mitigating sybil attacks on the i2p network using
play

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP - PowerPoint PPT Presentation

Apr 09, 2023 •336 likes •720 views

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar & Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam Introduction I2P -

  1. Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar & Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam

  2. Introduction

  3. I2P - Invisible Internet Project Anonymous Communication Network (ACN), similar to TOR, but with a few differences. • Fully peer-to-peer • No exit nodes • Internal communication only • Designed for slightly different purposes (e.g. filesharing) • Garlic routing • Unidirectional tunnels 1

  4. Network Topology Figure 1: I2P network topology example 1 1 https://geti2p.net/_static/images/net.png 2

  5. netDb - Network DataBase • Used for looking up resources: RouterInfos and LeaseSets • Distributed across so-called FloodFill routers • Automatically selected based on performance (e.g. bandwidth) • Or manually enabled • Each FF router is responsible for a part of the network • Based on Kademlia-style metric to determine closeness • Hash of RouterIdentity + current date • Changes every day at midnight (UTC) • aka ”keyspace rotation” 3

  6. I2P - User-base Figure 2: Rough estimation of the average number of I2P nodes 4

  7. Sybil Attack Figure 3: Sybil by F. R. Schreiber 2 ”A case study of a woman diagnosed with dissociative identity disorder 3 ” 2 http://whenfallsthecoliseum.com/wp-content/uploads/sybil.jpg 3 https://en.wikipedia.org/wiki/Sybil_(Schreiber_book) 5

  8. Sybil Attacks Create a large number of pseudonymous identities in order to cripple the peer-to-peer system Its impact depends on: • how cheaply identities can be generated • accept inputs from untrusted entities • whether all entities treated identically 6

  9. Sybil Attack on I2P Figure 4: Partial keyspace Sybil attack example Attack is very feasible, even with limited resources [1] 7

  10. Research Question How can a Sybil attack on the I2P network be made infeasible? 8

  11. Methodology

  12. Methodology • Evaluate existing mitigation state on the network • Examine proposed solutions from previous research • Construct our own solution 9

  13. Evaluation

  14. Current State • Router election • Enough resources required to be considered • Currently, becoming FF router is not hard • Keyspace rotation • Router ID hashed with date to determine closeness • Possible to precompute identities • Blacklist • Block known bad IPs • Centralized (blogs, forums, etc.) • Quis custodiet ipsos custodes? 10

  15. Previous Research

  16. Previous Research: PoW Proof-of-Work (PoW) suggested by I2P contributors [2] • Using HashCash 4 • Finish PoW before creating router • However, • Difficulty of PoW hard to determine • Trivial for a reasonably powerful attacker 4 http://www.hashcash.org/ 11

  17. Previous Research: Reputation Age-based reputation suggested by Egger et al. [1] • The longer a router is active, the higher the reputation • Bootstrapping issue • New router has no age information on peers 12

  18. Our Contribution

  19. Goal • Make it harder to create successful Sybil nodes • Create tamper-proof platform • Traceability • Evaluate FF routers • Offer both preventative, proactive, and retroactive solutions 13

  20. Criteria Our solution should be: • Distributed • Public • Permissionless • Anonymous • Open-source 14

  21. Distributed ledger technologies - why blockchain Distributed ledger - decentralized database which is synced and consented upon by all participants of the network Figure 5: DLTs comparison summary 15

  22. Distributed ledger technologies - why blockchain Distributed ledger - decentralized database which is synced and consented upon by all participants of the network Figure 6: DLTs comparison summary 16

  23. Implementation

  24. General Concept • Keeping track of FF routers • Verify age • Determine trustworthiness of FF router • Use blockchain randomness for closeness metric 17

  25. Implementation • Proof-of-Work vs Proof-of-Stake • PoW: High computation power required to add block • PoS: nodes with more coins have a higher chance to add a block • Incentive for miners • Reputation • Nodes should make decisions individually • Who to trust? • Who not to trust? 18

  26. Proof-of-Stake • Miner chosen based on their wealth • Wealthier miners have a higher stake and are more likely to be trustworthy • No expensive hardware required • Virtually all nodes are able to join • More decentralized than PoW • In PoW, miners tend to pool together 19

  27. Individual Decisions Being able to make decision about trustworthiness of a router is important... • Be as decentralized as possible • Nodes can come up with own criteria • Strict criteria for the paranoid • Loose criteria for performance-minded 20

  28. Transaction types MinerTransaction Reward for the miner EnrollmentTransaction Enrollment as miner RouterUp Announcement of new FF router RouterDown FF router no longer responsive Table 1: Blockchain transactions [3] 21

  29. General Structure • First block should have all FF routers • Subsequent blocks update that list • Traverse chain to get router age Figure 7: Overview of blockchain 22

  30. Positive Externalities More advantages to blockchain... • Bootstrapping issue solved • Nonce provides non-deterministic hash for router closeness • Retroactively and proactively verify attacks • Check certain criteria • Individually verify attack likelihood 23

  31. Conclusion

  32. Conclusion A Sybil attack can be made less feasible by using blockchain • The age and reputation of Floodfill routers can be identified • Routers are able to build up reputation • FF routers need reputation before they can join • The Kademlia closeness metric can be made non-deterministic 24

  33. Future Work

  34. Future Work • Study privacy implications • Implementational details • Exact Proof-of-Stake algorithm used • Analysis of the network’s performance with blockchain • Practical analysis of other technologies • Explore other solutions blockchain could provide to I2P • Replace netDb • Provide payment platform 25

  35. Q&A Figure 8: Presentation Overview 26

  36. References Christoph Egger, Johannes Schlumberger, Christopher Kruegel, and Giovanni Vigna. Practical attacks against the i2p network. In International Workshop on Recent Advances in Intrusion Detection , pages 432–451. Springer, 2013. I2p’s threat model, 2010. https://geti2p.net/en/docs/how/threat-model. Neo white paper, Nov 2016. http://docs.neo.org/en-us/. 27

  37. Miner Incentive • Altruistic nodes • Could work for I2P. However... • Blockchain reliability should not lean on this • Monetary • Advantage: currency for users • Disadvantage: complicated blockchain construction • Reputation • Two birds, one stone • Incentive and measure of trustworthiness 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via Social Networks via Social Networks Intel Research Pittsburgh / CMU Haifeng Yu National University of Singapore Michael Kaminsky Intel Research

501 views • 22 slides
Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network Coding Based Systems Vahid N. Talooki, University of Aveiro, Portugal Network Coding (NC) allows intermediate nodes not only to store and forward

307 views • 4 slides
On Network formation, (Sybil attacks and Reputation systems) (Position Paper) George Danezis and

On Network formation, (Sybil attacks and Reputation systems) (Position Paper) George Danezis and

On Network formation, (Sybil attacks and Reputation systems) (Position Paper) George Danezis and Stefan Schiffner December 26, 2006 Abstract We propose a model of network formation in peer-to-peer networks, that allows us to observe their

325 views • 7 slides
Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Master Defense Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS) Presented by: Niclas Bewermeier Electrical and Computer December 14, 2018 Engineering Detecting Sybil Attacks using Proofs of

510 views • 49 slides
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky ,Phillip B. Gibbons, and Abraham Flaxman. Page 1 of 16 In procedings of the 2006 conference on Applications, technolo- gies,

318 views • 16 slides
Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen Hailes By XincenYu What is it about Propose a new decentralized defense for portable devices called MobID Every device manages two small

256 views • 24 slides
An analysis of Social Network-based Sybil defenses Bimal Viswanath Ansley Post Krishna

An analysis of Social Network-based Sybil defenses Bimal Viswanath Ansley Post Krishna

An analysis of Social Network-based Sybil defenses Bimal Viswanath Ansley Post Krishna Gummadi Alan Mislove MPI-SWS Northeastern University SIGCOMM 2010 1 Sybil attack Fundamental problem in distributed systems Attacker

519 views • 40 slides
Network Structure Grant Schoenebeck, Aaron Snook, Fang-Yi Yu Sybil Attack An attack to

Network Structure Grant Schoenebeck, Aaron Snook, Fang-Yi Yu Sybil Attack An attack to

Sybil Detection Using Latent Network Structure Grant Schoenebeck, Aaron Snook, Fang-Yi Yu Sybil Attack An attack to compromise a recommendation systems by forging identities. Recommendation System How is that restaurant? Bad Good Good

880 views • 29 slides
KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on

KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on

KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on Attacks (WAC), Santa Barbara, 18 August 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Channel validation 2

646 views • 51 slides
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu Li 1 , Shicheng Wang 1 , Chang Liu 1 , Ang Chen 2 , Hongxin Hu 3 , Guofei Gu 4 , Qi Li 1 , Mingwei Xu 1 , Jianping Wu 1 1 4 2 3 DDoS Attacks are

480 views • 23 slides
Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &

836 views • 45 slides
Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020 Eurocrypt Rump Session, May 13th, Living Room Proximity Tracing . . . 8GD45AF3 8GD45AF3 . . . 8GD45AF3 Proximity Tracing . . . 8GD45AF3 8GD45AF3

223 views • 19 slides
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath , Haitao Zheng, Ben Y. Zhao University of Chicago, *UC Santa Barbara, Virginia Tech

770 views • 17 slides
A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen, Enes Gkta (joint first author) (VU) Moritz Contag, Andre Pawlowski, Thorsten Holz (RUB) Xi Chen, Sanjay Rawat, Herbert Bos, Elias Athanasopoulos,

587 views • 26 slides
Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Measuring and Mitigating AS-level Adversaries Against Tor Oleksii Adva Phillipa Michael Starov

Measuring and Mitigating AS-level Adversaries Against Tor Oleksii Adva Phillipa Michael Starov

Measuring and Mitigating AS-level Adversaries Against Tor Oleksii Adva Phillipa Michael Starov Zair Gill Schapira Rishab Nithyanand Network-level Traffic Correlation Attacks Internet rou,ng is asymmetric. Source -> Entry != Entry

591 views • 11 slides
Alberta Federation of Agriculture Presentation to Standing Committee on Agriculture and Agri

Alberta Federation of Agriculture Presentation to Standing Committee on Agriculture and Agri

Alberta Federation of Agriculture Presentation to Standing Committee on Agriculture and Agri Food February 12, 2014; Taber, Alberta Hello. My name is Lynn Jacobson and I am the President of the Alberta Federation of Agriculture. I farm in

340 views • 6 slides
The Poverty and Inequality Commission Annual Public Meeting Presentation on Income from the

The Poverty and Inequality Commission Annual Public Meeting Presentation on Income from the

The Poverty and Inequality Commission Annual Public Meeting Presentation on Income from the Poverty Truth Commission Elaine Downie, Community Development Worker - Introductions The Poverty Truth Commission is a collection of people with very

190 views • 4 slides
Investor Update March 2018 Forward-looking Statements / Regulation G This presentation may

Investor Update March 2018 Forward-looking Statements / Regulation G This presentation may

Investor Update March 2018 Forward-looking Statements / Regulation G This presentation may contain statements that are "forward-looking statements" within the meaning of the safe harbor provisions of the U.S. Private Securities

540 views • 50 slides
and Maintenance Presented by: Randy L. Daviadoff Director Regional & National Accounts

and Maintenance Presented by: Randy L. Daviadoff Director Regional & National Accounts

10/13/2011 Pallet Rack Safety and Maintenance Presented by: Randy L. Daviadoff Director Regional & National Accounts Frazier Industrial Company Why the Sudden Interest? More collapses occurring today Taller systems Increased

424 views • 30 slides
Integrated System Plan: Preliminary modelling outcomes workshop 10 October 2019 Workshop

Integrated System Plan: Preliminary modelling outcomes workshop 10 October 2019 Workshop

Integrated System Plan: Preliminary modelling outcomes workshop 10 October 2019 Workshop Welcome & Overview 35 min Agenda Context for developing the Integrated System Plan Purpose and approach for today's workshop Overview of

1.17k views • 77 slides
To: Company Announcements Office LEVEL 9 600 ST KILDA ROAD From: Francesca Lee MELBOURNE

To: Company Announcements Office LEVEL 9 600 ST KILDA ROAD From: Francesca Lee MELBOURNE

To: Company Announcements Office LEVEL 9 600 ST KILDA ROAD From: Francesca Lee MELBOURNE VICTORIA 3004 Date: 15 February 2016 AUSTRALIA PO BOX 6213 Subject: Half Year Financial Results Market Release ST KILDA ROAD CENTRAL MELBOURNE

632 views • 50 slides
Presentation in Vienna October 10 2016. My name is Mika Jrnelius and I work as a police officer

Presentation in Vienna October 10 2016. My name is Mika Jrnelius and I work as a police officer

Presentation in Vienna October 10 2016. My name is Mika Jrnelius and I work as a police officer in Sweden and I am here to represent Swedish Narcotic Officers Association. SNOA. Within the board of the SNOA, we have a total of 430 years

396 views • 3 slides
APRIL 2017 Advancing Two High Potential Gold & Silver Projects in Canada BBB : TSX VENTURE

APRIL 2017 Advancing Two High Potential Gold & Silver Projects in Canada BBB : TSX VENTURE

Corporate Presentation APRIL 2017 Advancing Two High Potential Gold & Silver Projects in Canada BBB : TSX VENTURE OTCMKTS: BXTMF 1 SAFE HARBOUR STATEMENT Information set forth in this

701 views • 27 slides

More recommend