On Wednesday 06 February 2008 21:16, Michael Rogers wrote: > Matthew Toseland wrote: > > The other problem with swapping - which may also be a fatal flaw, and may be > > another variant of the same bug - is that an attacker can send bogus swap > > requests, which can be catastrophic. > > Currently an attacker can wait until it sees the other node's location > and peer-locations, then reply with a location and peer-locations that > will persuade the other node to swap, right? > > I wonder if we can work out a way for the two swapping nodes to commit > to their locations and peer-locations without revealing them until the > swap has been agreed? (For example by sending the hash of the list > instead of the list?)
We already do this. > > An attacker could still abort the swap after agreeing, but at least it > would have to pick locations by trial and error instead of choosing them > after seeing those of the other node. And the limit on the number of > swap requests per link would limit the amount of trial and error... Well... you want to guarantee a swap by making A (the current product of the differences) greater than B (the product of the differences if we do the swap). You can do this by making A bigger or making B smaller. Here's what the Routing in the Dark paper says: "Suppose an attacker node A intends to force a swap with a victim N so that L(N) = m afterwards. Let N have k neighbors. Then A will initiate a swap request with N claiming to have at least k + 1 neighbors with locations favoring a swap according to Equation (1). Specifically, the locations of the neighbors should be either close to L(N) or close to the maximum distance from L(A) = m. The attacker then creates swap requests in accordance with the Freenet protocol. Again, the F2F topology prevents the neighbor involved in the swap from checking the validity of this information. After the swap, the attack node can again assume the original location m and continue to try to swap with its other neighbors whose locations are still random." I presume that the latter tactic would be best, since we don't know the node's location: send a swap request with our location set to m, and all our peers at (m + 0.5) modulo 1.0. > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080206/a2282bca/attachment.pgp>
