[Cryptography] Implementations, attacks on DHTs, Mix Nets?

Ralph Holz ralph-cryptometzger at ralphholz.de
Mon Aug 26 04:56:19 EDT 2013 

Hi,

>> Can you rephrase whether you want info about DHT systems that are
>> related to some kind of mix system (e.g. GNUnet), or whether you
>> simply want to know about common DHT systems. If the latter, what
>> kind of attacks are you after? Eclipse?
> 
> My knowledge of the field is pretty spotty in general as I've never
> paid much attention up until now -- mostly I know about how people
> have built DHTs in non-hostile environments. I'm close enough to
> starting from scratch that I don't know yet what I don't know.

OK, so I'll just add to what's been written so far.

* Most DHTs are indeed intended for a non-hostile environment and allow
users to freely place information in the DHT. This means that data items
can be easily eclipsed from the network by abusing the DHT's principle
of storing an item on the node with the ID that is closest to the item's
own ID. Most concepts support replica.

* The only DHT type that really has seen wide deployment seems to be
Kademlia, most notably in aMule/eMule and some bot networks. Steiner et
al. showed by example that Eclipse attacks against data items are easy
("Conducting and optimizing Eclipse attacks in the Kad P2P network").

* The aMule developers reacted to that attack by restricting routing
tables. Kohen/Leske et al. showed that this can be easily circumvented
by introducing chains of attackers that cooperate in a particular
fashion to redirect queries and let Kad run into a timeout.

* We have been active in Kad research for a little while, too. We found
that while Eclipse attacks against data items are easy, they are much
much harder against active nodes. I.e. Kad is designed to keep
long-running nodes as long in the routing tables as possible, and to
spread this knowledge widely in the network. This makes it very hard for
an attacker to reroute traffic intended for a victim. However, given a
very strong attacker (1000s of nodes), this should become possible
again. It is one of the disruptive DoS methods.

* The most interesting work that I know of is GNUnet: www.gnunet.org.
They employ a DHT called R5N that combines recursive Kad-style routing
with an initial random walk to evade the above attacker. GNUnet's
problem is that there are not enough developers to get the network to a
reasonable size, but the underlying technology is interesting. GNUnet
also has a SDSI/SPKI-style DNS replacement called GADS. Christian
Grothoff is the main developer and also at TUM (that's how I know him) -
he recently gave a talk on PRISM and GNUnet:

https://www.gnunet.org/internetistschuld

There is a host of older literature, too - P2P research, however, has
become a cold topic. Although I expect that it will see a revival in the
face of surveillance.

Ralph

-- 
Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
Phone +49.89.289.18043
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF

More information about the cryptography mailing list