Alen Peacock wrote:
There are defenses against targetted key attacks (in addition to the old contacts preference). For example, make each node choose its own Ku/Kr pair before joining, with nodeID = H(Ku). A node would have to 'prove' its identity before any of its operations or results are accepted (through challenge/response or signatures). Under such a scheme, an adversary could still spawn millions of sybil identities, but it wouldn't be able to choose a specific ID space to target.
If I understand your suggestion correctly, the attacker could generate keypairs offline until it found a suitable keypair, then join the network.
Herbivore's entry control protocol [1] mitigates this attack by assigning nodeID = H(Ku||y) where y must be a partial hash collision with Ku and must also contain the current date. It takes a lot of CPU time to find a suitable hash collision and you don't get to find out your node's ID until you've done so, so targetting a particular ID becomes very expensive. Unfortunately the date requirement forces all nodes to search for new partial hash collisions periodically, so the CPU requirements have to be kept reasonable, and it's probably safe to assume that the attacker is willing to donate more CPU time to the problem than innocent nodes. So the protocol limits the Sybil attack rather than eliminating it.
Cheers, Michael [1] http://www.cs.cornell.edu/People/egs/papers/herbivore-tr.pdf _______________________________________________ p2p-hackers mailing list p2p-hackers@zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
