On 2012-07-17 8:48 AM, nir izraeli wrote:
"spam" in the sense of extra unwanted "tags"? I can't see how this can't already be done with current DHT implementations. one who can add "tags" could also add "files" spam.
One thousand people trying to take over other people's computers issue one thousand trojans Each of them then issues ten million search terms to point to his trojan, for a total of ten billion tags. (That is roughly the problem faced by the Pirate Bay)
so you only want to store, search, and process tags coming from trusted sources, and store and access files tagged by trusted sources, in which case identifying automatically and rapidly identifying a sufficiently large number of entities as trusted for the system to be useful becomes a problem.
the single flaw i can see in regard to spam is if an attacker will create many tags for a single file, shadowing other files with its presence. however, with many different tags I think it's safe to assume a big portion of them will never (or rarely) be searched, thus killed quite fast.
Attacker wants people to download his file, so will issue tags with commonly searched terms.
one could also add a "vouching" mechanism where other (random) peers may cast a vote whether the file is either unknown, malicious or good. that will complicate the network a bit but will allow the "neutral selection" process that either-way occurs in a more rapid way.
Sybil attack. Voting never works. You need to select the virtuous and wise voters.
obviously all of what I've said is vulnerable to the same weakness family all current DHTs are vulnerable to - taking control of a big percentage of the p2p network will allow an adversary to manipulate it to his advantage.
That is OK if the only way to take control of a big proportion of the p2p network is to provide a big proportion of the useful services. The problem is that the attacker may be able to manufacture millions of sybils at very low cost.
To prevent the sybil attack, to prevent the attacker from creating very large numbers of sybils at low cost, it must be costly to create sybils. For it to be costly to create an identity allowed to contribute to the reputation system, that identity first needs to provide significant services to those already entitled to contribute to the reputation system before it is allowed to contribute to the reputation system.
_______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
