1 / 10

Address Settlement by Peer to Peer (ASP)

Address Settlement by Peer to Peer (ASP). Jonathan Rosenberg Cullen Jennings Eric Rescorla. Key Ideas. Security Framework NAT Traversal Extensibility Usage Models Pluggable DHT Forwarding Layer Multiple P2P Networks. Security Framework. Two types of threats Storage

zia
Download Presentation

Address Settlement by Peer to Peer (ASP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla

  2. Key Ideas • Security Framework • NAT Traversal • Extensibility • Usage Models • Pluggable DHT • Forwarding Layer • Multiple P2P Networks

  3. Security Framework • Two types of threats • Storage • Attackers discard, modify, or alter data • Attackers fill up the network with data • Attackers overwrite data from other users • Routing • Attackers discard messages • Attackers misroute messages

  4. Storage Security • Authorization • Each locus/type pair is bound to a set of certificates valid for writing to that pair • Binding is defined by the usage • Distributed Quota • Defined by usage • Correctness • Integrity protection via signature • Timestamps for replay attacks

  5. Routing Security • Central Enrollment Server • Peer ID selected by enrollment server • Help mitigate Eclipse • Rate limiting at enrollment server • Help mitigate Sybil • Public/Private keys selected by UA, only public key disclosed to server • All direct connections Mutual TLS authed

  6. CONNECT method used to establish transport layer connections for ASP itself SIP Other things CONNECT and its response implement ICE ICE usage defined in some detail Peers can act as STUN and TURN servers Central STUN server used during bootstap Users use central stun to guess at whether they are natted or not If they can act as STUN or TURN, write into one of N different seeds, defined by size of DHT and density of STUN/TURN servers NAT Traversal

  7. Extensibility • New attributes and commands • BGP-style treatment fields (mustUnderstand, mustReflect) for attributes • Upgrading DHT entirely • Run parallel rings • Synchronize complete switchover through enrollment server over period of months

  8. Usage Model • Each usage defines a set of types • Each type defines • Data structure (single value, set, dictionary, etc.) • Access controls • Size limits • How to form seed • Merging rules • SIP Usage (AOR to contact mappin) • Certificate Usage • STUN Usage • TURN Usage

  9. Forwarding Layer • Binary protocol • Requests can be forward based on routing header only • Label stacks • For responses: Via stack containing list of locally meaningful connection identifiers • For requests: Anonymity

  10. Label Stacks: Responses 3b 4b 2b 5b 1a 3a 3c 4a 4c 2a 2c 5a 1b 1 2 3 4 5 Dst: PeerID: 5 PeerID: 5 PeerID: 5 PeerID: 5 Request Src: Cxn: 4a PeerID: 1 Cxn: 2a Cxn: 3a Cxn: 3a PeerID: 1 Cxn: 2a Cxn: 2a PeerID: 1 PeerID: 1 PeerID: 1 Cxn: 2a Cxn: 3a Cxn: 4a PeerID: 1 Cxn: 2a Cxn: 3a Dst: Response PeerID: 1 Cxn: 2a Src: PeerID: 1

More Related