Dear All, Let's assume we build a standardised and open Peer-to-Peer network based on Chord, implemented with a secured DHT and NAT/Firewall mechanism (Turn / Stun). Any application, whether IM Tools, Voice over IP, Video over IP .... could use the network / DHT and its services (NAT traversal, ...) over specified interface and protocols.
First approaches were made with known filesharing tools (Gnutella, BitTorrent) or Voice over IP applications like Skype. Unfortunaltely these approaches aren't fully decentralised, not open source and lack on the known security issues. Filesharing applications try to overcome security issues like malicious nodes, authenticity of files with various trust and reputation systems. Some research papers seek to adopt these trust and reputation systems for Peer-to-Peer networks (TrustMe, ...) but in my opinion its is the wrong way. The known security issues for Chord and DHT based P2P networks are: - how to secure DHT entries against others (with PKI infrastructures and certificates, redundancies, peers should not be allowed to choose its place within the Chord ring) - how can certificates dispensed without a central authorisation system (entry points as the bootstrap could do that, but who tells me that this peer isn't a malicious node) - how to stop man in the middle attacks (distributed routing as solution) - how to intentify malicious nodes / applications to punish them (what about anonymity and privacy) - how to stop sybil attacks against specific nodes, services (anonymity and virtual IDs could be a solution, maybe an open and secured DHT with some super nodes (then who is super node, ...)) There are still a lot of open questions and I would like to know your thoughts, ideas and papers I should read how to find a suitable solution. I'm writing my diploma thesis about this topic and would like to find a solution. regards, M. Pierer -- "Feel free" – 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
