In case frequent re-joins are exploited in order malicious peers to
obtain a sort of global knowledge of the topology, this means that the
Enrollment and Authentication processes need to be shielded accordingly.
The security enhancements we propose aim at putting barriers to
malicious activities after peers have joined the overlay. As the
security credentials included in the public key certificates can be used
to provide communications security for RELOAD messages (as stated in
RELOAD I-Ds) we proposed specific rules to define security provisioning.
Refreshment of credentials comes to mitigate the effects when any of
these credentials is retrieved by an attacker.
Our view is that the current security features of P2PSIP are inadequate
for highly secure applications. I will partially agree with you that the
already defined mechanisms can offer sufficient security at a reasonable
cost (in terms of complexity) for every-day applications.
As for the certificates storage, we chose certificates to be stored in
the overlay in conformance with the general principle that usually peers
do not store data that refer to them. But allowing a peer to store its
own certificates is also an option. I don' t see any possible threat in
that and I agree.
Konstantinos Birkos
University of Patras
Xiaofeng Qiu wrote:
Most threats do originate from peers. A malicious node can do little
damage without joining overlay.
However, any peer will know certain part of topology in its finger
table. By purposely rejoin the overlay with a different ID, A
malicious peer can get more knowledge of the whole network. Encryption
will do little help to this. Instead, security of enrollment and ID
assignment is more important.
As to refreshment of certification, as long as the peer will not keep
on online for years, refresh the key pair when the peer login is
secure enough considering security of the typical algorithm such as
RSA. Skype do in this way.
Another suggestion, why not just let the peers store their own
certificaitons. So others need not to search for receiver's
certification in the overlay.
xiaofeng Qiu
MINE Lab, BUPT
2010/3/5 Konstantinos Birkos <kmpirkos at ece.upatras.gr
<mailto:kmpirkos%20at%20ece.upatras.gr>>
Dear Xiaofeng Qiu,
Indeed, if protection against eavesdropping from inside the
overlay is not an issue, encryption by means of public/private key
pairs is unnecessary. However, eavesdropping is only one of the
numerous threats a peer-to-peer overlay may face. Overlay routing
attacks and attacks on the structure of the overlay depend on the
exploitation of knowledge regarding the logical topology. This
knowledge is easily gained via the unprotected messages exchanged
in P2PSIP. The interesting part is that in p2p networks, many
challenging threats originate from peers that are already members
of the overlay. Of course, the security levels P2PSIP should
provide is up to the WG. Our motivation stems from the fact that
P2PSIP may be used in communication scenarios with strict security
constraints (for example communication between authorities).
What is your opinion about the refreshment of the peers' certificates?
Konstantinos Birkos
University of Patras
--
Konstantinos Birkos
PhD Student
Wireless Telecommunication Laboratory
Department of Electrical and Computer Engineering
University of Patras
Patras, Greece
Tel.: +30 2610 996465
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
