edit(post): ambient peer discovery (#60)

* edit(post): ambient peer discovery
* test MathJax support
This commit is contained in:
Daniel Kaiser 2022-05-03 21:30:14 +02:00 committed by ksr
parent 674452ebea
commit 25750e36e3
No known key found for this signature in database
GPG Key ID: E4EB341A3BB26FA5
1 changed files with 24 additions and 5 deletions

View File

@ -12,6 +12,25 @@ image: /assets/img/waku_v2_discv5_random_walk_estimation.svg
discuss: https://forum.vac.dev/t/discussion-waku-v2-ambient-peer-discovery/133 discuss: https://forum.vac.dev/t/discussion-waku-v2-ambient-peer-discovery/133
--- ---
<script type="text/javascript"
src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.0/MathJax.js?config=TeX-AMS_CHTML">
</script>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({
tex2jax: {
inlineMath: [['$','$'], ['\\(','\\)']],
processEscapes: true},
jax: ["input/TeX","input/MathML","input/AsciiMath","output/CommonHTML"],
extensions: ["tex2jax.js","mml2jax.js","asciimath2jax.js","MathMenu.js","MathZoom.js","AssistiveMML.js", "[Contrib]/a11y/accessibility-menu.js"],
TeX: {
extensions: ["AMSmath.js","AMSsymbols.js","noErrors.js","noUndefined.js"],
equationNumbers: {
autoNumber: "AMS"
}
}
});
</script>
[Waku v2](https://rfc.vac.dev/spec/10/) comprises a set of modular protocols for secure, privacy preserving communication. [Waku v2](https://rfc.vac.dev/spec/10/) comprises a set of modular protocols for secure, privacy preserving communication.
Avoiding centralization, these protocols exchange messages over a P2P network layer. Avoiding centralization, these protocols exchange messages over a P2P network layer.
In order to build a P2P network, participating nodes first have to discover peers within this network. In order to build a P2P network, participating nodes first have to discover peers within this network.
@ -99,7 +118,7 @@ Even if discv5 discovery should not work in advent of a DoS attack, Waku v2 can
Discovery methods that use separate P2P networks still depend on bootstrapping, Discovery methods that use separate P2P networks still depend on bootstrapping,
which Waku v2 does via parameters on start-up or via DNS-based discovery. which Waku v2 does via parameters on start-up or via DNS-based discovery.
This might raise the question of why such discovery methods are beneficial? This might raise the question of why such discovery methods are beneficial.
The answer lies in the aforementioned global view of DHTs. Without discv5 and similar methods, the bootstrap nodes are used as part of the gossipsub mesh. The answer lies in the aforementioned global view of DHTs. Without discv5 and similar methods, the bootstrap nodes are used as part of the gossipsub mesh.
This might put heavy load on these nodes and further, might open pathways to inference attacks. This might put heavy load on these nodes and further, might open pathways to inference attacks.
Discv5, on the other hand, uses the bootstrap nodes merely as an entry to the discovery network and can provide random sets of nodes (sampled from a global view) Discv5, on the other hand, uses the bootstrap nodes merely as an entry to the discovery network and can provide random sets of nodes (sampled from a global view)
@ -160,7 +179,7 @@ $$P(W^q) = 1 - (1-p/100)^{kq} \iff q = log_{(1-p/100)^k}(1-P(W^q))$$
Figure 1 shows a log-log plot for $P(W^q) = 90\%$. Figure 1 shows a log-log plot for $P(W^q) = 90\%$.
<p align="center"> <p align="center">
<img src="../assets/img/waku_v2_discv5_random_walk_estimation.svg" width="50%" /> <img src="../assets/img/waku_v2_discv5_random_walk_estimation.svg" width="75%" />
<br /> <br />
Figure 1: log-log plot showing the number of queries necessary to retrieve a Waku v2 node with a probability of 90% in relation to the Waku v2 node concentration in the network. Figure 1: log-log plot showing the number of queries necessary to retrieve a Waku v2 node with a probability of 90% in relation to the Waku v2 node concentration in the network.
</p> </p>
@ -230,7 +249,7 @@ These attacks are mainly used for denial of service (DoS),
but can also used as parts of more sophisticated attacks, e.g. deanonymization attacks. but can also used as parts of more sophisticated attacks, e.g. deanonymization attacks.
A future post on this research log will cover security aspects of ambient peer discovery with a focus on privacy and anonymity. A future post on this research log will cover security aspects of ambient peer discovery with a focus on privacy and anonymity.
#### Sybil Attack *Sybil Attack*
The power of an attacker in a DHT is proportional to the number of controlled nodes. The power of an attacker in a DHT is proportional to the number of controlled nodes.
Controlling nodes comes at a high resource cost and/or requires controlling a botnet via a preliminary attack. Controlling nodes comes at a high resource cost and/or requires controlling a botnet via a preliminary attack.
@ -250,9 +269,9 @@ which, however, comes with a set of shortcomings, e.g. relatively high costs on
describes both Sybil and eclipse attacks, as well as concrete mitigation techniques employed by discv5. describes both Sybil and eclipse attacks, as well as concrete mitigation techniques employed by discv5.
#### Eclipse Attack *Eclipse Attack*
In an eclipse attack, nodes controlled by the attacker poison the routing tables of other nodes in way that parts of the DHT become eclipsed, i.e. invisible. In an eclipse attack, nodes controlled by the attacker poison the routing tables of other nodes in a way that parts of the DHT become eclipsed, i.e. invisible.
When a controlled node is asked for the next step in a path, When a controlled node is asked for the next step in a path,
it provides another controlled node as the next step, it provides another controlled node as the next step,
effectively navigating the querying node around or away from certain areas of the DHT. effectively navigating the querying node around or away from certain areas of the DHT.