How are attackers at the Routing layers handled?

erick · February 20, 2015, 5:08pm

@dirvine Let’s say a routing node r sends a message to a close group. How can the group ensures the message indeed originated from r rather than an attacker a, forging a message to look like it is coming from r? I am assuming here that in some cases no member of the close group is directly connected to the sender.

dirvine · February 20, 2015, 5:24pm

Single node → client → uses digital signature, we retrieve the claimed identity packet, and extract the public key to confirm the message is signed by the client who it claims to be. (We may be a client manager, i.e. in the closest groups to that id).

Single node → routing_node → Again signature, but we already have public key (or we would not have connected) we are also connected to this node if we are a manager of the node (so NodeManager personal type). If the signed node is not in our routing table then it’s not a node from the network perspective.

From group → we get all the group messages (accumulate) and send a find_group message, this is routed (using loose parallelism) to the target group. This returns all group member’s of the claimed group and we confirm they are the same as the claimed group. We also confirm the digital signatures (find_group returns all public keys of group). In this case we are also the group around the address of the element (data or functor) and we know that So the non deterministically connected group is confirmed via the sentinel.

dirvine · February 20, 2015, 5:28pm

I should add for Get requests we don’t care.

erick · February 20, 2015, 6:07pm

Are there any mechanism to rank down malicious nodes that might not be relaying messages correctly?

dirvine · February 20, 2015, 6:11pm

Yes the sentinel will down-rank (remove nodes) from the network that do not obey the account transfers. Account transfers are a great measure of a nodes capabilities on the network and shows it at least managed the accounts properly. For storage nodes then this is even easier as they must give up data when asked and also manage to pass Data Integrity Checks. These rules will extend during testnet3/beta and prob beyond. They must be simple though.

dirvine · February 20, 2015, 6:42pm

For reference later as we progress this language

github.com

maidsafe-archive/MaidSafe-Vault/blob/d66d422c5c9d61f46d91dd0630a614b0f74bf7ba/docs/MessageFlow.md


# MaidSafe Language of the Network

### general considerations

Nodes and data both live in the same XOR space which is addressed with a 2^512 bit key; a Network-Addressable-Element (NAE).  A message flows from a NAE to a NAE.  An operation can be performed on a message flow by a manager group.

A message flow from start to end can be represented by

    < NAE_1 | manager | NAE_2 >

where the NAE can be a node (ie a vault or a client - Direct NAE) or a data element (Indirect NAE).  The manager group operating on the message flow will act forward `manager | NAE_2 >` under normal / successful conditions.  The manager will act backwards `< NAE_1 | manager` upon error.

If no operation is needed on the message flow then this special case is represented by

    < NAE | NAE >

For a given message type `ACTION` the functions shall be named

    < A::ACTION | B::ActOnACTION | C::PerformACTION >

This file has been truncated. show original

Topic		Replies	Views
MaidSafe Dev Update :safe: 29 July 2015 Updates	46	4825	August 3, 2015
RFC - Sentinel (Security) RFCs	16	2111	July 2, 2015
How is a client verifying responses? Beginners	2	881	April 4, 2018
All the encryption layers for SAFEnet Features	26	7597	August 15, 2016
Paige Peterson presents MaidSafe at Libertopia 2014 Events	4	1623	November 19, 2014

How are attackers at the Routing layers handled?

Related Topics