Copyright © 2008 The Institute of Electronics, Information and Communication Engineers
Regular Section -- Papers -- Application Information Security |
Random Visitor: Defense against Identity Attacks in P2P Networks*
1 The authors are with the Electronics and Telecommunications Research Institute (ETRI), Daejeon 305–700, Korea. E-mail: gjb{at}etri.re.kr, 2 The author is with the faculty of Chung-Ang University, Seoul 156–756, Korea.
 |
Abstract |
|---|
Various advantages of cooperative peer-to-peer networks are strongly counterbalanced by the open nature of a distributed, serverless network. In such networks, it is relatively easy for an attacker to launch various attacks such as misrouting, corrupting, or dropping messages as a result of a successful identifier forgery. The impact of an identifier forgery is particularly severe because the whole network can be compromised by attacks such as Sybil or Eclipse. In this paper, we present an identifier authentication mechanism called random visitor, which uses one or more randomly selected peers as delegates of identity proof. Our scheme uses identity-based cryptography and identity ownership proof mechanisms collectively to create multiple, cryptographically protected indirect bindings between two peers, instantly when needed, through the delegates. Because of these bindings, an attacker cannot achieve an identifier forgery related attack against interacting peers without breaking the bindings. Therefore, our mechanism limits the possibility of identifier forgery attacks efficiently by disabling an attacker's ability to break the binding. The design rationale and framework details are presented. A security analysis shows that our scheme is strong enough against identifier related attacks and that the strength increases if there are many peers (more than several thousand) in the network.
Key Words: peer-to-peer, overlay network, security, identifier authentication, random visitor, identity-based cryptography
Manuscript received April 9, 2007. Manuscript revised October 18, 2007.
* Preliminary version of this work was presented at WISA 2006. This research was partly supported by the MIC (Ministry of Information and Communication), Korea, under the HNRC – ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Assessment), the Chung-Ang University Excellent Researcher Grant in 2007, and the IT R&D program of MIC/IITA [2005-S-090-03, Development of P2P Network Security Technology based on Wired/Wireless IPv6 Network].