Securing decentralized peer-to-peer systems

Peer-to-peer systems have become popular with the advent of (in)famous file-sharing applications such as Napster and Gnutella. Other examples of P2P systems include BitTorrent; Skype's VoIP directory services; P2P-based file-storage systems; web farms, DNS services, web-caching, security infrastructures such as 13 among many others. Decentralized feature of many P2P systems make them resilient against denial-of-service attacks, but many other security features become hard to implement. Many current decentralized P2P systems are vulnerable to attacks, relying on obfuscation rather than sound security analysis for protection. In fact, many such systems can be easily abused, bringing the system value well below its potential. Instituting hard-core security measures such as cryptographic multi-party computation protocols and Byzantine agreement would make such systems very inefficient. In this thesis, we propose a (generic) technique which allows to secure a multitude of decentralized P2P systems. The main idea is to first design a secure centralized counter-part of the P2P system-once that is done, we show that in many cases we can securely decentralize the system. As one example, we show how to design a decentralized P2P file-archiving system, which is secure against quota manipulation and can be used to ensure that users contribute to the system. We also show how to use the same basic design, but with additional cryptographic (e.g. timed-release) techniques, to secure a decentralized P2P file system allowing for storage transactions as small as a few file blocks. As a second example, we show how to use the same approach to design an untraceable decentralized electronic cash system, which prevents double-spending in real-time without an online central entity, tamper-proof hardware or client security deposit. Finally, we discuss timed-release encryption (TRE), used in the file-storage application above, which allows one to encrypt such that only the designated receiver and only at the specified time in the future will be able to decrypt. We provide necessary security definitions and secure generic constructions. We show that existence of secure TRE is equivalent to existence of identity-based encryption, and provide an efficient and provably secure authenticated public key TRE.