Mitigating Sybil Attacks on the I2P Network Using Blockchain RP - - PowerPoint PPT Presentation

mitigating sybil attacks on the i2p network using
SMART_READER_LITE
LIVE PREVIEW

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP - - PowerPoint PPT Presentation

Apr 09, 2023 336 likes •723 views

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar & Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam Introduction I2P -

slide-1
SLIDE 1

Mitigating Sybil Attacks on the I2P Network Using Blockchain

RP #97, Kotaiba Alachkar & Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018

MSc Security and Network Engineering University of Amsterdam

slide-2
SLIDE 2

Introduction

slide-3
SLIDE 3

I2P - Invisible Internet Project

Anonymous Communication Network (ACN), similar to TOR, but with a few differences.

  • Fully peer-to-peer
  • No exit nodes
  • Internal communication only
  • Designed for slightly different purposes (e.g. filesharing)
  • Garlic routing
  • Unidirectional tunnels

1

slide-4
SLIDE 4

Network Topology

Figure 1: I2P network topology example 1

1https://geti2p.net/_static/images/net.png

2

slide-5
SLIDE 5

netDb - Network DataBase

  • Used for looking up resources: RouterInfos and LeaseSets
  • Distributed across so-called FloodFill routers
  • Automatically selected based on performance (e.g. bandwidth)
  • Or manually enabled
  • Each FF router is responsible for a part of the network
  • Based on Kademlia-style metric to determine closeness
  • Hash of RouterIdentity + current date
  • Changes every day at midnight (UTC)
  • aka ”keyspace rotation”

3

slide-6
SLIDE 6

I2P - User-base

Figure 2: Rough estimation of the average number of I2P nodes

4

slide-7
SLIDE 7

Sybil Attack

Figure 3: Sybil by F. R. Schreiber 2

”A case study of a woman diagnosed with dissociative identity disorder 3”

2http://whenfallsthecoliseum.com/wp-content/uploads/sybil.jpg 3https://en.wikipedia.org/wiki/Sybil_(Schreiber_book)

5

slide-8
SLIDE 8

Sybil Attacks

Create a large number of pseudonymous identities in order to cripple the peer-to-peer system Its impact depends on:

  • how cheaply identities can be generated
  • accept inputs from untrusted entities
  • whether all entities treated identically

6

slide-9
SLIDE 9

Sybil Attack on I2P

Figure 4: Partial keyspace Sybil attack example

Attack is very feasible, even with limited resources [1]

7

slide-10
SLIDE 10

Research Question

How can a Sybil attack on the I2P network be made infeasible?

8

slide-11
SLIDE 11

Methodology

slide-12
SLIDE 12

Methodology

  • Evaluate existing mitigation state on the network
  • Examine proposed solutions from previous research
  • Construct our own solution

9

slide-13
SLIDE 13

Evaluation

slide-14
SLIDE 14

Current State

  • Router election
  • Enough resources required to be considered
  • Currently, becoming FF router is not hard
  • Keyspace rotation
  • Router ID hashed with date to determine closeness
  • Possible to precompute identities
  • Blacklist
  • Block known bad IPs
  • Centralized (blogs, forums, etc.)
  • Quis custodiet ipsos custodes?

10

slide-15
SLIDE 15

Previous Research

slide-16
SLIDE 16

Previous Research: PoW

Proof-of-Work (PoW) suggested by I2P contributors [2]

  • Using HashCash 4
  • Finish PoW before creating router
  • However,
  • Difficulty of PoW hard to determine
  • Trivial for a reasonably powerful attacker

4http://www.hashcash.org/

11

slide-17
SLIDE 17

Previous Research: Reputation

Age-based reputation suggested by Egger et al. [1]

  • The longer a router is active, the higher the reputation
  • Bootstrapping issue
  • New router has no age information on peers

12

slide-18
SLIDE 18

Our Contribution

slide-19
SLIDE 19

Goal

  • Make it harder to create successful Sybil nodes
  • Create tamper-proof platform
  • Traceability
  • Evaluate FF routers
  • Offer both preventative, proactive, and retroactive solutions

13

slide-20
SLIDE 20

Criteria

Our solution should be:

  • Distributed
  • Public
  • Permissionless
  • Anonymous
  • Open-source

14

slide-21
SLIDE 21

Distributed ledger technologies - why blockchain

Distributed ledger - decentralized database which is synced and consented upon by all participants of the network

Figure 5: DLTs comparison summary

15

slide-22
SLIDE 22

Distributed ledger technologies - why blockchain

Distributed ledger - decentralized database which is synced and consented upon by all participants of the network

Figure 6: DLTs comparison summary

16

slide-23
SLIDE 23

Implementation

slide-24
SLIDE 24

General Concept

  • Keeping track of FF routers
  • Verify age
  • Determine trustworthiness of FF router
  • Use blockchain randomness for closeness metric

17

slide-25
SLIDE 25

Implementation

  • Proof-of-Work vs Proof-of-Stake
  • PoW: High computation power required to add block
  • PoS: nodes with more coins have a higher chance to add a block
  • Incentive for miners
  • Reputation
  • Nodes should make decisions individually
  • Who to trust?
  • Who not to trust?

18

slide-26
SLIDE 26

Proof-of-Stake

  • Miner chosen based on their wealth
  • Wealthier miners have a higher stake and are more likely to be

trustworthy

  • No expensive hardware required
  • Virtually all nodes are able to join
  • More decentralized than PoW
  • In PoW, miners tend to pool together

19

slide-27
SLIDE 27

Individual Decisions

Being able to make decision about trustworthiness of a router is important...

  • Be as decentralized as possible
  • Nodes can come up with own criteria
  • Strict criteria for the paranoid
  • Loose criteria for performance-minded

20

slide-28
SLIDE 28

Transaction types

MinerTransaction Reward for the miner EnrollmentTransaction Enrollment as miner RouterUp Announcement of new FF router RouterDown FF router no longer responsive

Table 1: Blockchain transactions [3]

21

slide-29
SLIDE 29

General Structure

  • First block should have all FF routers
  • Subsequent blocks update that list
  • Traverse chain to get router age

Figure 7: Overview of blockchain

22

slide-30
SLIDE 30

Positive Externalities

More advantages to blockchain...

  • Bootstrapping issue solved
  • Nonce provides non-deterministic hash for router closeness
  • Retroactively and proactively verify attacks
  • Check certain criteria
  • Individually verify attack likelihood

23

slide-31
SLIDE 31

Conclusion

slide-32
SLIDE 32

Conclusion

A Sybil attack can be made less feasible by using blockchain

  • The age and reputation of Floodfill routers can be identified
  • Routers are able to build up reputation
  • FF routers need reputation before they can join
  • The Kademlia closeness metric can be made non-deterministic

24

slide-33
SLIDE 33

Future Work

slide-34
SLIDE 34

Future Work

  • Study privacy implications
  • Implementational details
  • Exact Proof-of-Stake algorithm used
  • Analysis of the network’s performance with blockchain
  • Practical analysis of other technologies
  • Explore other solutions blockchain could provide to I2P
  • Replace netDb
  • Provide payment platform

25

slide-35
SLIDE 35

Q&A

Figure 8: Presentation Overview

26

slide-36
SLIDE 36

References

Christoph Egger, Johannes Schlumberger, Christopher Kruegel, and Giovanni Vigna. Practical attacks against the i2p network. In International Workshop on Recent Advances in Intrusion Detection, pages 432–451. Springer, 2013. I2p’s threat model, 2010. https://geti2p.net/en/docs/how/threat-model. Neo white paper, Nov 2016. http://docs.neo.org/en-us/.

27

slide-37
SLIDE 37

Miner Incentive

  • Altruistic nodes
  • Could work for I2P. However...
  • Blockchain reliability should not lean on this
  • Monetary
  • Advantage: currency for users
  • Disadvantage: complicated blockchain construction
  • Reputation
  • Two birds, one stone
  • Incentive and measure of trustworthiness

28