This particular type of attack has been looked at before in several of the proposed protocol drafts and discussed in some of the security documents in this WG, so you can find a bit more there. You are correct, however, that it is a bit of a different attack from those common in client server approaches.
In the literature, there are several ways to protect against it, including signed registrations with expirations to prevent spoofed or expired registrations from being returned, and registration replication to protect against P simply saying there is no registration (I can ask someone else if I get a negative response to get a second opinion if the party really is in the system) David On Mon, Jun 1, 2009 at 12:34 PM, Tien Tuan Anh Dinh <[email protected]> wrote: > Hi all, > > I've just finished reading the draft > http://www.ietf.org/internet-drafts/draft-irtf-p2prg-rtc-security-01.txt > > It occurs to me that the following attack scenario might be possible: > > 1. Client A registers its location, storing a tuple of the form <id_a, > location_a, expiredtime> to a peer P in the DHT overlay (P also represents > all replica nodes storing the key id_a) > > 2. Client B searches for A's location, as a result contacts P. > > 3. P decides to not give B the latest A's location. It either sends a > out-of-date tuple regarding A's location or says that A is not in the > network. A has no way to know or enforce P to behave properly. > > It is a variation of the Denial of Service attack, in which the client A > could be made completely unreachable to the other clients. > > Assume the authenticity and integrity of all the tuples, would you say that > this is a probable attack? My main concern is what incentives of P in doing > this, especially in this P2P-SIP setting. I think this attack depends on the > incentives model that encourages clients to act as peers in the DHT overlay. > I would love to hear some reasonable explanation of why P would (and would > not) engage in this attack. > > Looking forwards to hear your comments. > > Anh. > > > > > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
