Skip to main content
SpringerLink
Log in

Decentralized certification scheme for secure admission in on-the-fly peer-to-peer systems

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Several alternative schemes have been presented in the literature to try to solve the users’ admission problem in P2P systems when it is not possible to include a logically centralized authority (either online or offline) in the system. However, most of them are not suitable for on-the-fly P2P systems and the most typical ones (IP based, shared secret and threshold cryptography) have several security and performance drawbacks. From the deficiencies of the existing schemes, in this paper we present a new decentralized certification scheme for on-the-fly P2P systems which is based on the recently published Internet Attribute Certificate Profile for Authorization. Our proposal greatly improves the security and flexibility of IP based and shared secret schemes with no infrastructure cost and with a minimal performance charge. Also, it achieves a similar level of security than threshold cryptography while highly reducing its computational and communicational cost. All these facts position our certification proposal as a users’ admission alternative for on-the-fly P2P systems in non very hostile environments where performance and security are key factors.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. We understand as non very hostile the scenarios where administrators cannot be compromised, as discussed in Section 4.1.

  2. Unless the attacker has access to the range of addresses assigned to a university or a large company.

  3. The continuous process of users arrival and departure.

  4. In case administrators want to share private information by leaving it encrypted in a well known location of the system.

  5. In the case of the presented PKCs, and for simplicity reasons, only the most representative fields for our proposal are described; being valid any PKC compliant with the standard profile described in [36].

  6. DCLs are described in Section 3.5.

  7. It could be also possible to automatize this process based on the number of users of the system and choosing the candidates from a web of trust model or a social network. However, that possibility is out of the initial scope of this paper.

  8. Even with a single device available, like a laptop, a user may use virtualization to simulate several devices and include them in the network.

  9. The costs required for protecting each protocol message are not taken into account because they vary with the specific secure protocol used.

  10. Using the OpenSSL (version 0.9.8g) speed test in an Ubuntu 10.04 (lucid) 64-bits with kernel Linux 2.6.32-25 running over an Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz with 4GB of RAM.

References

  1. Jennings C, Lowekamp B, Rescorla E, Baset S, Schulzrinne H (2010) Internet-draft: REsource LOcation And Discovery (RELOAD) base protocol, -draft-ietf-p2psip-base-12 (work in progress)

  2. Baset SA, Schulzrinne H (2006) An analysis of the skype peer-to-peer internet telephony protocol. In: Proceedings of the 25th IEEE international conference on computer communications. IEEE Computer Society, Washington, DC, USA, pp 1–11

    Chapter  Google Scholar 

  3. Douceur JR (2002) The Sybil attack. In: Revised papers from the first international workshop on peer-to-peer systems, IPTPS ’02. Springer-Verlag, London, UK, pp 251–260

    Google Scholar 

  4. Bryan DA, Lowekamp BB, Jennings C (2005) SOSIMPLE: a serverless, standards-based, P2P SIP communication system. In: Proceedings of the first international workshop on advanced architectures and algorithms for internet delivery and applications. IEEE Computer Society, Washington, DC, USA, pp 42–49

    Chapter  Google Scholar 

  5. Merkle RC (1978) Secure communications over insecure channels. Commun ACM 21:294–299

    Article  Google Scholar 

  6. von Ahn L, Blum M, Hopper N, Langford J (2000) The official CAPTCHA site. http://www.captcha.net/

  7. Zimmermann PR (1995) The official PGP user’s guide. MIT Press, Cambridge, MA

    Google Scholar 

  8. Desmedt Y, Frankel Y (1989) Threshold cryptosystems. In: Proceedings of the 9th annual international cryptology conference on advances in cryptology, CRYPTO’89. Springer-Verlag, London, UK, pp 307–315

    Google Scholar 

  9. Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) SybilGuard: defending against Sybil attacks via social networks. SIGCOMM Comput Commun Rev 36:267–278

    Article  Google Scholar 

  10. Condie T, Kacholia V, Sankararaman S, Maniatis P, Hellerstein JM (2005) Maelstrom: churn as shelter. Tech. Rep. UCB/EECS-2005-11, University of California Berkeley

  11. Shamir A (1985) Identity-based cryptosystems and signature schemes. In: Proceedings of CRYPTO 84 on advances in cryptology. Springer-Verlag New York, Inc., New York, NY, USA, pp 47–53

    Google Scholar 

  12. Farrell S, Housley R, Turner S (2010) An internet attribute certificate profile for authorization, RFC 5755 (standard). http://www.ietf.org/rfc/rfc5755.txt

  13. Cerri D, Ghioni A, Paraboschi S, Tiraboschi S (2005) ID mapping attacks in P2P networks. In: IEEE global telecommunications conference, GLOBECOM’05, vol 3

  14. Suárez Touceda D., Sierra J.M., Izquierdo A., Schulzrinne H. (2011) Survey of attacks and defenses on P2PSIP Communications. Communications Surveys and Tutorials, IEEE. doi:10.1109/SURV.2011.060711.00152

  15. Information Technology Laboratory (2008) NIST, Gaithersburg, USA, FIPS 180-3. Secure Hash Standard

  16. Stoica I, Morris R, Karger D, Kaashoek, MF, Balakrishnan H (2001) Chord: a scalable peer-to-peer lookup service for internet applications. In: Proceedings of the 2001 conference on applications, technologies, architectures, and protocols for computer communications, SIGCOMM ’01. ACM, New York, NY, USA, pp 149–160

    Chapter  Google Scholar 

  17. Castro M, Druschel P, Ganesh A, Rowstron A, Wallach DS (2002) Secure routing for structured peer-to-peer overlay networks. In: Proceedings of the 5th symposium on operating systems design and implementation, OSDI ’02. ACM, New York, NY, USA, pp 299–314

    Chapter  Google Scholar 

  18. Bryan D, Lowekamp B, Zangrilli M (2008) The design of a versatile, secure P2PSIP communications architecture for the public internet. In: IEEE international symposium on parallel and distributed processing, IPDPS. IEEE Computer Society, Washington, DC, USA, pp 1–8

    Google Scholar 

  19. Borisov N (2006) Computational puzzles as sybil defenses. In: Proceedings of the sixth IEEE international conference on peer-to-peer computing, P2P ’06. IEEE Computer Society, Washington, DC, USA, pp 171–176

    Chapter  Google Scholar 

  20. Zhou L, Haas ZJ (1999) Securing ad hoc networks. IEEE Netw 13(6):24–30

    Article  Google Scholar 

  21. Kong J, Zerfos P, Luo H, Lu S, Zhang L (2001) Providing robust and ubiquitous security support for mobile ad hoc networks. In: Proceedings of the ninth international conference on network protocols, ICNP ’01. IEEE Computer Society, Washington, DC, USA

    Google Scholar 

  22. Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613

    Article  MathSciNet  MATH  Google Scholar 

  23. Pedersen TP (1991) A threshold cryptosystem without a trusted party. In: Proceedings of the 10th annual international conference on theory and application of cryptographic techniques, EUROCRYPT’91. Springer-Verlag, Berlin, Heidelberg, pp 522–526

    Google Scholar 

  24. Saxena N, Tsudik G, Yi JH (2007) Threshold cryptography in P2P and MANETs: the case of access control. Comput Networks 51(12):3632–3649

    Article  MATH  Google Scholar 

  25. Merwe JVD, Dawoud D, McDonald S (2007) A survey on peer-to-peer key management for mobile ad hoc networks. ACM Comput Surv 39(1):1–45

    Google Scholar 

  26. Yu H, Gibbons PB, Kaminsky M, Xiao F (2008) Sybillimit: a near-optimal social network defense against sybil attacks. In: Proceedings of the 2008 IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC, USA, pp 3–17

    Google Scholar 

  27. Danezis G, Mittal P (2009) SybilInfer: detecting sybil nodes using social networks. In: 16th annual network & distributed system security symposium, NDSS’09. The Internet Society

  28. Eronen P, Tschofenig H (2005) Pre-shared key ciphersuites for transport layer security (TLS). RFC 4279 (proposed standard). http://www.ietf.org/rfc/rfc4279.txt

  29. Taylor D, Wu T, Mavrogiannopoulos N, Perrin T (2007) Using the Secure Remote Password (SRP) protocol for TLS authentication, RFC 5054 (informational). http://www.ietf.org/rfc/rfc5054.txt

  30. Dierks T, Rescorla E (2005) The transport layer security (TLS) protocol version 1.2. RFC 5246 (proposed standard). http://www.ietf.org/rfc/rfc5246.txt

  31. Rescorla E, Modadugu N (2006) Datagram transport layer security. RFC 4347 (proposed standard). http://www.ietf.org/rfc/rfc4347.txt

  32. Scheideler C (2005) How to spread adversarial nodes?: rotate! In: Proceedings of the thirty-seventh annual ACM symposium on theory of computing, STOC ’05. ACM, New York, NY, USA, pp 704–713

    Chapter  Google Scholar 

  33. Butler KRB, Ryu S, Traynor P, McDaniel PD (2009) Leveraging identity-based cryptography for node ID assignment in structured P2P systems. IEEE Trans Parallel Distrib Syst 20(12):1803–1815

    Article  Google Scholar 

  34. James N, Shi E, Song D, Perrig A (2004) The sybil attack in sensor networks: analysis & defenses. In: Proceedings of the 3rd international symposium on iformation processing in sensor networks, IPSN ’04. ACM, New York, NY, USA, pp 259–268

    Google Scholar 

  35. ITU (2005) ITU-T recommendation X.509: the directory: public key and attribute certificate frameworks. Tech. rep. ITU

  36. Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Polk W (2008) Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280 (proposed standard). http://www.ietf.org/rfc/rfc5280.txt

  37. Dinger J, Waldhorst OP (2009) Decentralized bootstrapping of P2P systems: a practical view. In: Proceedings of the 8th international IFIP-TC 6 networking conference, Networking ’09. Springer-Verlag, Heidelberg, Germany, pp 703–715

    Google Scholar 

  38. Cramer C, Kutzner K, Fuhrmann T (2004) Bootstrapping locality-aware P2P networks. In: Proceedings of the 12th IEEE international conference on networks. ICON 2004, vol 1, pp 357–361

  39. Gennaro R, Jarecki S, Krawczyk H, Rabin T (1996) Robust threshold DSS signatures. In: Proceedings of the 15th annual international conference on theory and application of cryptographic techniques, EUROCRYPT’96. Springer-Verlag, Berlin, Heidelberg, pp 354–371

    Google Scholar 

  40. Gennaro R, Jarecki S, Krawczyk H, Rabin T (2007) Secure distributed key generation for discrete-log based cryptosystems. J Cryptol 20(1):51–83. doi:10.1007/s00145-006-0347-3

    Article  MathSciNet  MATH  Google Scholar 

  41. Blum T, Paar C (1999) Montgomery modular exponentiation on reconfigurable hardware. In: 14th IEEE symposium on computer arithmetic, ARITH-14. IEEE Computer Society, Washington, DC, USA, pp 70–77

    Chapter  Google Scholar 

  42. NIST Information Technology Laboratory (2009) FIPS 186-3: Digital Signature Standard (DSS). NIST, Gaithersburg, USA

  43. Schoof R (2008) Four primality testing algorithms. Algorithmic Number Theory 44:101–126

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Evalues - IT Security Evaluation, Parque Leganés Tecnológico, Avda. Gregorio Peces Barba 1, 28918, Leganés (Madrid), Spain

    Diego Suárez Touceda

  2. Computer Science Department, Universidad Carlos III de Madrid, Avda. de la Universidad 30, 28911, Leganés (Madrid), Spain

    José M. Sierra Cámara

  3. Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), 08034, Barcelona, Spain

    Miguel Soriano

  4. Centre Tecnolgic de Telecomunicacions de Catalunya (CTTC), 08860, Castelldefels (Barcelona), Spain

    Miguel Soriano

Authors
  1. Diego Suárez Touceda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. José M. Sierra Cámara
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Miguel Soriano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Diego Suárez Touceda.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Suárez Touceda, D., Sierra Cámara, J.M. & Soriano, M. Decentralized certification scheme for secure admission in on-the-fly peer-to-peer systems. Peer-to-Peer Netw. Appl. 5, 105–124 (2012). https://doi.org/10.1007/s12083-011-0113-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-011-0113-7

Keywords

Search

Navigation