From 7bec3182da1b124f2c2b3523acd07a17e8a8a0eb Mon Sep 17 00:00:00 2001 From: x Date: Mon, 16 Oct 2023 12:59:49 +0200 Subject: [PATCH] doc/book: add section on network security --- doc/src/architecture/p2p-network.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/doc/src/architecture/p2p-network.md b/doc/src/architecture/p2p-network.md index 90d810f10..cb3df244b 100644 --- a/doc/src/architecture/p2p-network.md +++ b/doc/src/architecture/p2p-network.md @@ -46,3 +46,20 @@ such as wakeup requests. Sleeping slots are woken up periodically by the session. They can be forcefully woken up by calling `session.wakeup()`. +## Security + +* **Backoff/falloff**. This is the strategy implemented in Bitcoin. This can be bad when arbitrary limits are implemented + since we slow down traffic for no reason. +* **Choking controller**. BitTorrent no longer uses naive tit-for-tat, instead libtorrent implements an anti-leech seeding algo + from the paper [Improving BitTorrent: A Simple Approach](https://qed.usc.edu/papers/ChowGM08.pdf), which is focused on distributing + bandwidth to all peers. See also [libtorrent/src/choker.cpp](https://github.com/arvidn/libtorrent/blob/RC_2_0/src/choker.cpp). +* **Smart ban**. Malicious peers which violate protocols are hard banned. For example sending the wrong data for a chunk. +* **uTP congestion control**. BitTorrent implements a UDP protocol with its own congestion control. We could do such a similar strategy + with the addition of removing ordering. This reduces protocol latency mitigating attacks. See [libtorrent.org/utp.html](https://libtorrent.org/utp.html) + for more info. + * Maybe less important if we use alternative networks like Tor or i2p. +* **White, gray and black lists**. See section 2.2 of [Exploring the Monero P2P Network](https://eprint.iacr.org/2019/411.pdf) for + details of this algorithm. This aids with network connectivity, avoiding netsplits which could make the network more susceptible to + eclipse/sybil attacks (large scale MiTM). + * For this we would need a function to connect to a host, send a ping, receive a pong and disconnect to test node connectivity. +