Please read this article and explain how such an attack on the MAIDSAFE network will be unfeasible? It seems that by DDOSing the “good” vaults while at the same time playing submarine with new vaults to establish control over a matter of days, weeks, or months, of 75% or more of the highest ranked, highest throughput most trusted vaults while denigrating the ranking of the actual good vaults will work. And by work I mean arbitrary data modifications by the attackers.
So assume that the vaults with the best uptime, bandwidth, and storage ranking are all controlled by one group of hackers, that is that they are all malicious but are acting perfectly good and virtuous for a period of time to await their big moment when they start acting maliciously to steal safecoins by modifying the safecoin data value modifications. Since the hackers are already doing this successfully at global scale using Tor and Blockchain.info, they are already prepared to make the adjustments needed to apply it to the maidsafe network and have the incentive and means to dominate the network at launch. Therefore the network should be defended against this attack at launch.
I don’t pretend to know the intricacies, I’m not a coder, so I am asking whether this concern has been addressed.
I know enough to be dangerous, but I am going to answer anyway in hopes that somebody more knowledgable than I will educate me where I am weak…
I believe that the answer is that because maidsafe uses opportunistic caching. DDoS is pretty useless – The node one upstream from you caches the content and serves it to you over and over and over again. But that really only effects you and them, and the rest of the network goes about business as usual.
Because you cannot pick your own vault’s address, It is pretty hard to target certain vaults to out-compete… You only have control of the data that the network give you - you don’t know that that data is - or who to target in order to control the data that you want to control… Really in order to have enough certainty to control anything you would have to have your whole haystack made of your needles…
You cannot really arbitrarily modify data, because no one vault has enough data to modify… The data is split into shards, encrypted and filed away by it’s hash… You cannot change the data without changing the hash – and the data is useless unless it is re-united with the rest of it’s components, which no vault would know where or what where. I am assuming that the same will go for Safecoin Balances…
75% of the vaults would be a pretty massive undertaking…
The real problem here is that Tor makes use of exit relay nodes, which are special nodes and relatively rare. It is in a way a centralized vulnerability. MaidSafe doesn’t have any such centralized vulnerability.
I also see SSL is a vulnerability in the described attack. MaidSafe doesn’t make use of SSL either.
I just looked up the total number of Tor exit routers, 1133. Most of us hope that the SAFE network will have far more machines than this. Since machine is downranked for not providing all the vault services adequately, there is an incentive for everyone to provide all services (or SAFEcoin will not be attainable through farming). This should make combining a DDoS with a Sybil(ish) attack difficult because the number of machines that have to be taken offline will be larger. The number of machines that have to be attacked will be dependent on how “close” you can get the hard-to-manipulate SHA512 hash (pre-image resistance) compared to the other vaults on the network. I’m being a bit lazy with the math (maybe some else could pick this part up), but the number of machines you’d need to knock offline should be roughly equivalent to the number of machines an attacker would have to control (or 88% of the network). Somewhere less if you can efficiently generate SHA512 preimages efficiently (this woud be big news).
I should also note that these attacks on TOR differ than pure DDoS attacks; I doubt they are actually sending enough data to take the servers for blockchain.info, etc., offline. Instead, they are leveraging the fact that TOR has a limited number of exits, and are making it appear that the exit nodes are part of a DDoS. This gets the exit nodes banned by the server (due to DDoS mitigation by the server). I imagine this requires far fewer resources than actually DDoSing the entire server, especially if the ban period is quite large, as it is with the bitcoin network (24 hours). On SAFE you’d actually need to take the machines offline, and hopefully you’d have to do this to a lot of them.