TrustedKad – Application of Trust Mechanisms to a Kademlia-Based Peer-to-Peer Network DISSERTATION To Obtain the Academic Degree Doctor Rerum Naturalium (Dr. rer. nat.) In Computer Science Submitted to the Faculty of Business Administration and Economics Institute for Computer Science and Business Information Systems University of Duisburg-Essen, Germany By Dipl.-Wirt.-Inf. Michael Kohnen Born in Herten, Germany Date of Disputation: 10 November 2014 Reviewers: 1. Prof. Dr.-Ing. Erwin P. Rathgeb 2. Prof. Dr. Bruno Müller-Clostermann II TrustedKad – Application of Trust Mechanisms to a Kademlia-Based Peer-to-Peer Network Abstract Peer-to-peer networks (P2P) are distributed systems that consist of equal nodes (“peers”). In contrast to classic client/server systems, there is no hierarchy or central enti- ty: All peers offer services and use them at the same time. In the past decade, a multitude of different P2P applications has been developed – filesharing applications such as Bit- Torrent and eMule and communication applications such as Skype are among the most popular of them. Research has shown that P2P networks are vulnerable to different kinds of attacks. Known attacks include, e.g., the Sybil attack and the Eclipse attack. Traditional counter- measures against the attacks are replication and the usage of disjoint routing paths to reduce the probability of interacting with malicious nodes during a routing or storage operation. More recently, trust mechanisms have been proposed and analyzed for applicability to P2P networks. The existing related work mostly targets unstructured P2P networks – however, in real-world environments, the structured networks prevail. Especially imple- mentations of the Kademlia algorithm are widely spread, as it is used by BitTorrent and eMule. Nevertheless, none of the trust-based approaches that aim at structured networks specifically attempts to enhance Kademlia’s security. Due to Kademlia’s prevalence, TrustedKad is particularly designed by the author to im- prove the security of the Kademlia algorithm. In this thesis, TrustedKad is introduced and its functioning is explained. TrustedKad rates the behavior of nodes after routing and storage operations as either positive or negative. To do so, it defines the rules by which inoffensive and malicious be- havior is identified in dependence of the functioning of the Kademlia algorithm. Based on the ratings, routing and storage trust values are calculated to identify inoffensive and ma- licious nodes. Every node uses thresholds for these trust values to decide which nodes it regards as trustworthy. Non-trustworthy nodes are avoided during a node’s own opera- tions. Furthermore, TrustedKad uses additional security features to further increase the security of the system. They are introduced in this thesis. In order to evaluate TrustedKad, it is implemented and analyzed in a simulation environ- ment. The results presented in this thesis show that TrustedKad is able to distinguish inof- fensive and malicious nodes. It counters miscellaneous variations of known attacks and improves the security of Kademlia-based networks considerably. TrustedKad – Application of Trust Mechanisms to a Kademlia-Based Peer-to-Peer Network III Zusammenfassung Peer-to-Peer-Netzwerke (P2P) sind verteilte Systeme, die aus gleichberechtigten Knoten („Peers“) bestehen. Im Gegensatz zu klassischen Client-Server-Systemen gibt es in P2P- Netzwerken keine hierarchischen Ebenen oder zentrale Kontrolleinheiten: Alle Peers bie- ten gleichzeitig Dienste an und nutzen sie. Im vergangenen Jahrzehnt ist eine Vielzahl ver- schiedener P2P-Anwendungen entwickelt worden – Filesharing-Anwendungen wie BitTor- rent und eMule und Kommunikations-Anwendungen wie Skype gehören zu den bekann- testen von ihnen. Forschungsarbeiten haben gezeigt, dass P2P-Netzwerke anfällig für verschiedene Arten von Angriffen sind. Bekannte Angriffe sind z.B. die Sybil- und die Eclipse-Attack. Die übli- chen Gegenmaßnahmen gegen die Angriffe sind Replikation und das Verwenden von dis- junkten Routing-Pfaden, um die Wahrscheinlichkeit zu reduzieren, während einer Rou- ting- oder Storage-Operation mit bösartigen Knoten zu interagieren. Seit einiger Zeit wird die Anwendung von Vertrauensmechanismen auf P2P-Netzwerke untersucht. Existierende Arbeiten betrachten meist unstrukturierte P2P-Netzwerke – in realen Umgebungen überwiegen jedoch die strukturierten Netzwerke. Insbesondere Im- plementierungen des Kademlia-Algorithmus‘ sind weit verbreitet, da er von BitTorrent und eMule genutzt wird. Dennoch versucht keiner der vertrauensbasierten Ansätze, die strukturierte Netzwerke behandeln, speziell die Sicherheit von Kademlia zu verbessern. Aufgrund der Verbreitung von Kademlia wird TrustedKad vom Autor entwickelt, um die Sicherheit des Kademlia-Algorithmus‘ zu verbessern. In dieser Arbeit wird TrustedKad eingeführt und die Funktionsweise erläutert. TrustedKad bewertet das Verhalten von Knoten nach Routing- oder Storage-Operationen als entweder positiv oder negativ. Dafür definiert TrustedKad unter Berücksichtigung der Funktionsweise von Kademlia die Regeln, nach denen gut- und bösartiges Verhalten iden- tifiziert wird. Basierend auf diesen Bewertungen werden Vertrauenswerte für Routing und Storage berechnet, um gutartige und bösartige Knoten zu erkennen. Jeder Knoten nutzt Schwellwerte für diese Vertrauenswerte, um zu entscheiden, welche Knoten er als vertrauenswürdig ansieht. Nicht vertrauenswürdige Knoten werden während der eigenen Operationen eines Knotens vermieden. Darüber hinaus nutzt TrustedKad zusätzliche Si- cherheitsfunktionen, um die Sicherheit des Systems weiter zu erhöhen. Diese werden im Verlauf dieser Arbeit vorgestellt. Um TrustedKad zu evaluieren, wird es in einer Simulationsumgebung implementiert und analysiert. Die in dieser Arbeit präsentierten Ergebnisse zeigen, dass TrustedKad in der Lage ist, gutartige und bösartige Knoten zu unterscheiden. Es wehrt verschiedene Variati- onen von bekannten Angriffen ab und verbessert die Sicherheit von Kademlia-basierten Netzwerken deutlich. TrustedKad – Application of Trust Mechanisms to a Kademlia-Based Peer-to-Peer Network V Relevant Publications of the Author The following publications of the author are related to this thesis: Michael Kohnen, Mike Leske, and Erwin P. Rathgeb: “Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network”. IFIP Networking Conference, May 2009. [1] Michael Kohnen, Jan Gerbecks, and Erwin P. Rathgeb: “Applying Certificate-Based Routing to a Kademlia-Based Distributed Hash Table”. IARIA Conference on Advances in Peer-to- Peer Systems (AP2PS), November 2011. [2] Michael Kohnen: “Analysis and Optimization of Routing Trust Values in a Kademlia-Based Distributed Hash Table in a Malicious Environment”. IEEE Baltic Congress on Future Inter- net Communications (BCFIC), April 2012. [3] Michael Kohnen: “Applying Trust and Reputation Mechanisms to a Kademlia-Based Dis- tributed Hash Table”. IEEE International Conference on Communications (ICC), June 2012. [4] The IEEE ICC and IEEE BCFIC publications contain parts of the TrustedKad concept and preliminary results. More details on the publications are given in Section 3.4. TrustedKad – Application of Trust Mechanisms to a Kademlia-Based Peer-to-Peer Network VII List of Figures Figure 1: Relation between overlay and underlay network [24] .......................................... 3 Figure 2: Topology of a client-server network [20] ............................................................... 9 Figure 3: Topology of a centralized P2P network [20] ........................................................ 10 Figure 4: Topology of a pure P2P network [20] ................................................................... 11 Figure 5: Topology of a hybrid P2P network [20] ................................................................ 12 Figure 6: DHT layer model (based on [24]).......................................................................... 14 Figure 7: Iterative and recursive routing ............................................................................. 15 Figure 8: Direct and indirect storage (based on [24]) ......................................................... 16 Figure 9: Address space with four uniformly distributed nodes and their responsibility areas ................................................................................................................................ 18 Figure 10: The first three k-buckets of node 001... [21] ...................................................... 19 Figure 11: Flowchart of the handling of an incoming message (based on [50]) ................. 19 Figure 12: Flowchart of a Kademlia Lookup procedure ...................................................... 21 Figure 13: Schema of several network partitions................................................................ 23 Figure 14: Static and dynamic crypto puzzles of S/Kademlia [53] ...................................... 28 Figure 15: Node ID generation ............................................................................................ 39 Figure 16: A node and its trust management nodes ........................................................... 43 Figure 17: Routing trust evaluation ..................................................................................... 48 Figure 18: Flowchart of Lookup and GetHash operations with concealed content item ID53 Figure 19: Handling of incoming GetHash message with and without concealment of target ID .........................................................................................................................