Tuesday, October 10, 2006

Question About The Possibility of Spoofing in An Ad Hoc Network

ANts is safe from Man-in-Middle Attacks as shown by the answer to question below.


Ant routing is an interesting idea;

I like the fact that it's adaptive
and completely decentralised, but I'm a bit concerned about the possibility of spoofing.

If I transmit packets using X's source address
instead of my own (I mean the overlay address (node ID) rather than the IP address), won't that cause packets addressed to X to be routed towards me instead of towards X?


No ANts (kerjodando) is definitely secured against such Man-In-Middle (MIM) attacks!

The node identification system that is implemented makes it computationally impossible to perform such a MIM attack.

ANts uses a particular Digital Signature (DS) public key as node ID on the ANts net.

The public key (node ID) is changed each time you run ANts and is generated as a complementary PAIR with a private key (signature).

You use your private key to sign your messages so that everyone on the ANts net is able to verify if a message from the node identified by a particular ID (i.e. public key) is spoofed or valid.

This uses the SPECIAL properties of such key pairs.

In other words, when a node sends a message to Bob.

Then Bob receives a message from a public key (node ID - now called Alice) that has been signed by Alice's complementary private key.

Bob can VERIFY (using Alice's public key) that the message was signed by Alice's complentary private key (this is a property of such key pairs).

So Bob can see that it has not been spoofed by Eve who cannot calculate Alice's complementary private key from Alice's public key.

Bob can perform this verification only knowing Alice's public key.

He does not need to know Alice's private key to VERIFY that it was signed by Alice's private key.

He only needs to know Alice's complementary public key (node ID).

So Eve cannot sign messages with Alice's private key although she knows Alice's public key.

So Eve CANNOT pretend (SPOOF) to be Alice i.e. send messages with Alice's public key (node ID).

That is how public private keys work.

This was explained to me by a PHD student who has worked on a government project dealing electronic signatures and PKI.

The method is computationally secure because it involves no DS exchange or OTHER communication.

You simply publish your ID (i.e. public Key) on the net through your queries and you'll be the ONLY one able to use that ID to spread messages on the net.

As you are the only one who knows the complementry private key for that public key.

Spoofed message will be automatically rejected by other nodes, because the spoofer will not be able to create a fake private key signature (unless spoofer can perform a 1024 bit factorisation) and so nodes will fail in verifying the spoofed private key signature.

See http://en.wikipedia.org/wiki/Public-key_cryptography


I haven't looked deeply into Kerjodando but it looks like you're using
the overlay to coordinate BitTorrent-like swarms of peers who are interested in similar files. Do you transmit the file data through the overlay (like MUTE) or just the searches and metadata (like Gnutella)?


File data transmitted through overlay like MUTE.