[p2p-hackers] aMule/eMule's solution for Sybil Attack

netbsd netbsd8 at gmail.com
Tue Aug 26 22:49:28 EDT 2008


On Tue, Aug 26, 2008 at 11:27 AM, Thibault Cholez
<thibault.cholez at loria.fr>wrote:

>
> Yes, you are right. The eclipse attack is far more difficult with the
> new version of the clients and now has to be "distributed" (involving
> several public IP addresses). Unfortunately, the eclipse attack does not
> need much resource (something like 10 IP addresses is sufficient) as
> long as the KADID can be chosen freely and the malicious nodes placed
> very close to the target. May be a correction for a future version, they
> are in the right way :-) .



>
> regards,
>
> Thibault


The paper "Exploiting KAD: Possible Uses and Misuses" shows the same results
for Eclipsing Content Attack, but after thinking about the Kademlia
algorithm for searching content, I doubt that "all search requests for key K
will terminate on one of the eight sybils",   just consider how the authors
could guarantee to poison all regular peers routing table before these nodes
look for special key K, and another  question is how the authors got the
results from the  P2P system having millions of node.


Sincerely,

-Yunzhao

>
>
>
>
> netbsd a écrit :
> > Thanks for the reply. I just wonder whether Eclipse Attack remains
> > possible for aMule/eMule, because Eclipse Attack also need to dominate
> > correct node's neighbor set, and aMule/eMule give a very strict rule
> > for contact adding. it means firstly the attacker has to master large
> > resources (different IP etc.) for benefits.
> >
> > sincerely,
> >
> > -Yunzhao
> >
> > On Tue, Aug 26, 2008 at 3:09 AM, Thibault Cholez
> > <thibault.cholez at loria.fr <mailto:thibault.cholez at loria.fr>> wrote:
> >
> >     netbsd a écrit :
> >     > Does anyone notices that the current version of eMule/aMule Using
> >     > Kademlia may mitigate the Sybil Attack!
> >     > The rules for adding new contacts:
> >     >
> >
> ===============================================================================
> >     > ------ From aMule 2.2.1/eMule0.49a
> >     >
> >     >     * Kad will now enforce certain limits when adding new
> >     contacts to
> >     >       the routing table: No more than 1 KadNode per IP, 2 similar
> >     >       KadNodes (same bin) from a /24 network and at a maximum 10
> >     >       different KadNodes from a /24 network are allowed. This is
> >     >       supposed to make routing attacks against Kad more
> >     difficult and
> >     >       resource-intensive.
> >     >
> >             - Looking at the code, eMule 0.49a also implements a packet
> >     tracking and a flood protection mechanism that help mitigate the
> Sybil
> >     Attack.
> >
> >     > ------ From aMule 2.2.2/eMule0.49b
> >     >
> >     >     * Kad now ignores multiple IDs pointing to one IP in routing
> >     >       request answer
> >     >     * Kad contacts will only be able to update themself in others
> >     >       routing tables if they provide the proper key (supported by
> >     >       0.49a+ nodes) in order to make it impossible to hijack them
> >     >     * Kad uses now a three-way-handshake (or for older version a
> >     >       similar check) for new contacts, making sure they do not use
> a
> >     >       spoofed IP
> >     >     * Unverified contacts are not used for routing table
> >     >
> >     >
> >
> =====================================================================================
> >     >
> >     > Any ideas?
> >     >
> >
> >     In fact, I have many ideas on these mechanisms because I am currently
> >     studying them in my thesis.
> >
> >     My first results show a great improvement of the Sybil Attack
> defence,
> >     even if eclipse attacks remain  possible.
> >
> >     I think that this kind of "common-sense" protection is the minimum
> >     that
> >     every P2P network should have, unless being totally unaware of the
> >     Sybil
> >     Attack problem... Before these very last versions, KAD was really
> >     unprotected and very easily and badly hurt with a Sybil Attack
> >     (see the
> >     very good paper from Steiner: Exploiting KAD: possible uses and
> >     misuses
> >     http://ccr.sigcomm.org/online/files/p65-steiner.pdf ).
> >
> >     Regards,
> >
> >     Thibault
> >
> >     > -Yunzhao
> >     >
> >
> ------------------------------------------------------------------------
> >     >
> >     > _______________________________________________
> >     > p2p-hackers mailing list
> >     > p2p-hackers at lists.zooko.com <mailto:p2p-hackers at lists.zooko.com>
> >     > http://lists.zooko.com/mailman/listinfo/p2p-hackers
> >     >
> >
> >     _______________________________________________
> >     p2p-hackers mailing list
> >     p2p-hackers at lists.zooko.com <mailto:p2p-hackers at lists.zooko.com>
> >     http://lists.zooko.com/mailman/listinfo/p2p-hackers
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > p2p-hackers mailing list
> > p2p-hackers at lists.zooko.com
> > http://lists.zooko.com/mailman/listinfo/p2p-hackers
> >
>
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at lists.zooko.com
> http://lists.zooko.com/mailman/listinfo/p2p-hackers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.zooko.com/pipermail/p2p-hackers/attachments/20080826/1669ec7a/attachment-0001.htm 


More information about the p2p-hackers mailing list