Adding security and privacy guarantees in structured peer-to-peer networks

Thesis

Peer-to-Peer (P2P) networks are built in the application layer, forming a virtualised abstraction of the underlying infrastructure. In these networks, peers are self-organised in a logical structure where they communicate ad-hoc, acting as service consumers (clients) and service providers (servers). Several P2P networks have been proposed in the last few decades with purposes ranging from file sharing to instant messaging. However, despite P2P's positive features, such as scalability and robustness, the challenging provision of security and privacy guarantees burdens their real-world adoption as a general-purpose communication basis, on top of which different applications can be built and interact. This thesis tries to address this limitation.

We design SeCaS, a framework that deals with the problem of holistic discovery and secure sharing of the available device resources in a personal network. SeCaS, proposes a method to identify heterogeneous services compatible with a Distributed Hash Table (DHT) scheme. It also provides four protocols that guarantee message accountability and facilitate authorisation, which any structured P2P network can leverage.

Guaranteeing authentication in a decentralised setting is a challenging problem; we solve this by proposing Themis. This decentralised and secure transport layer can ease application development in any environment requiring point-to-point interaction. Themis presents a suite of two protocols that establish a notion of decentralised identity verification and a series of actions related to the communication and the management of nodes---e.g., store, find, and join, forming a fully decentralised authentication solution. We underline the benefits that the adoption of Themis can bring by exemplifying its application as a secure service mesh communication network for use in data centres and companies that need dynamic load balancing and extensibility.

Acknowledging privacy concerns that come with an open-access platform, where many actors can participate and query for registered data, we define a new privacy notion that allows reasoning about the search privacy offered by a privacy-preserving mechanism in Chord, a popular DHT, even in the presence of a strong colluding adversary. We then propose Iris, a privacy-preserving object search algorithm, which allows nodes using the Chord protocol to use the network without allowing other peers (or external attackers) to track their activity or search patterns.

Overall, this DPhil thesis provides practical solutions that enable secure and private communication between entities organised in structured P2P networks to support their application-agnostic adoption in today's emerging technological areas, such as the Internet of Things (IoT) and Serverless Computing. In this way, it contributes towards an alternative to the centralised communication model that applications usually adopt, which is both secure and scalable.

Authors: Aktypi, A

• DOI: 10.5287/ora-vqpr11qpd
• Type of award: DPhil
• Level of award: Doctoral
• Awarding institution: University of Oxford
• Language: English
• Keywords: structured P2P networks; applied cryptography; security & privacy; protocol design/analysis; distributed systems
• Subjects: Computer security; Privacy-preserving techniques (Computer science)