPS ’01: revised papers from the first international workshop on peer-to-peer systems. Springer, London, UK, pp 261–269
Srivatsa M, Xiong L, Liu L (2005) TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks. In: WWW ’05: 14th international conference on World Wide Web, pp 422–431. doi:10.1145/1060745.1060808
Steiner M, En-Najjary T, Biersack EW (2007) Exploiting KAD: possible uses and misuses. SIGCOMM Comput Commun Rev 37(5):65–70
Steiner M, En-Najjary T, Biersack EW (2007) A global view of KAD. In: IMC ’07: proc. of the 7th ACM SIGCOMM. ACM, New York, NY, USA, pp 117–122. doi:10.1145/1298306.1298323
Stoica I, Morris R, Karger D, Kaashoek MF, Balakrishnan H (2001) Chord: a scalable peer-to-peer lookup service for internet applications. In: SIGCOMM ’01: proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications. ACM, New York, NY, USA, pp 149–160. doi:10.1145/383059.383071
Urdaneta G, Pierre G, Van Steen M (2009) A survey of DHT security techniques. ACM Computing Surveys. http://www.globule.org/publi/SDST_acmcs2009.html
Wang H, Zhu Y, Hu Y (2005) An efficient and secure peer-to-peer overlay network. In: LCN ’05: proceedings of the the IEEE conference on local computer networks. IEEE Computer Society, Washington, DC, USA, pp 764–771. doi:10.1109/LCN.2005.27
Wang P, Osipkov I, Hopper N, Kim Y (2006) Myrmic: secure and robust dht routing. Tech. rep., DTC Research
Yu H, Gibbons PB, Kaminsky M, Xiao F (2008) Sybillimit: a near-optimal social network defense against sybil attacks. In: IEEE symposium on security and privacy, 2008. SP 2008, pp 3–17
Acknowledgements
This work was produced in part within the “TeTraCo” project, with support of MIUR (“Progetti di ricerca e formazione ai sensi dell’art.13 del D.M. 593/00—Distretto ICT Piemontese”).
We would like to thank the anonymous reviewers for their precious suggestions, that have been useful to improve the paper. A special thank to Mark Lillibridge, HP Senior Research Scientist, who gave us useful suggestions during the Eight International Conference on P2P Computing, Aachen 2008.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Aiello, L.M., Milanesio, M., Ruffo, G. et al. An identity-based approach to secure P2P applications with Likir. Peer-to-Peer Netw. Appl. 4, 420–438 (2011). https://doi.org/10.1007/s12083-010-0099-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-010-0099-6