Bernd Prünster,Alexander Marsalek,Thomas Zefferer

DOI: https://doi.org/10.48550/arXiv.2011.00874

2020-11-02

Abstract:Peer-to-peer networks are an attractive alternative to classical client-server architectures in several fields of application such as voice-over-IP telephony and file sharing. Recently, a new peer-to-peer solution called the InterPlanetary File System (IPFS) has attracted attention, which promises to re-decentralise the Web. Being increasingly used as a stand-alone application, IPFS has also emerged as the technical backbone of various other decentralised solutions and was even used to evade censorship. Decentralised applications serving millions of users rely on IPFS as one of their crucial building blocks. This popularity makes IPFS attractive for large-scale attacks. We have identified a conceptual issue in one of IPFS's core libraries and demonstrate their exploitation by means of a successful end-to-end attack. We evaluated this attack against the IPFS reference implementation on the public IPFS network, which is used by the average user to share and consume IPFS content. Results obtained from mounting this attack on live IPFS nodes show that arbitrary IPFS nodes can be eclipsed, i.e. isolated from the network, with moderate effort and limited resources. Compared to similar works, we show that our attack scales linearly even beyond current network sizes and can disrupt the entire public IPFS network with alarmingly low effort. The vulnerability set described in this paper has been assigned CVE-2020-10937. Responsible disclosure procedures are currently being carried out and have led to mitigations being deployed, with additional fixes to be rolled out in future releases.

Cryptography and Security

Srivatsan Sridhar,Onur Ascigil,Navin Keizer,François Genon,Sébastien Pierre,Yiannis Psaras,Etienne Rivière,Michał Król

2023-12-05

Abstract:The InterPlanetary File System (IPFS) is currently the largest decentralized storage solution in operation, with thousands of active participants and millions of daily content transfers. IPFS is used as remote data storage for numerous blockchain-based smart contracts, Non-Fungible Tokens (NFT), and decentralized applications. We present a content censorship attack that can be executed with minimal effort and cost, and that prevents the retrieval of any chosen content in the IPFS network. The attack exploits a conceptual issue in a core component of IPFS, the Kademlia Distributed Hash Table (DHT), which is used to resolve content IDs to peer addresses. We provide efficient detection and mitigation mechanisms for this vulnerability. Our mechanisms achieve a 99.6\% detection rate and mitigate 100\% of the detected attacks with minimal signaling and computational overhead. We followed responsible disclosure procedures, and our countermeasures are scheduled for deployment in the future versions of IPFS.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Javaid, Nadeem

DOI: https://doi.org/10.1007/s11276-023-03648-3

IF: 2.701

2024-02-09

Wireless Networks

Abstract:The presence of the malicious internet of things (IoT) devices in wireless sensor networks (WSNs), in the underlying work, is identified using a private blockchain and interplanetary file system (IPFS) based system. In the proposed model, the registration of IoT devices is being done via the IoT device manager. After registration, the IoT devices send a request to get services from the IoT device manager. At this stage, authentication is performed through a machine learning technique, known as logitboost (LB), which helps in identifying the IoT devices as malicious or legitimate. A verification report is forwarded to the IoT device manager upon detection. If the IoT device is found to be acting maliciously, it is penalized and vice versa. Thus, ensuring the IoT device manager provides the required service only to the legitimate IoT device. The data used in the proposed work is taken from the WSN dataset (WSN-DS), which is balanced via the synthetic minority oversampling technique. Additionally, the miner nodes' verification is performed via verifiable byzantine fault tolerance (VBFT). Also, IPFS is used to store the transaction data being shared between the IoT devices. The simulation results show that VBFT surpasses the proof of authority consensus mechanism by 15–20% in terms of transaction throughput. Furthermore, the LB classifier is found to surpass decision tree, nearest centroid, quadratic discriminant analysis and weighted average ensemble by 2%, 24%, 71%, 5% in terms of accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Juan Benet

DOI: https://doi.org/10.48550/arXiv.1407.3561

2014-07-14

Abstract:The InterPlanetary File System (IPFS) is a peer-to-peer distributed file system that seeks to connect all computing devices with the same system of files. In some ways, IPFS is similar to the Web, but IPFS could be seen as a single BitTorrent swarm, exchanging objects within one Git repository. In other words, IPFS provides a high throughput content-addressed block storage model, with content-addressed hyper links. This forms a generalized Merkle DAG, a data structure upon which one can build versioned file systems, blockchains, and even a Permanent Web. IPFS combines a distributed hashtable, an incentivized block exchange, and a self-certifying namespace. IPFS has no single point of failure, and nodes do not need to trust each other.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Jiajie Shen,Yi Li,Yangfan Zhou,Xin Wang

DOI: https://doi.org/10.1145/3326285.3329052

2019-01-01

Abstract:IPFS has surged into popularity in recent years. It organizes user data as multiple objects where users can obtain the objects according to their Content IDentifiers (CIDs). As a storage system, it is of great importance to understand its data I/O performance. But existing work still lacks such a comprehensive study. In this work, we deploy an IPFS storage system with geographically-distributed storage nodes on Amazon EC2. We then conduct extensive experiments to evaluate the performance of data I/O operations from a client's perspective. We find that the access patterns of I/O operations (e.g., request size) severely affect the I/O performance, since IPFS typically uses multiple I/O strategies to perform different I/O requests. Moreover, for the read operations, IPFS requires to resolve remote nodes and downloading objects via the internet. Our experimental study reveals that both resolving and downloading operations can become bottlenecks. Our results can shed light to optimizing IPFS in avoiding high-latency I/O operations.

Ruibin Zeng,Jiali You,Yang Li,Rui Han

DOI: https://doi.org/10.3390/fi14050122

2022-04-19

Future Internet

Abstract:The Interplanetary File System (IPFS), a new type of P2P file system, enables people to obtain data from other peer nodes in a distributed system without the need to establish a connection with a distant server. However, IPFS suffers from low resolution efficiency and duplicate data delivery, resulting in poor system availability. The new Information-Centric Networking (ICN), on the other hand, applies the features of name resolution service and caching to achieve fast location and delivery of content. Therefore, there is a potential to optimize the availability of IPFS systems from the network layer. In this paper, we propose an ICN-based IPFS high-availability architecture, called IBIHA, which introduces enhanced nodes and information tables to manage data delivery based on the original IPFS network, and uses the algorithm of selecting high-impact nodes from the entitled network (PwRank) as the basis for deploying enhanced nodes in the network, thus achieving the effect of optimizing IPFS availability. The experimental results show that this architecture outperforms the IPFS network in terms of improving node resolution efficiency, reducing network redundant packets, and improving the rational utilization of network link resources.

Zhenni Liu,Yong Sun,Zhao Li,Jiangyi Yin,Qingyun Liu

DOI: https://doi.org/10.1007/978-3-031-63759-9_6

2024-01-01

Abstract:With the depletion of IPv4 address resources, the prevalence of IPv4 address leasing services by hosting providers has surged. These services allow users to rent IP blocks, offering an affordable and flexible solution compared to traditional IP address allocation. Unfortunately, this convenience has led to an increase in abuse, with illegal users renting IP blocks to host malicious content such as phishing sites and spam services. To mitigate the issue of IP abuse, some research focuses on individual IP identification for point-wise blacklisting. However, this approach leads to a game of whack-a-mole, where blacklisted IPs become transient due to content migration within the IP block. Other studies take a block perspective, recognizing and classifying IP blocks. This enables the discovery of potentially malicious IPs within the block, effectively countering service migration issues. However, existing IP block identification methods face challenges as they rely on specific WHOIS fields, which are sometimes not updated in real-time, leading to inaccuracies. In terms of classification, methods rely on limited statistical features, overlooking vital relationships between IP blocks, making them susceptible to evasion. To address these challenges, we propose BlockFinder, a two-stage framework. The first stage leverages the temporal and spatial stability of services to identify blocks of varying sizes. In the second stage, we introduce an innovative IP block classification model that integrates global node and local subgraph representations to comprehensively learn the graph structure, thereby enhancing evasion difficulty. Experimental results show that our approach achieves state-of-the-art performance.

Erik Daniel,Florian Tschorsch

DOI: https://doi.org/10.48550/arXiv.2102.12737

2022-01-18

Abstract:Decentralized, distributed storage offers a way to reduce the impact of data silos as often fostered by centralized cloud storage. While the intentions of this trend are not new, the topic gained traction due to technological advancements, most notably blockchain networks. As a consequence, we observe that a new generation of peer-to-peer data networks emerges. In this survey paper, we therefore provide a technical overview of the next generation data networks. We use select data networks to introduce general concepts and to emphasize new developments. Specifically, we provide a deeper outline of the Interplanetary File System and a general overview of Swarm, the Hypercore Protocol, SAFE, Storj, and Arweave. We identify common building blocks and provide a qualitative comparison. From the overview, we derive future challenges and research goals concerning data networks.

Networking and Internet Architecture

Xu CAO,Yi-jun WANG,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.09.024

2017-01-01

Abstract:Compared with the well-known Internet, the darknet, for its anonymity and complexity is even wider in its space. I2P is one of the main tools in access to darknets. It is of great significance to understand the size and use of I2P and thus explore the entire space resources of the dark network. Based on the description of I2P fundamentals, the problems of I2P in collecting domains are analyzed, and the four collecting mechanisms proposed. The 7-day testing results indicate that as compared with other darknet access tools such as Tor and Freenet, I2P has less usage, smaller access groups, and lower domain-name availability.

Scott Seidenberger,Anindya Maiti

2024-11-22

Abstract:We hypothesize that peer-to-peer (P2P) overlay network nodes can be attractive to attackers due to their visibility, sustained uptime, and resource potential. Towards validating this hypothesis, we investigate the state of active reconnaissance attacks on Ethereum P2P network nodes by deploying a series of honeypots alongside actual Ethereum nodes across globally distributed vantage points. We find that Ethereum nodes experience not only increased attacks, but also specific types of attacks targeting particular ports and services. Furthermore, we find evidence that the threat assessment on our nodes is applicable to the wider P2P network by having performed port scans on other reachable peers. Our findings provide insights into potential mitigation strategies to improve the security of the P2P networking layer.

Cryptography and Security,Networking and Internet Architecture

Yongle Chen,Hui Li,Kejiao Li,Jiyang Zhang

DOI: https://doi.org/10.1109/bigdata.2017.8258226

2017-01-01

Abstract:IPFS [1] is a peer-to-peer version controlled filesystem that synthesizes learnings from many previous successful systems. IPFS combines a distributed Hash table, an incentivized block exchange, and a self-certifying namespace [1]. IPFS is a peer-to-peer hypermedia protocol to make the web faster, safer, and more open. According to the characteristics of IPFS, we propose an improved P2P file system scheme based on IPFS and Blockchain. We address the high-throughput problem for individual users in IPFS by introducing the role of content service providers. Consider data reliability and availability, storage overhead and other issues for service providers, we provide a novel zigzag-based storage model to improve the block storage model that IPFS provides. Moreover, we introduce blockchain to combine IPFS with this storage model. According to analysis, this proposed scheme can effectively solve the above problems.

Marcin Nawrocki,Thomas C. Schmidt,Matthias Wählisch,Matthias Wahlisch

DOI: https://doi.org/10.1109/noms47738.2020.9110256

2020-04-01

Abstract:Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure, but also the Internet ecosystem (e.g., DRDoS attacks). In this paper, we uncover unprotected inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. This traffic analysis is correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We provide an in-depth view on Internet-wide ICS communication. Our results can be used (i) to create precise filters for potentially harmful non-industrial ICS traffic, and (ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks.

Miti Mazmudar,Shannon Veitch,Rasoul Akhavan Mahdavi

2024-11-26

Abstract:The InterPlanetary File System (IPFS) is a peer-to-peer network for storing data in a distributed file system, hosting over 190,000 peers spanning 152 countries. Despite its prominence, the privacy properties that IPFS offers to peers are severely limited. Any query within the network leaks the queried content to other peers. We address IPFS' privacy leakage across three functionalities (peer routing, provider advertisements, and content retrieval), ultimately empowering peers to privately navigate and retrieve content in the network. Our work highlights and addresses novel challenges inherent to integrating PIR into distributed systems. We present our new, private protocols and demonstrate that they incur reasonably low communication and computation overheads. We also provide a systematic comparison of state-of-art PIR protocols in the context of distributed systems.

Cryptography and Security

Khaled Alanezi,Shivakant Mishra

DOI: https://doi.org/10.1109/jsyst.2024.3403500

IF: 4.802

2024-06-21

IEEE Systems Journal

Abstract:Modern Internet of Things (IoT) environments with thousands of low-end and diverse IoT nodes with complex interactions among them and often deployed in remote and/or wild locations present some unique challenges that make traditional node compromise detection services less effective. This article presents the design, implementation, and evaluation of a fog-based architecture that utilizes the concept of a digital twin to detect compromised IoT nodes exhibiting malicious behaviors by either producing erroneous data and/or being used to launch network intrusion attacks to hijack other nodes eventually causing service disruption. By defining a digital twin of an IoT infrastructure at a fog server, the architecture is focused on monitoring relevant information to save energy and storage space. This article presents a prototype implementation for the architecture utilizing malicious behavior datasets to perform misbehaving node classification. An extensive accuracy and system performance evaluation was conducted based on this prototype. Results show good accuracy and negligible overhead especially when employing deep learning techniques, such as multilayer perceptron.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

João Tiago,David Dias,Luís Veiga

DOI: https://doi.org/10.48550/arXiv.2207.06341

2022-07-14

Abstract:The InterPlanetary File System (IPFS) is an hyper-media distribution protocol, addressed by content and identities. It aims to make the web faster, safer, and more open. The JavaScript implementation of IPFS runs on the browser, benefiting from the mass adoption potential that it yields. Startrail takes advantage of the IPFS ecosystem and strives to further evolve it, making it more scalable and performant through the implementation of an adaptive network caching mechanism. Our solution aims to add resilience to IPFS and improve its overall scalability, by avoiding overloading the nodes providing highly popular content, particularly during flash-crowd-like conditions where popularity and demand grow suddenly. We add a novel crucial key component to enable an IPFS-based decentralized Content Distribution Network (CDN). Following a peer-to-peer architecture, it runs on a scalable, highly available network of untrusted nodes that distribute immutable and authenticated objects which are cached progressively towards the sources of requests.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Feng Xiao,Jianwei Huang,Yichang Xiong,Guangliang Yang,Hong Hu,Guofei Gu,Wenke Lee

2021-01-01

Abstract:Nowadays, Node.js has been widely used in the development of server-side and desktop programs (e.g., Skype), with its cross-platform and high-performance execution environment of JavaScript. In past years, it has been reported other dynamic programming languages (e.g., PHP and Ruby) are unsafe on sharing objects. However, this security risk is not well studied and understood in JavaScript and Node.js programs. In this paper, we fill the gap by conducting the first systematic study on the communication process between client- and server-side code in Node.js programs. We extensively identify several new vulnerabilities in popular Node.js programs. To demonstrate their security implications, we design and develop a novel feasible attack, named hidden property abusing (HPA). Our further analysis shows HPA attacks are subtly different from existing findings regarding exploitation and attack effects. Through HPA attacks, a remote web attacker may obtain dangerous abilities, such as stealing confidential data, bypassing security checks, and launching DoS (Denial of Service) attacks. To help Node.js developers vet their programs against HPA, we design a novel vulnerability detection and verification tool, named LYNX, that utilizes hybrid program analysis to automatically reveal HPA vulnerabilities and even synthesize exploits. We apply LYNX on a set of widely-used Node.js programs and identify 15 previously unknown vulnerabilities. We have reported all of our findings to the Node.js community. 10 of them have been assigned with CVE, and 8 of them are rated as "Critical" or "High" severity. This indicates HPA attacks can cause serious security threats.

Jie Chen,Ai-dong Xu,Hong Wen,Wen-jie Liu,Yi-xin Jiang,Peng Li,Yu-shan Li

DOI: https://doi.org/10.12783/dteees/icepe2019/28962

2019-01-01

DEStech Transactions on Environment Energy and Earth Science

Abstract:The edge computing performs data processing at the proximity of data collecting nodes, which makes the edge computing devices also face a series of malicious attacking, such as clone node attack, Sybil node attack and so on. However, such malicious attacks are hard to identify by the traditional security measures because the illegal nodes capture the keys of the legal nodes. In order to solve the above problems, a channel information approached malicious node recognition method based on intelligent algorithm for the edge computing is proposed. The novel algorithm is feasible and the recognition accuracy meets the requirements.

Anirban Banerjee,Michalis Faloutsos,Laxmi Bhuyan

DOI: https://doi.org/10.1007/978-3-540-72606-7_94

2007-01-01

Abstract:In an effort to prosecute P2P users, RIAA and MPAA have reportedly started to create decoy users: they participate in P2P networks in order to identify illegal sharing of content. This has reportedly scared some users who are afraid of being caught. The question we attempt to answer is how prevalent is this phenomenon: how likely is it that a user will run into such a “fake user” and thus run the risk of a lawsuit? The first challenge is identifying these “fake users”. We collect this information from a number of free open source software projects which are trying to identify such IP address ranges by forming the so-called blocklists. The second challenge is running a large scale experiment in order to obtain reliable and diverse statistics. Using Planetlab, we conduct active measurements, spanning a period of 90 days, from January to March 2006, spread over 3 continents. Analyzing over a 100 GB of TCP header data, we quantify the probability of a P2P user of being contacted by such entities. We observe that 100% of our nodes run into entities in these lists. In fact, 12 to 17% of all distinct IPs contacted by any node were listed on blocklists. Interestingly, a little caution can have significant effect: the top five most prevalent blocklisted IP ranges contribute to nearly 94% of all blocklisted IPs and avoiding these can reduce the probability of encountering blocklisted IPs to about 1%. In addition, we examine other factors that affect the probability of encountering blocklisted IPs, such as the geographical location of the users. Finally, we find another surprising result: less than 0.5% of all unique blocklisted IPs contacted are owned explicitly by media companies.

Yang Liu,Zhiyuan Lin,Yuxi Zhang,Lin Jiang,Xuan Wang

DOI: https://doi.org/10.32604/cmes.2023.030468

2024-01-01

Abstract:Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smart contracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connection mechanism, whereas an efficient data-sharing protocol constitutes as the bedrock of Blockchain network security. In this paper, we propose NodeHunter, an Ethereum network detector implemented through the application of simulation technology, which is capable of aggregating all node records within the network and the interconnectedness between them. Utilizing this connection information, NodeHunter can procure more comprehensive insights for network status analysis compared to preceding detection methodologies. Throughout a three-month period of unbroken surveillance of the Ethereum network, we obtained an excess of two million node records along with over one hundred million node acquaintances. Analysis of the gathered data revealed that an alarming 49% or more of these node records were maliciously forged.

Fu Cai,Tang Fugui,Cui Yongquan,Liu Ming,Peng Bing

DOI: https://doi.org/10.1109/ispa.2009.45

2009-01-01

Abstract:P2P Networks are self-organized and distributed. Efficient nodes risk assessment is one of the key factors for high quality resource exchanging. Most assessment methods based on trust or reputation have some remarkable drawbacks. For example, some methods impose too many restrictions to the samples, and many methods can’t identify the malicious recommendations, which result in that the final results are not convincible and credible. To solve these problems, we propose a novel risk assessment method based on grey theory. In our scheme, the communication nodes’ incomplete information state is described as several key attributes. Original data of these attributes is collected using taste concourse method to avoid malicious recommendation. The analysis and computing example shows this scheme is an efficient incomplete information nodes risk assessment method in P2P networks