Overlay networks are inherently insecure because they are required to
facilitate the cooperation of mutually distrusting nodes. Further, these
nodes are required to cooperate while being motivated by conflicting
interests. By definition of the peer-to-peer structure, there exists few
constructs to enforce correct handling of messages. A malicious or corrupted
node may mis-route packets, drop information, assume the identity of another
node or even delete content. Many of the security issues here stem from the
lack of defined roles in a peer-to-peer system. It is foolish to believe
that a network of equals can sufficiently self govern.
Castro et al. argue that secure routing can be obtained in P2P overlays by
providing constructs for secure assignment of node identifiers, securing
routing table maintenance and by securing the message forwarding operation.
While the argument presented in this paper is clear, and a good outline of
current security issues is defined, the suggested solutions seem obvious and
inelegant. For example, including certificate authorities for node
identifier assignment is not a very imaginative solution. Rather, this seems
like the default solution - there is nothing novel here. Similarly, routing
multiple copies of data on failure does not seem desirable in system
architecture. In fact, the authors admit that the routing failure test can
be defeated.
Perhaps a better study would have been to define a certificate authority
model where public key infrastructure is used both elegantly and efficiently
in an overlay network. A solution that provides data integrity,
confidentiality and service guarantees encapsulated in a PKI may have been a
more worth while study.
Received on Thu Nov 17 2005 - 02:57:50 EST
This archive was generated by hypermail 2.2.0 : Thu Nov 17 2005 - 09:00:55 EST