Architecture and Components for Secure and Anonymous Peer-To

Architecture and Components for Secure and Anonymous Peer-To

Network Architectures and Ser vices Dissertation NET 2010-07-1 Architecture and Components of secure and anonymous Peer-to-Peer Systems Heiko Niedermayer Network Architectures and Services Department of Computer Science Technische Universität München Technische Universit¨at Munchen¨ Fakult¨at fur¨ Informatik Lehrstuhl fur¨ Netzarchitekturen und Netzdienste Architecture and Components of secure and anonymous Peer-to-Peer systems Heiko Niedermayer Vollst¨andiger Abdruck der von der Fakult¨at fur¨ Informatik der Technischen Universit¨at Munchen¨ zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. Johann Schlichter Prufer¨ der Dissertation: 1. Univ.-Prof. Dr. Georg Carle 2. Univ.-Prof. Dr. Claudia Eckert Die Dissertation wurde am 13.10.2009 bei der Technischen Universit¨at Munchen¨ eingereicht und durch die Fakult¨at fur¨ Informatik am 21.05.2010 angenommen. Cataloging-in-Publication Data Heiko Niedermayer Architecture and Components of secure and anonymous Peer-to-Peer Systems Dissertation, July 2010 Network Architectures and Services, Department of Computer Science Technische Universit¨at Munchen¨ ISBN 3-937201-13-0 ISSN 1868-2634 (print) ISSN 1868-2642 (electronic) Network Architectures and Services NET 2010-07-1 Series Editor: Georg Carle, Technische Universit¨at Munchen,¨ Germany c 2010, Technische Universit¨at Munchen,¨ Germany Abstract Changes to lower layers of the Internet architecture are difficult, in particular on network and transport layer. Standardization and economic incentives for manufacturers and In- ternet service providers are necessary. As a consequence, many desirable services cannot be realized there. The application layer is more flexible. End-users can run their own services and networked applications. This led to the advent of Peer-to-Peer systems in the late 1990ies. Peer-to-Peer systems enable normal users to provide the services instead. Despite the subsequent hype and research, the Peer-to-Peer paradigm is not yet a fully mature technology. In particular, it faces severe and fundamental security issues. This dissertation covers three major topics: Peer-to-Peer, Security, and Anonymity. We will present and evaluate components and a variety of aspects of the architecture of Peer-to- Peer systems. Many classifications of Peer-to-Peer systems are not suitable for describing or designing a system. There is often a focus on a small number of aspects, that do not cover all problems from bootstrapping over routing to security. We see Peer-to-Peer systems as a combination of a set of solutions. Each solution solves a particular problem and some common problems are presented as categories. This is not only suitable for filesharing applications, but also valid for commercial or future Peer-to-Peer applications. Description is, however, not our primary goal. We think that structuring the problem of a Peer-to-Peer system into necessary components helps to design Peer-to-Peer systems and to structure the problems that need to be solved. Optimization is another issue. In case of Peer-to-Peer systems this includes a suitable distribution of load among the peers and the reduction of distances (latency) in the net- work. Systems do not necessarily end up with a uniform load. In fact, we show that most systems will not. We discuss load balancing for a distributed gaming application. A par- ticular problem for load balancing is also that items usually do not have a uniform weight. Given the common Power Law distributions some items may have an extreme weight so that load balancing can only succeed if the handling of this item is further distributed among multiple nodes. For the optimization of distances we looked at Proximity Node Selection and evaluated its impact. We created a diagram for the selection of solutions for both problems when designing a system. Security is a big problem for Peer-to-Peer systems and many security issues are caused by inherent properties of these systems. We categorize the security problems and introduce the Cheapriding attack. It is a variant of freeriding and operates against reputation systems. It can hardly be stopped completely. The basic idea to mitigate the attack is to adapt the benefit gained for a good action in a reputation systems as good as possible to the actual cost of the action. The attack may be detected by checking the weight of positive and negative feedback. Security in this thesis is not limited to security purely for Peer-to- Peer systems. The performance of cryptographic operations and transport protocols goes beyond the scope of Peer-to-Peer systems. We conclude that performance of symmetric cryptography is not a bottleneck on today’s hardware. In our studies hash functions were often more expensive than encryption. Also from this perspective it is good that ii NIST is currently organizing a competition for a new hash function standard. Public Key cryptography and Identity-based cryptography are both similar expensive and way more expensive than symmetric cryptography. However, given a moderate usage they are no problem for today’s computers. A key part in our work is about new ways to realize authentication. Our focus is again on Peer-to-Peer systems. However, the fundamental problem can also be found on human layer as well as in all Web2.0-alike networks where humans interact with each other instead of purely consuming services. Our approach fills a gap between the rather unrealistic or slightly insecure decentralized approaches and the secure centralized approaches. In the latter, a central authority exists and provides the base for authentication and other security services. We build our work on social clusters of humans that can be used to partition the network into domains. Each domain has a centralized authority. The more scalable level of the domains is used to establish trust between different domains. This requires that the protocols as well as software that uses them need to be able to deal with the uncertainty when no trust yet exists. For the authentication we developed two authentication protocols that include all necessary four parties (A and B as well as their local authorities). Finally, anonymity is another domain where the Peer-to-Peer paradigm is a reasonable choice. We describe the fundamental operation of anonymization networks and have a special look at the system I2P. The anonymization concept MORE was in parts co-authored by the author of this thesis. We will describe the system and analyze it. MORE was developed to protect client and server and to fight pattern-based attacks. The analysis will show that even the radical approach of MORE is not sufficient to completely prevent this kind of attacks. Zusammenfassung Die Einfuhrung¨ neuer Dienste im Internet ist schwierig, sei es auf Netzwerk- oder auch Transportschicht. Dies erfordert Standardisierung in den entsprechenden Gremien. Ohne signifikante wirtschaftliche Anreize fur¨ Hersteller und Internet-Service-Provider ist daruber-¨ hinaus mit keiner weitreichenden Einfuhrung¨ zu rechnen. Aus diesem Grund k¨onnen viele wunschenswerte¨ Dienste, beispielsweise Internet-weiter Multicast, dort nicht realisiert wer- den. Die Alternative ist die Realisierung dieser Funktionalit¨at auf der Anwendungsschicht. Diese ist deutlich flexibler und erlaubt auch normalen Anwendern die Gestaltung eigener Dienste und verteilter Anwendungen. Der Aufstieg der Peer-to-Peer-Systeme zur zeitweise gr¨oßten Verkehrsquelle im Internet ist ein Ergebnis dieser Situation. Dennoch ist das Peer- to-Peer-Paradigma keine vollverstandene Technik. Insbesondere hat sie mit schwerwiegen- den und fundamentalen Sicherheitsproblemen zu k¨ampfen. In dieser Arbeit werden drei große Themenbereich bearbeitet und miteinander verknupft.¨ Dies sind Peer-to-Peer-Systeme, Netzwerksicherheit und Anonymit¨at. Zuerst werden Kom- ponenten und verschiedene Aspekte der Architektur von Peer-to-Peer-Systemen vorgestellt und evaluiert. Viele Klassifizierungen von Peer-to-Peer-Systemen eignen sich nur wenig zur eigentlichen Systembeschreibung oder als Architekturhilfe. Insbesondere vernachl¨assigen sie die ganzheitliche Betrachtung der Systeme, die vom Bootstrapping uber¨ Routing bis zur Sicherheit reicht. Aus diesem Grund werden hier Peer-to-Peer-Systeme als eine Kombina- tion einer Menge von kleineren Problemstellungen mit verschiedenen L¨osungen als einzelne Bausteine betrachtet. Diese Betrachtung eignet sich daruberhinaus¨ nicht nur fur¨ klassis- che Filesharingnetze, sondern ist generisch genug, um zukunftige¨ wie auch kommerzielle Systeme beschreiben zu k¨onnen. Die Beschreibung ist allerdings nur ein sekund¨ares Ziel, vielmehr soll durch die Betrachtung der notwendigen Komponenten die Architektur von Systemen erleichert und strukturierter werden. Zur Architektur von Systemen geh¨ort nebem dem abstrakten Entwurf auch die Opti- mierung der Leistungsf¨ahigkeit. Im Falle von Peer-to-Peer-Systemen beinhaltet dies u.a. die geeignete Verteilung von Last sowie die Optimierung der Abst¨ande (Latenzen) im Netzwerk. In der Arbeit wird dazu gezeigt, dass sich nicht zwingend eine gleichf¨ormige Belastung der Systeme einstellt. Fur¨ eine virtuelle Spieleanwendung wurde gezeigt, wie sich Last optimieren l¨asst. Daruberhinaus¨ ist zu beachten, dass einzelne Elemente im System ein starkes Gewicht haben k¨onnen und die Verteilung einer Aufgabe auf mehrere Knoten daher oft notwendig erscheint. Zur Optimierung der Distanzen im Netzwerk wurde Proximity Node Selection untersucht

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    188 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us