Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

How can one be sure that the man who you\'re talking with is the one who you thi

ID: 648801 • Letter: H

Question

How can one be sure that the man who you're talking with is the one who you think he is? i.e. How can one perform authentication in P2P network without a central trust server or Certificate Authority?

I'm just wondering how someone can make distributed (peer-to-peer) overlay network or chat using DHT for finding peers (like BitTorrent Chat has done).

BitTorrent chat uses DHT to find some information about peers and then to connect to them directly. I think it uses assymetric cryptography, as well. But this doesn't solve the problem of somebody trying to perform a MiTM attack by putting a lot of incorrect data about peers into the DHT (i.e. incorrect peer IP addresses or public keys).

Explanation / Answer

You may be interested in something like the Cryptographically Generated Address (CGA) from RFC 3972. CGA is used in Secure Neighbor Discovery Protocol (SEND) of RFC 3971 to bind a public key to an IPv6 address.

The basic idea of CGA is to generate part of the IPv6 address by computing a cryptographic hash over the public key. The corresponding private key can then be used to sign and authenticate messages. The downside of CGA is that it is expensive to generate such an address as the generated hash must meet certain criteria. e.g. the 16 left-most bits of the hash output should all be zeroes

In a P2P network, users can generate their own identifiers in a similar fashion to CGA and publish them publicly. Users are authenticated as long as they are able to prove that they have knowledge the corresponding private key whose public key is binded to their identifiers.

Although anyone can generate an identifier, CGA can protect against spoofing of existing identities. In order to masquerade as an existing user, an attacker will need to do a pre-image attack against the hash function to obtain the public key. This will not be easy especially when the public key is 2048 bits or higher.

Related Questions

How can community health nurses apply the strategies of cultural competence to t
Question #239806
How can community health nurses apply the strategies of cultural competence to t
Question #305369
How can data provide information to evaluate quality patient outcomes? Give an e
Question #171868
How can data provide information to evaluate quality patient outcomes? Give an e
Question #223531
How can database technology be used to help Mountain View Community Hospital com
Question #3664451
How can demand-pull inflation lead to cost-push inflation? A. Demand-pull inflat
Question #1165367
How can demand-pull inflation lead to cost-push inflation? O A. Demand-pull infi
Question #2440058
How can diversity can be maintained in a system where there is competition for r
Question #205279
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
How can muscle fibers show a range of responses to different levels o stimulatio
Next
How can one estimate the mean and variance of data that are summarized in a grou

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.