|
Size: 4107
Comment:
|
Size: 5302
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| {{{ - Rnode RSA (creata per ogni hook). |
== NTK_RFC 0001 == |
| Line 4: | Line 3: |
| - Gnode contigui - Appena bnode si nota un gnode confinante non contiguo manda all'interno del suo gnode la richiesta di GNODE_CHALLENGE, in cui e' appeso il |
Subject: Gnode contiguity |
| Line 8: | Line 5: |
| - Un nodo che la riceve manda un challenge al gnode confinante, se il challenge e' perso cambiera' l'ip, - Quando il nodo riceve la risposta al challenge manda in broadcast all'interno del suo gnode un pkt contenente la risposta. Il pacchetto viene firmato con la chiave privata dal nodo che la manda. Il nodo che la riceve verifica e rimuove la firma precedente ed appone la sua. |
-- |
| Line 17: | Line 7: |
| - Quando un nodo ha ricevuto la risposta e le risposte di tutti i suoi nodi del suo gnode controlla l'esito del challenge: se l'esito e' positivo (ha vinto): non cambiera' gnode. al contrario: appena vede che l'rnode che e' utilizzato nella rotta migliore per raggiungere il gnode confinante muore e trova un nuovo rnode che fa parte del nuovo gnode, rifara' l'hook. |
This text describes a change to the Npv7 about the collision of IPs. It will be included in the final documentation, so feel free to correct it. But if you want to change the system here described, please contact us first. |
| Line 27: | Line 11: |
| - Rehook /*TODO*/ | -- |
| Line 29: | Line 13: |
| - /* TODO */ gid_torto == gid_ragione. | === The real problems === |
| Line 31: | Line 15: |
| - Ecco come funziona il challenge: Il gnode che ha il numero minore di nodi per verificare che effettivamente il gnode con cui confina abbia un numero minore di nodi gli manda un problema da risolvere. Questo problema ha una complessita' proporzionale al numero di nodi presenti nel gnode piu' piccolo (o presunto tale). In questo modo se il gnode che riceve il challenge riesce a risolvere il problema, distribuendo il calcolo tra suoi nodi, vuol dire che ha una quantita' di nodi maggiore o uguale a quella del gnode che ha mandato il challenge. Quando il gnode che ha meno nodi dell'altro riceve le risposte entro un tot di tempo determinato, cambiera' ip se le risposte ricevute sono corrette, altrimenti se non riceve le risposte o se sono errate, bannera' il gnode confinante, poiche' ha comunicato una quantita' di nodi superiore a quella effettiva, tentando cosi' di far cambiare l'IP all'altro gnode. |
A collision of IPs happens when two gnodes with the same ID are born separately, so when they meet each trough a direct link or trough other nodes many problems arise since there are some ambiguities: |
| Line 49: | Line 19: |
| Per convenienza chiamamo Checker il gnode che mandera' il problema al gnode Examinated. |
- In the first case there can be nodes which have the same IP. |
| Line 52: | Line 21: |
| - Distribuzione del problema: Ogni nodo di Checker manda il seguente problema ai bnode di Checker che poi pensaranno a ridistribuirlo all'interno del gnode: f(x) mod k dove k e' un numero random compreso tra 2^16 < k < 2^32 e f(x) e' una funzione non facilmente calcolabile con il modulo di k. |
- In the second: A <-> B <-> D <-> A After a qspn_round the node B will have two routes to reach the gnode A. But in this case the gnode A isn't a contiguous gnode, so when B wants to reach a node which belongs to A, it will send the packet using only one route which may lead to the A gnode which hasn't the wanted node. So these are the real problems. In order to solve them it is necessary that every time two gnodes meets each other for the first time, one of them will redo the hook, in fact, this was the cause of all. When a gnode meets for the first time another gnode is like when a new node joins the network: it hooks with the other nodes. The same must be done for the gnode. |
| Line 61: | Line 37: |
| Anche il nodo Y che ha mandato il problema cerchera' la sua soluzione. La complessita' del problema dipende dalla grandezza di x, e viene scelta in modo proporzionale alla potenza di calcolo media di un computer. Y aspettera' per un tempo molto breve la risposta e una volta ricevuta la confrontera' con la sua soluzione. |
=== Hook of gnodes === |
| Line 68: | Line 39: |
| - Soglia del challenge: Il challenge viene mandato solo se i due gnode in questione hanno al loro interno una quantita' di nodi >= 2^16, quindi questo vale solo per i gnode di livello >= 2. I gnode piu' piccoli cambieranno IP senza verificare nulla. |
The hook of two gnodes works in this way: only the gnode which has lesser nodes than the other will change (let's call the first gnode X and the second Y). If X and Y have the same number of nodes, the gnode which has the smaller gnode_id will change. The bnodes of X will start to re-hook, the other nodes will re-hook when they notice that their rnode which is on the best route to reach Y dies and when a new node (which was the same rnode) with the excpected IP appears. Summing up: the bnodes re-hook first, then their rnodes, then the rnodes of the rnodes of the bnodes... and so on, all the nodes of the gnode have re-hooked. When the gnode X is full the nodes which are re-hooking must choose a different gnode_id of the upper level. It is chosen in a semi-random way: it is the hash of their gnode_id (which was choosen randomly at the beginning). If the hash is a gnode_id which already exist, the hash function reused on the hash itself. |
| Line 74: | Line 54: |
| - Il qspn per i livelli alti deve avere un u_int per ogni entry che dice quando nodi ci sono in quel gnode. |
It doesn't matter that a gnode composed by 2^24 nodes changes all its IPs, since it will happen only very few times, i.e. when the gnode of the Europe meets that of the America. |
| Line 77: | Line 58: |
| }}} | This method requires that the number of nodes present in a gnode has to be known, therefore the qspn_pkt which traverse gnodes stores also the number of nodes of each traversed gnode. ==== Counting the nodes ==== At this point all seems to be solved, but it is not. Anyone can modify the qspn, so for example the X which has less nodes than Y can fake the number, and Y will be forced to re-hook. It this happens anyone can easily force a gnode of 2^24 nodes to change its IPs! Therefore the problem to be solved now is: how can the gnode Y verify that the gnode X has really more nodes? What is the main property of a network which has more nodes than another? The computability power! We assume that the average computability power for a gnode of the second level or greater is constant. (a gnode of the second level can have 2^16 nodes, in the third level 2^24). Therefore the gnode of level 1 won't be checked. Each node of the gnode which has to re-hook (in this case the gnode Y, since the gnode X is faking the qspn_pkt) will send a problem to solve to the other gnode and it wait for a very small time the reply with the solution in it. If the solution is right the node receiving it will re-hook, otherwise the gnode X will be banned and excluded from all the qspn floods. Only one challenge each T time can occur, where T is proportional to the size of the Y gnode. So say that Y has 16milions IPs, if it has already sent a challenge it will send another after 10 minutes. ==== Another bug ==== But this system leaves opened another kind of attack: the gnode X can target a single node in Y, replying only to its reply and making it re-hook. In order to prevent this the nodes act in this way: - When a node hooks it creates a RSA key pair and gives its public key to all its rnodes. - When a node receives a reply to the problem it sends broadcast inside its gnode it signing it with its public key. When its rnodes receive the pkt check the signature. If it is valid they update the counter of received replies for the problems sent, then they substitute the signature with their own. The packet will propagate until it reaches all the nodes of the gnode. - The nodes will start to rehook only when all the replies will be received (during the wait time). Since it is not possible that all the reply are received it is allowed that 10% of replies are lost. The problem to solve sent by the nodes is: f(x) mod k where k is a random number between 2^16 and 2^32. f(x) is a function which is not easily computable with mod k. When x gets bigger the computation time increases. We are still deciding on what f() function using. == And that's all == That's all folks. Alpt, Katolaz, Mancausoft |
NTK_RFC 0001
Subject: Gnode contiguity
--
This text describes a change to the Npv7 about the collision of IPs. It will be included in the final documentation, so feel free to correct it. But if you want to change the system here described, please contact us first.
--
The real problems
A collision of IPs happens when two gnodes with the same ID are born separately, so when they meet each trough a direct link or trough other nodes many problems arise since there are some ambiguities:
- - In the first case there can be nodes which have the same IP. - In the second:
A <-> B <-> D <-> A
- After a qspn_round the node B will have two routes to reach the gnode A. But in this case the gnode A isn't a contiguous gnode, so when B wants to reach a node which belongs to A, it will send the packet using only one route which may lead to the A gnode which hasn't the wanted node.
So these are the real problems. In order to solve them it is necessary that every time two gnodes meets each other for the first time, one of them will redo the hook, in fact, this was the cause of all. When a gnode meets for the first time another gnode is like when a new node joins the network: it hooks with the other nodes. The same must be done for the gnode.
Hook of gnodes
The hook of two gnodes works in this way: only the gnode which has lesser nodes than the other will change (let's call the first gnode X and the second Y). If X and Y have the same number of nodes, the gnode which has the smaller gnode_id will change. The bnodes of X will start to re-hook, the other nodes will re-hook when they notice that their rnode which is on the best route to reach Y dies and when a new node (which was the same rnode) with the excpected IP appears. Summing up: the bnodes re-hook first, then their rnodes, then the rnodes of the rnodes of the bnodes... and so on, all the nodes of the gnode have re-hooked. When the gnode X is full the nodes which are re-hooking must choose a different gnode_id of the upper level. It is chosen in a semi-random way: it is the hash of their gnode_id (which was choosen randomly at the beginning). If the hash is a gnode_id which already exist, the hash function reused on the hash itself.
It doesn't matter that a gnode composed by 2^24 nodes changes all its IPs, since it will happen only very few times, i.e. when the gnode of the Europe meets that of the America.
This method requires that the number of nodes present in a gnode has to be known, therefore the qspn_pkt which traverse gnodes stores also the number of nodes of each traversed gnode.
Counting the nodes
At this point all seems to be solved, but it is not. Anyone can modify the qspn, so for example the X which has less nodes than Y can fake the number, and Y will be forced to re-hook. It this happens anyone can easily force a gnode of 2^24 nodes to change its IPs! Therefore the problem to be solved now is: how can the gnode Y verify that the gnode X has really more nodes?
What is the main property of a network which has more nodes than another? The computability power!
We assume that the average computability power for a gnode of the second level or greater is constant. (a gnode of the second level can have 2^16 nodes, in the third level 2^24). Therefore the gnode of level 1 won't be checked.
Each node of the gnode which has to re-hook (in this case the gnode Y, since the gnode X is faking the qspn_pkt) will send a problem to solve to the other gnode and it wait for a very small time the reply with the solution in it. If the solution is right the node receiving it will re-hook, otherwise the gnode X will be banned and excluded from all the qspn floods. Only one challenge each T time can occur, where T is proportional to the size of the Y gnode. So say that Y has 16milions IPs, if it has already sent a challenge it will send another after 10 minutes.
Another bug
But this system leaves opened another kind of attack: the gnode X can target a single node in Y, replying only to its reply and making it re-hook. In order to prevent this the nodes act in this way:
- - When a node hooks it creates a RSA key pair and gives its public key
- to all its rnodes.
- inside its gnode it signing it with its public key. When its rnodes receive the pkt check the signature. If it is valid they update the counter of received replies for the problems sent, then they substitute the signature with their own. The packet will propagate until it reaches all the nodes of the gnode.
- received (during the wait time). Since it is not possible that all the reply are received it is allowed that 10% of replies are lost.
The problem to solve sent by the nodes is:
- f(x) mod k
where k is a random number between 216 and 232. f(x) is a function which is not easily computable with mod k. When x gets bigger the computation time increases. We are still deciding on what f() function using.
And that's all
That's all folks.
Alpt, Katolaz, Mancausoft