Jochen Dinger

Defending the Sybil attack in P2P networks: taxonomy, challenges, and a proposal for self-registration

The robustness of peer-to-peer (P2P) networks, in particular of DHT-based overlay networks, suffers significantly when a Sybil attack is performed. We tackle the issue of Sybil attacks from two sides. First, we clarify, analyze, and classify the P2P identifier assignment process. By clearly separating network participants from network nodes, two challenges of P2P networks under a Sybil attack become obvious: i) stability over time, and ii) identity differentiation. Second, as a starting point for a quantitative analysis of time-stability of P2P networks under Sybil attacks and under some assumptions with respect to identity differentiation, we propose an identity registration procedure called self-registration that makes use of the inherent distribution mechanisms of a P2P network.

Decentralized Bootstrapping of P2P Systems: A Practical View

So far, bootstrapping constitutes the only centralized task in otherwise decentralized peer-to-peer (P2P) systems. As a contribution to the development of generally applicable decentralized bootstrap mechanisms, in this paper we analyze two decentralized approaches from a practical point of view. We consider local host caches and random address probing for bootstrapping into the BitTorrent DHT as an example for a widely deployed P2P system. Based on the results of an extensive measurement study we show that local host caches allow rejoining the P2P system quickly after short times of disconnection, but are impracticable for infrequent or first-time users. Furthermore, random address probing is feasible using a direct Internet connection with high bandwidth, but is subject to practical issues raised by typical NAT routers and the distribution of ports used by BitTorrent clients. We propose two mechanisms for increasing the performance of random address probing: (1) probing multiple ports per host and (2) hash-based filter-resistant port selection, making distributed bootstrapping feasible even from a practical point of view.

Quantitative Analysis of the Sybil Attack and Effective Sybil Resistance in Peer-to-Peer Systems

Current peer-to-peer (P2P) systems are vulnerable to a variety of attacks due to the lack of a central authorization authority. The Sybil attack, i.e., the forging of multiple identities, is crucial as it can enable an attacker to control a substantial fraction or even the entire P2P system. However, the correlation between the resources available to an attacker and the resulting influence on the P2P system has yet not been studied in detail. The contributions of our paper are twofold: i) we present an approach for assessing the actual threats of Sybil attacks and ii) we propose a distributed approach to limit the impact of Sybil attacks effectively. Therefore, we conduct a thorough analysis of the Sybil attack w.r.t. the resource requirements to operate Sybil nodes and we investigate the quantitative influence of Sybil nodes on the overall system. Our study focuses on Kademlia, a very popular distributed hash table (DHT) which is for instance used in BitTorrent. We ran extensive Internet measurements within the BitTorrent DHT to determine the actual required resources to operate nodes. To evaluate the quantitative influence of Sybil nodes, we additionally conducted a comprehensive simulation study. The results show that upstream network bandwidth is the dominating factor concerning resources. Furthermore, we illustrate that small portions of Sybil nodes are tolerable in terms of global system stability. Finally, we propose a new approach called *RACING* to improve the resistance of DHTs against Sybil attacks. By establishing a new distributed identity registration procedure based on IP addresses, we are able to effectively limit the number of Sybil nodes.

FedWare: Middleware Services to Cope with Information Consistency in Federated Identity Management

Collaborations by the use of inter-organizational business processes can help companies to achieve a competitive edge over competing businesses. Typically, these collaborations require an efficient identity management (IdM) that ensures the authorized access to services in different security domains. The successful implementation of an IdM in distributed systems requires to cope with a diversity of systems and to manage the challenges of integration. While integration should not introduce an unnecessary degree of dependence and complexity, various IdM goals should be achieved by integration: in particular, collaboration-wide consistency of identity information. Due to its decentralized and modular design, a federated identity management (FIM) approach is a promising strategy in distributed systems. Our thesis is that the distributed character and heterogeneity of involved systems requires appropriate information-consistency mechanisms that go beyond what is offered by current FIM protocols and software in order to avoid inconsistencies in identity information. In this paper we identify causes leading to inconsistencies in FIM. We present requirements necessary to cope with the consistency issue and analyze research, FIM standards and protocols w.r.t. the stated requirements. An analysis showed that FIM does not consider the consistency issuesufficiently. However, we point out which parts can be used as building blocks to achieve information consistency. Therefore, we design a system – called FedWare – that combines identity-related middleware services with existing FIM technologies. To provide an efficient integration of systems, we reduce development effort by providing reusable services. By decoupling systems, e.g., via a publish/subscribe mechanism, we reduce operation effort.

A Consistency Model for Identity Information in Distributed Systems

In distributed IT systems, replication of information is commonly used to strengthen the fault tolerance on a technical level or the autonomy of an organization on a business level. In particular, information related to the identity of a user, which is used to authorize service access, is often replicated for these reasons. To ensure correct authorization decisions, replicas have to be kept consistent. However, an appropriate definition of “consistency” is required that takes into account the need for the following aspects: (i) semantic and causal relations between identity information, and (ii) temporal aspects with respect to an acceptable duration of the dissemination of occurring attribute changes. Both identity-information specifics and temporal aspects are not addressed sufficiently by existing consistency models. In this paper we introduce a consistency model for identity information in distributed systems named ID-consistency. ID-consistency is based on a formalization of identity information and considers semantic and causal relations as well as a so-called inconsistency window that denotes the time period between a change to information and the moment when the change is fully disseminated. Therefore, the model reveals the fundamental structure of an IdM system and helps in the design and analysis of corresponding dissemination middleware in distributed systems. We exemplarily show how to make use of the concept of ID-consistency to analyze and improve a real-world IdM system using CardSpace for demonstration purposes.

30. A Peer-to-Peer Framework for Electronic Markets

Markets – in their ideal form – naturally represent Peer-to-Peer (P2P) systems: market participants can be both client and server when exchanging offers, general messages, or goods. They can directly address each other, and interact in a decentralized and autonomous fashion. Most market implementations in history, however, were far from this ideal form.

Performance Evaluation of Identity and Access Management Systems in Federated Environments

Identity and access management (IAM) systems are used to assure authorized access to services in distributed environments. The architecture of IAM systems, in particular the arrangement of the involved components, has significant impact on performance and scalability of the overall system. Furthermore, factors like robustness and even privacy that are not related to performance have to be considered. Hence, systematic engineering of IAM systems demands for criteria and metrics to differentiate architectural approaches. The rise of service-oriented architectures and cross-organizational integration efforts in federations will additionally increase the importance of appropriate IAM systems in the future. While previous work focused on qualitative evaluation criteria, we extend these criteria by metrics to gain quantitative measures. The contribution of this paper is twofold: i) We propose a system model and corresponding metrics to evaluate different IAM system architectures on a quantitative basis. ii) We present a simulation-based performance evaluation study that shows the suitability of this system model.

User-Controlled Automated Identity Delegation

The growing number of IT services in distributed systems increases the need to allow users to keep track of which personal data is retained by which service. User-centric federated identity management (FIM) tackles this goal by enabling users to approve each data dissemination between the providers of identity-related information, so-called identity providers (IdPs), and the consumers of this information, the service providers. To prevent a single IdP from gaining a comprehensive set of user information, user-centric FIM motivates the use of multiple IdPs even though this distribution of responsibilities might result in information redundancy and therefore raises consistency issues. User-centric FIM systems do not cope with information consistency sufficiently, mainly because these systems require that each dissemination of user attributes is manually approved by the user. We propose an approach, named User-Controlled Automated Identity Delegation, that allows a controlled data dissemination based on an automated user approval by introducing an additional party called Identity Delegate. The Identity Delegate is designed in consideration of the following central ideas: (i) user centricity - all data dissemination is still under user control, (ii) privacy - the delegate cannot read or gather personal data, (iii) efficiency - the effort to integrate and operate the delegate within an existing FIM system is kept low. We cover the experience made with an implementation based on Windows CardSpace.

Simulative Analysis of Vehicle-to-X Communication considering Traffic Safety and Efficiency

Over the past several years, there has been significant interest and progress in using wireless communication technologies for vehicular environments in order to increase traffic safety and efficiency. Due to the fact that these systems are still under development and large-scale tests based on real hardware are difficult to manage, simulations are a widely-used and cost-efficient method to explore such scenarios. Furthermore, simulations provide a possibility to look at specific aspects individually and to identify major influencing effects out of a wide range of configurations. In this context, we use the HP XC4000 for an extensive and detailed sensitivity analysis in order to evaluate the robustness and performance of communication protocols as well as to capture the complex characteristics of such systems in terms of an empirical model.

Assessing identity and access management systems based on domain-specific performance evaluation

Identity and access management (IAM) systems are used to assure authorized access to services in distributed environments. The design decisions of IAM systems, in particular the arrangement of the involved components, have significant impact on performance, access control accuracy, and costs of the overall system. Hence, systematic engineering of IAM systems demands for criteria and metrics to differentiate architectural approaches. Therefore, we propose a system design framework for IAM that can be used to evaluate different design decisions in advance.