The Community for Technology Leaders
RSS Icon
Issue No.12 - December (2009 vol.20)
pp: 1803-1815
Kevin R.B. Butler , Pennsylvania State University, University Park
Sunam Ryu , Defense Security Command, South Korea
Patrick Traynor , Georgia Institute of Technology, Atlanta
Patrick D. McDaniel , Pennsylvania State University, University Park
Structured peer-to-peer (P2P) systems have grown enormously because of their scalability, efficiency, and reliability. These systems assign a unique identifier to each user and object. However, current assignment schemes allow an adversary to carefully select user IDs and/or simultaneously obtain many pseudo-identities—ultimately leading to an ability to disrupt the P2P system in very targeted and dangerous ways. In this paper, we propose novel ID assignment protocols based on identity-based cryptography. This approach permits the acquisition of node IDs to be tightly regulated without many of the complexities and costs associated with traditional certificate solutions. We broadly consider the security requirements of ID assignment and present three protocols representing distinct threat and trust models. A detailed empirical study of the protocols is given. Our analysis shows that the cost of our identity-based protocols is nominal, and that the associated identity services can scale to millions of users using a limited number of servers.
Network protocols, peer-to-peer, distributed systems, cryptographic controls.
Kevin R.B. Butler, Sunam Ryu, Patrick Traynor, Patrick D. McDaniel, "Leveraging Identity-Based Cryptography for Node ID Assignment in Structured P2P Systems", IEEE Transactions on Parallel & Distributed Systems, vol.20, no. 12, pp. 1803-1815, December 2009, doi:10.1109/TPDS.2008.249
[1] D. Pappalardo and E. Messmer, Extortion via DDoS on the Rise, tion.html , May 2005.
[2] J. Douceur, “The Sybil Attack,” Proc. First Int'l Workshop Peer-to-Peer Systems (IPTPS '02), Mar. 2002.
[3] B. Levine, C. Shields, and N. Margolin, A Survey of Solutions to the Sybil Attack. Univ. of Massachusetts Amherst, 2006.
[4] C. Ellison and B. Schneier, “Ten Risks of PKI: What You're Not Being Told about Public Key Infrastructure,” Computer Security J., vol. 16, no. 1, 2000.
[5] S.A. Baset and H. Schulzrinne, “An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol,” Proc. IEEE INFOCOM '06, Apr. 2006.
[6] I. Stoica, R. Morris, D. Karger, M.F. Kaashoek, and H. Balakrishnan, “Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications,” Proc. ACM SIGCOMM '01, pp. 149-160, 2001.
[7] A. Rowstron and P. Druschel, “Pastry: Scalable, Distributed Object Location and Routing for Large-Scale Peer-to-Peer Systems,” Proc.18th IFIP/ACM Int'l Conf. Distributed Systems Platforms (Middleware '01), pp. 329-350, 2001.
[8] B.Y. Zhao et al., “Tapestry: A Resilient Global-Scale Overlay for Service Deployment,” IEEE J. Selected Areas in Comm., vol. 22, no. 1, pp. 41-53, 2004.
[9] S. Ratnasamy, P. Francis, M. Handley, and R. Karp, “A Scalable Content-Addressable Network,” Proc. ACM SIGCOMM '01, pp.161-172, 2001.
[10] M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. Wallach, “Secure Routing for Structured Peer-to-Peer Overlay Networks,” Proc. Symp. Operating Systems Design and Implementation (OSDI'02), Dec. 2002.
[11] A. Singh, M. Castro, P. Druschel, and A. Rowstron, “Defending against Eclipse Attacks on Overlay Networks,” Proc. ACM SIGOPS European Workshop, 2004.
[12] D.S. Wallach, “A Survey of Peer-to-Peer Security Issues,” Proc. Second Int'l Symp. Steel Structures (ISSS '02), pp. 42-57, 2002.
[13] D. Boneh and M.K. Franklin, “Identity-Based Encryption from the Weil Pairing,” Proc. 21st Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '01), pp. 213-229, 2001.
[14] C. Cocks, “An Identity Based Encryption Scheme Based on Quadratic Residues,” Proc. Eighth IMA Int'l Conf. Cryptography and Coding, pp. 360-363, 2001.
[15] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” Proc. Advances in Cryptology (CRYPTO '84), pp. 47-53, 1984.
[16] D. Boneh, X. Boyen, and E.J. Goh, “Hierarchical Identity Based Encryption with Constant Size Ciphertext,” Proc. Advances in Cryptology (Eurocrypt '05), pp. 440-456, 2005.
[17] C. Gentry and A. Silberberg, “Hierarchical ID-Based Cryptography,” Proc. Eighth Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (Asiacrypt '02), pp.548-566, 2002.
[18] J. Horwitz and B. Lynn, “Towards Hierarchical Identity-Based Encryption,” Proc. Eighth Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (Asiacrypt'02), pp. 466-481, 2002.
[19] W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976.
[20] T. Dierks and C. Allen, The TLS Protocol Version 1.0, RFC 2246, Jan. 1999.
[21] B. Lynn, PBC Library,, 2007.
[22] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, “Secure Attribute-Based Systems,” Proc. 13th ACM Conf. Computer and Comm. Security (CCS '06), Nov. 2006.
[23] J.C. Cha and J.H. Cheon, “An Identity-Based Signature from Gap Diffie-Hellman Groups,” Proc. Sixth Int'l Workshop Theory and Practice in Public Key Cryptography (PKC '03), Jan. 2003.
[24] S. Ryu, K. Butler, P. Traynor, and P. McDaniel, “Leveraging Identity-Based Cryptography for Node ID Assignment in Structured P2P Systems,” Proc. IEEE Int'l Symp. Security in Networks and Distributed Systems (SSNDS), 2007.
[25] M. Bellare and P. Rogaway, “Random Oracles are Practical: A Paradigm for Designing Efficient Protocols,” Proc. First ACM Conf. Computer and Comm. Security (CCS '93), pp. 62-73, 1993.
[26] R. Canetti, O. Goldreich, and S. Halevi, “The Random Oracle Methodology, Revisited,” (Preliminary Version), Proc. ACM Symp. Theory of Computing (STOC '98), pp. 209-218, 1998.
[27] M. Srivatsa and L. Liu, “Vulnerabilities and Security Threats in Structured Overlay Networks: A Quantitative Analysis,” Proc. Ann. Computer Security Applications Conf. (ACSAC), 2004.
[28] S. Rhea, D. Geels, T. Roscoe, and J. Kubiatowicz, “Handling Churn in a DHT,” Proc. USENIX Ann. Technical Conf., June 2004.
[29] D. Stutzbach and R. Rejaie, “Understanding Churn in Peer-to-Peer Networks,” Proc. ACM Internet Measurement Conf., Oct. 2006.
[30] T. Kerins, W. Marnane, E. Popovici, and P. Barreto, “Hardware Accelerators for Pairing Based Cryptosystems,” IEE Proc. Information Security, vol. 152, pp. 47-56, Oct. 2005.
[31] J. Chu, K. Labonte, and B.N. Levine, “Availability and Locality Measurements of Peer-to-Peer File Systems,” Proc. SPIE ITCom: Scalability and Traffic Control in IP Networks, vol. 4868, July 2002.
[32] L. Chen, K. Harrison, N. Smart, and D. Soldera, “Applications of Multiple Trust Authorities in Pairing Based Cryptosystems,” Proc. Infrastructure Security Conf. (InfraSec '02), pp. 260-275, 2002.
[33] P. McDaniel and A. Rubin, “A Response to “Can We Eliminate Certificate Revocation Lists?”,” Proc. Financial Cryptography Conf. (FC '00), Int'l Financial Cryptography Assoc. (IFCA), Feb. 2000.
[34] R.L. Rivest and B. Lampson, “SDSI—A Simple Distributed Security Infrastructure,” Proc. Int'l Cryptology Conf. (CRYPTO'96), Rump Session, 1996.
[35] N. Daswani and H. Garcia-Molina, “Query-Flood DoS Attacks in Gnutella,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), pp. 181-192, 2002.
[36] H. Rowaihy, W. Enck, P. McDaniel, and T. La Porta, “Limiting Sybil Attacks in Structured Peer-to-Peer Networks,” Proc. IEEE INFOCOM '07, May 2007.
[37] Tor: Anonymity Online, Electronic Freedom Foundation, http:/, 2007.
[38] J.H. Saltzer, D.P. Reed, and D.D. Clark, “End-to-End Arguments in System Design,” IEEE Trans. Computer Systems, vol. 2, no. 4, pp.277-288, Nov. 1984.
[39] J. Rosenberg, J. Weinberger, C. Huitema, and R. Mahy, STUN— Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators (NATs), RFC 3489, 2003.
[40] E. Damiani, S.D.C. di Vimercati, S. Paraboschi, P. Samarati, and F. Violante, “A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), Nov. 2002.
[41] N. Borisov, “Computational Puzzles as Sybil Defenses,” Peer-to-Peer Computing, pp. 171-176, 2006.
[42] H. Yu, M. Kaminsky, P.B. Gibbons, and A. Flaxman, “SybilGuard: Defending against Sybil Attacks via Social Networks,” Proc. ACM SIGCOMM '06, Aug. 2006.
[43] H. Yu, M. Kaminsky, P.B. Gibbons, and A. Flaxman, “SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks,” Proc. IEEE Symp. Security and Privacy, May 2008.
[44] C. Lesniewski-Laas, “A Sybil-Proof One-Hop DHT,” Proc. Workshop Social Network Systems, Apr. 2008.
3 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool