Consistent authentication in disitrbuted networks

Abstract: In a time where peer-to-peer networks, often with previously unconnected devices, are increasing in relevance, new storage solutions are needed. Storage can no longer rely on a single central entity but rather needs to depend on the resources of the entire network. Such a solution is the distributed hash table (DHT) which allows distributed storage of resources, ensuring redundancy and availability of resources. Common DHT implementations have however been found to be susceptible to several attacks and therefore not suitable for security-critical data. To enable a wider use of DHT, a strengthening which can be easily implemented in existing DHT implementations have to be found. In this thesis, the security of the Kademlia DHT, present in the Ericsson developed framework Calvin, was tested by performing a series of well-known attacks against an existing implementation. From the vulnerabilities found in these tests, security enhancements based on authentication were designed. All new functionality was designed to interfere with the original implementation as little as possible. The Kademlia DHT was strengthened with provable identities, cryptographically signed messages and a certificate distribution scheme. All of this was built on a public key infrastructure having an out-of-band certificate authority. The security enhancements were shown to both hamper known attacks and prevent outsiders from retrieving any information from the DHT. However, overhead and more complex computation were introduced into the system with the security enhancements. Further research is needed to determine if very computationally limited devices can participate or if additional functionality is needed to facilitate this.