Biblio

Network adversaries, such as malicious transit autonomous systems (ASes), have been shown to be capable of partitioning the Bitcoin's peer-to-peer network via routing-level attacks; e.g., a network adversary exploits a BGP vulnerability and performs a prefix hijacking attack (viz. Apostolaki et al. [3]). Due to the nature of BGP operation, such a hijacking is globally observable and thus enables immediate detection of the attack and the identification of the perpetrator. In this paper, we present a stealthier attack, which we call the EREBUS attack, that partitions the Bitcoin network without any routing manipulations, which makes the attack undetectable to control-plane and even to data-plane detectors. The novel aspect of EREBUS is that it makes the adversary AS a natural man-in-the-middle network of all the peer connections of one or more targeted Bitcoin nodes by patiently influencing the targeted nodes' peering decision. We show that affecting the peering decision of a Bitcoin node, which is believed to be infeasible after a series of bug patches against the earlier Eclipse attack [29], is possible for the network adversary that can use abundant network address resources (e.g., spoofing millions of IP addresses in many other ASes) reliably for an extended period of time at a negligible cost. The EREBUS attack is readily available for large ASes, such as Tier-1 and large Tier-2 ASes, against the vast majority of 10K public Bitcoin nodes with only about 520 bit/s of attack traffic rate per targeted Bitcoin node and a modest (e.g., 5-6 weeks) attack execution period. The EREBUS attack can be mounted by nation-state adversaries who would be willing to execute sophisticated attack strategies patiently to compromise cryptocurrencies (e.g., control the consensus, take down a cryptocurrency, censor transactions). As the attack exploits the topological advantage of being a network adversary but not the specific vulnerabilities of Bitcoin core, no quick patches seem to be available. We discuss that some naive solutions (e.g., whitelisting, rate-limiting) are ineffective and third-party proxy solutions may worsen the Bitcoin's centralization problem. We provide some suggested modifications to the Bitcoin core and show that they effectively make the EREBUS attack significantly harder; yet, their non-trivial changes to the Bitcoin's network operation (e.g., peering dynamics, propagation delays) should be examined thoroughly before their wide deployment.

The mechanism of peers randomly choosing logical neighbors without any knowledge about underlying physical topology can cause a delay overhead in information propagation which makes the system vulnerable to double spend attacks. This paper introduces a proximity-aware extensions to the current Bitcoin protocol, named Master Node Based Clustering (MNBC). The ultimate purpose of the proposed protocol is to improve the information propagation delay in the Bitcoin network.

Blockchain technology is a decentralized ledger of all transactions across peer to peer network. Being decentralized in nature, a blockchain is highly secure as no single user can alter or remove an entry in the blockchain. The security of office premises and data is a very major concern for any organization. This paper majorly focuses on its application of blockchain technology in security surveillance. This paper proposes a blockchain based multi level network model for security surveillance system. The proposed system architecture is composed of different blockchain based systems connected to a multi level decentralized blockchain system to insure authentication, secure storage, Integrity and accountability.

Due to the diversity and mobility of blockchain network nodes and the decentralized nature of blockchain networks, traditional trust value evaluation indicators cannot be directly used. In order to obtain trusted nodes, a trustworthiness calculation method based on trust blockchain nodes is proposed. Different from the traditional P2P network trust value calculation, the trust blockchain not only acquires the working state of the node, but also collects the special behavior information of the node, and calculates the joining time by synthesizing the trust value generated by the node transaction and the trust value generated by the node behavior. After the attenuation factor is comprehensively evaluated, the trusted nodes are selected to effectively ensure the security of the blockchain network environment, while reducing the average transaction delay and increasing the block rate.

Threat intelligence sharing is posited as an important aid to help counter cybersecurity attacks and a number of threat intelligence sharing communities exist. There is a general consensus that many challenges remain to be overcome to achieve fully effective sharing, including concerns about privacy, negative publicity, policy/legal issues and expense of sharing, amongst others. One recent trend undertaken to address this is the use of decentralized blockchain based sharing architectures. However while these platforms can help increase sharing effectiveness they do not fully address all of the above challenges. In particular, issues around trust are not satisfactorily solved by current approaches. In this paper, we describe a novel trust enhancement framework -TITAN- for decentralized sharing based on the use of P2P reputation systems to address open trust issues. Our design uses blockchain and Trusted Execution Environment technologies to ensure security, integrity and privacy in the operation of the threat intelligence sharing reputation system.

P2P applications deployment on MANETs is motivated by the popularity of these applications, coupled with the widespread use of mobile devices. P2P applications and MANETs have common features such as decentralization, self organization, and the absence of dedicated servers or infrastructure. The deployment often faces specific performance challenges resulting from topological overlay and underlay mismatch, limited bandwidth constraint and dynamic topology changes. Hierarchical MANETs are a special type of MANETs where some nodes have specific routing roles to allow inter- cluster communications. Such topologies (typical for tactical networks) render a successful P2P deployment more challenging. We developed a novel approach for P2P deployment in such networks by bringing topology-awareness into the overlay, mapping the underlay topology (structure) to the logical overlay and building a hierarchically-structured logical overlay on top of the hierarchical underlay. Simulation results demonstrated a significant performance advantage of our proposed deployment solution vs. a flat logical overlay using different configurations and mobility scenarios.

With the rise of blockchain technology, peer-to-peer network system has once again caught people's attention. Peer-to-peer (P2P) is currently being implemented on various kind of decentralized systems such as InterPlanetary File System (IPFS). However, P2P file sharing network systems is not without its flaws. Data stored in the other nodes cannot be deleted by the owner and can only be deleted by other nodes themselves. Ensuring that personal data can be completely removed is an important issue to comply with the European Union's General Data Protection Regulation (GDPR) criteria. To improve P2Ps privacy and security, we propose a monitorable peer-to-peer file sharing mechanism that synchronizes with other nodes to perform file deletion and to generate the File Authentication Code (FAC) of each IPFS nodes in order to make sure the system synchronized correctly. The proposed mechanism can integrate with a consortium Blockchain to comply with GDPR.

IoT trust management is a security solution that assures the trust between different IoT entities before establishing any relationship with other anonymous devices. Recent researches presented in the literature tend to use a Blockchain-based trust management model for IoT besides the fog node approach in order to address the constraints of IoT resources. Actually, Blockchain has solved many drawbacks of centralized models. However, it is still not preferable for dealing with massive data produced by IoT because of its drawbacks such as delay, network overhead, and scalability issues. Therefore, in this paper we define some factors that should be considered when designing scalable models, and we propose a fully distributed trust management model for IoT that provide a large-scale trust model and address the limitations of Blockchain. We design our model based on a new approach called Holochain considering some security issues, such as detecting misbehaviors, data integrity and availability.

Bitcoin is a cryptocurrency which acts as an application protocol that works on top of the IP protocol. This paper focuses on distinct Bitcoin security features, including security services, mechanisms, and algorithms. Further, we propose a well-defined security functional architecture to minimize security risks. The security features and requirements of Bitcoin have been structured in layers.

The botnet has been one of the most common threats to the network security since it exploits multiple malicious codes like worm, Trojans, Rootkit, etc. These botnets are used to perform the attacks, send phishing links, and/or provide malicious services. It is difficult to detect Peer-to-peer (P2P) botnets as compare to IRC (Internet Relay Chat), HTTP (HyperText Transfer Protocol) and other types of botnets because of having typical features of the centralization and distribution. To solve these problems, we propose an effective two-stage traffic classification method to detect P2P botnet traffic based on both non-P2P traffic filtering mechanism and machine learning techniques on conversation features. At the first stage, we filter non-P2P packages to reduce the amount of network traffic through well-known ports, DNS query, and flow counting. At the second stage, we extract conversation features based on data flow features and flow similarity. We detected P2P botnets successfully, by using Machine Learning Classifiers. Experimental evaluations show that our two-stage detection method has a higher accuracy than traditional P2P botnet detection methods.

Botnet has been evolving over time since its birth. Nowadays, P2P (Peer-to-Peer) botnet has become a main threat to cyberspace security, owing to its strong concealment and easy expansibility. In order to effectively detect P2P botnet, researchers often focus on the analysis of network traffic. For the sake of enriching P2P botnet detection methods, the author puts forward a new sight of applying distributed threat intelligence sharing system to P2P botnet detection. This system aims to fight against distributed botnet by using distributed methods itself, and then to detect botnet in real time. To fulfill the goal of botnet detection, there are 3 important parts: the threat intelligence sharing and evaluating system, the BAV quantitative TI model, and the AHP and HMM based analysis algorithm. Theoretically, this method should work on different types of distributed cyber threat besides P2P botnet.

Peer-to-Peer networks are designed to rely on the resources of their own users. Therefore, resource management plays an important role in P2P protocols. Early P2P networks did not use proper mechanisms to manage fairness. However, after seeing difficulties and rise of freeloaders in networks like Gnutella, the importance of providing fairness for users have become apparent. In this paper, we propose an incentive-based security model which leads to a network infrastructure that lightens the work of Seeders and makes Leechers to contribute more. This method is able to prevent betrayals in Leecher-to-Leecher transactions and helps Seeders to be treated more fairly. This is what other incentive methods such as Bittorrent are incapable of doing. Additionally, by getting help from cryptography and combining it with our method, it is also possible to achieve secure channels, immune to spying, next to a fair network. This is the first protocol designed for P2P networks which has separated Leechers and Seeders without the need to a central server. The simulation results clearly show how our proposed approach can overcome free-riding issue. In addition, our findings revealed that our approach is able to provide an appropriate level of fairness for the users and can decrease the download time.

Peer to Peer (P2P) is a dynamic and self-organized technology, popularly used in File sharing applications to achieve better performance and avoids single point of failure. The popularity of this network has attracted many attackers framing different attacks including Sybil attack, Routing Table Insertion attack (RTI) and Free Riding. Many mitigation methods are also proposed to defend or reduce the impact of such attacks. However, most of those approaches are protocol specific. In this work, we propose a Blockchain based security framework for P2P network to address such security issues. which can be tailored to any P2P file-sharing system.

Underpinning the operation of Bitcoin is a peer-to-peer (P2P) network [1] that facilitates the execution of transactions by end users, as well as the transaction confirmation process known as bitcoin mining. The security of this P2P network is vital for the currency to function and subversion of the underlying network can lead to attacks on bitcoin users including theft of bitcoins, manipulation of the mining process and denial of service (DoS). As part of this paper the network protocol and bitcoin core software are analysed, with three bitcoin message exchanges (the connection handshake, GETHEADERS/HEADERS and MEMPOOL/INV) found to be potentially vulnerable to spoofing and use in distributed denial of service (DDoS) attacks. Possible solutions to the identified weaknesses and vulnerabilities are evaluated, such as the introduction of random nonces into network messages exchanges.

Peer-to-Peer botnets have become one of the significant threat against network security due to their distributed properties. The decentralized nature makes their detection challenging. It is important to take measures to detect bots as soon as possible to minimize their harm. In this paper, we propose PeerGrep, a novel system capable of identifying P2P bots. PeerGrep starts from identifying hosts that are likely engaged in P2P communications, and then distinguishes P2P bots from P2P hosts by analyzing their active ratio, packet size and the periodicity of connection to destination IP addresses. The evaluation shows that PeerGrep can identify all P2P bots with quite low FPR even if the malicious P2P application and benign P2P application coexist within the same host or there is only one bot in the monitored network.

The underlying or core technology of Bitcoin cryptocurrency has become a blessing for human being in this era. Everything is gradually changing to digitization in this today's epoch. Bitcoin creates virtual money using Blockchain that's become popular over the world. Blockchain is a shared public ledger, and it includes all transactions which are confirmed. It is almost impossible to crack the hidden information in the blocks of the Blockchain. However, there are certain security and technical challenges like scalability, privacy leakage, selfish mining, etc. which hampers the wide application of Blockchain. In this paper, we briefly discuss this emerging technology namely Blockchain. In addition, we extrapolate in-depth insight on Blockchain technology.

Peer-to-peer computing (P2P) refers to the famous technology that provides peers an equal spontaneous collaboration in the network by using appropriate information and communication systems without the need for a central server coordination. Today, the interconnection of several P2P networks has become a genuine solution for increasing system reliability, fault tolerance and resource availability. However, the existence of security threats in such networks, allows us to investigate the safety of users from P2P threats by studying the effects of competition between these interconnected networks. In this paper, we present an e-epidemic model to characterize the worm propagation in an interconnected peer-to-peer network. Here, we address this issue by introducing a model of network competition where an unprotected network is willing to partially weaken its own safety in order to more severely damage a more protected network. The unprotected network can infect all peers in the competitive networks after their non react against the passive worm propagation. Our model also evaluated the effect of an immunization strategies adopted by the protected network to resist against attacking networks. The launch time of immunization strategies in the protected network, the number of peers synapse connected to the both networks, and other effective parameters have also been investigated in this paper.

In recent years, the increasing concerns around the centralized cloud web services (e.g. privacy, governance, surveillance, security) have triggered the emergence of new distributed technologies, such as IPFS or the Blockchain. These innovations have tackled technical challenges that were unresolved until their appearance. Existing models of peer-to-peer systems need a revision to cover the spectrum of potential systems that can be now implemented as peer-to-peer systems. This work presents a framework to build these systems. It uses an agent-oriented approach in an open environment where agents have only partial information of the system data. The proposal covers data access, data discovery and data trust in peer-to-peer systems where different actors may interact. Moreover, the framework proposes a distributed architecture for these open systems, and provides guidelines to decide in which cases Blockchain technology may be required, or when other technologies may be sufficient.

Ethereum, the second-largest cryptocurrency valued at a peak of \$138 billion in 2018, is a decentralized, Turing-complete computing platform. Although the stability and security of Ethereum—and blockchain systems in general—have been widely-studied, most analysis has focused on application level features of these systems such as cryptographic mining challenges, smart contract semantics, or block mining operators. Little attention has been paid to the underlying peer-to-peer (P2P) networks that are responsible for information propagation and that enable blockchain consensus. In this work, we develop NodeFinder to measure this previously opaque network at scale and illuminate the properties of its nodes. We analyze the Ethereum network from two vantage points: a three-month long view of nodes on the P2P network, and a single day snapshot of the Ethereum Mainnet peers. We uncover a noisy DEVp2p ecosystem in which fewer than half of all nodes contribute to the Ethereum Mainnet. Through a comparison with other previously studied P2P networks including BitTorrent, Gnutella, and Bitcoin, we find that Ethereum differs in both network size and geographical distribution.

Botnet on a mobile platform is one of the severe problems for the Internet security. It causes damages to both individual users and the economic system. Botnet detection is required to stop these damages. However, botmasters keep developing their botnets. Peer-to-peer (P2P) connection and encryption are used in the botnet communication to avoid the exposure and takedown. To tackle this problem, we propose the P2P mobile botnet detection by using communication patterns. A graph representation called "graphlet" is used to capture the natural communication patterns of a P2P mobile botnet. The graphlet-based detection does not violate the user privacy, and also effective with encrypted traffic. Furthermore, a machine learning technique with graphlet-based features can detect the P2P mobile botnet even it runs simultaneously with other applications such as Facebook, Line, Skype, YouTube, and Web. Moreover, we employ the Principal Components Analysis (PCA) to analyze graphlet's features to leverage the detection performance when the botnet coexists with dense traffic such as Web traffic. Our work focuses on the real traffic of an advanced P2P mobile botnet named "NotCompatible.C". The detection performance shows high F-measure scores of 0.93, even when sampling only 10% of traffic in a 3-minute duration.

The importance of peer-to-peer (P2P) network overlays produced enormous interest in the research community due to their robustness, scalability, and increase of data availability. P2P networks are overlays of logically connected hosts and other nodes including servers. P2P networks allow users to share their files without the need for any centralized servers. Since P2P networks are largely constructed of end-hosts, they are susceptible to abuse and malicious activity, such as sybil attacks. Impostors perform sybil attacks by assigning nodes multiple addresses, as opposed to a single address, with the goal of degrading network quality. Sybil nodes will spread malicious data and provide bogus responses to requests. To prevent sybil attacks from occurring, a novel defense mechanism is proposed. In the proposed scheme, the DHT key-space is divided and treated in a similar manner to radio frequency allocation incensing. An overlay of trusted nodes is used to detect and handle sybil nodes with the aid of source-destination pairs reporting on each other. The simulation results show that the proposed scheme detects sybil nodes in large sized networks with thousands of interactions.

Proof-of-work (PoW) is an algorithmic tool used to secure networks by imposing a computational cost on participating devices. Unfortunately, traditional PoW schemes require that correct devices perform computational work perpetually, even when the system is not under attack. We address this issue by designing a general PoW protocol that ensures two properties. First, the network stays secure. In particular, the fraction of identities in the system that are controlled by an attacker is always less than 1/2. Second, our protocol's computational cost is commensurate with the cost of an attacker. That is, the total computational cost of correct devices is a linear function of the attacker's computational cost plus the number of correct devices that have joined the system. Consequently, if the network is attacked, we ensure security, with cost that grows linearly with the attacker's cost; and, in the absence of attack, our computational cost is small. We prove similar guarantees for bandwidth cost. Our results hold in a dynamic, decentralized system where participants join and depart over time, and where the total computational power of the attacker is up to a constant fraction of the total computational power of correct devices. We show how to leverage our results to address important security problems in distributed computing including: Sybil attacks, Byzantine Consensus, and Committee Election.

Blockchain, the underlying technology of cryptocurrency networks like Bitcoin, can prove to be essential towards realizing the vision of a decentralized, secure, and open Internet of Things (IoT) revolution. There is a growing interest in many research groups towards leveraging blockchains to provide IoT data privacy without the need for a centralized data access model. This paper aims to propose a decentralized access model for IoT data, using a network architecture that we call a modular consortium architecture for IoT and blockchains. The proposed architecture facilitates IoT communications on top of a software stack of blockchains and peer-to-peer data storage mechanisms. The architecture is aimed to have privacy built into it, and to be adaptable for various IoT use cases. To understand the feasibility and deployment considerations for implementing the proposed architecture, we conduct performance analysis of existing blockchain development platforms, Ethereum and Monax.

This work concerns distributed consensus algorithms and application to a network intrusion detection system (NIDS) [21]. We consider the problem of defending the system against multiple data falsification attacks (Byzantine attacks), a vulnerability of distributed peer-to-peer consensus algorithms that has not been widely addressed in its practicality. We consider both naive (independent) and colluding attackers. We test three defense strategy implementations, two classified as outlier detection methods and one reputation-based method. We have narrowed our attention to outlier and reputation-based methods because they are relatively light computationally speaking. We have left out control theoretic methods which are likely the most effective methods, however their computational cost increase rapidly with the number of attackers. We compare the efficiency of these three implementations for their computational cost, detection performance, convergence behavior and possible impacts on the intrusion detection accuracy of the NIDS. Tests are performed based on simulations of distributed denial of service attacks using the KSL-KDD data set.

In this paper, we scrutinize a way through which covert messages are sent and received using the Network Time Protocol (NTP), which is not easily detected since NTP should be present in most environment to synchronize the clock between clients and servers using at least one time server. We also present a proof of concept and investigate the throughput and robustness of this covert channel. This channel will use the 32 bits of fraction of seconds in timestamp to send the covert message. It also uses "Peer Clock Precision" field to track the messages between sender and receiver.