50 likes | 210 Vues
i3 and DOA. 15-744 Fall 2010. i3. A way to route messages to ids rather than hosts A DHT maintains a tuple space An id has a prefix and suffix The prefix is used to route inside the i3 network The suffix is then used to select a ‘best’ tuple Tuples have the form ( id , ( id | IP)+)
E N D
i3 and DOA 15-744 Fall 2010
i3 • A way to route messages to ids rather than hosts • A DHT maintains a tuple space • An id has a prefix and suffix • The prefix is used to route inside the i3 network • The suffix is then used to select a ‘best’ tuple • Tuples have the form (id, (id | IP)+) • Packets are addressed to a list of ids and sent into the i3 network, which handles forwarding • Take the first id matching a non-nil set of tuples • For each tuple (id, ids), replace id with ids in the address and repeat • A sender can cache the i3 node but not the ultimate destination.
DOA • A way to route messages to eids rather than hosts, taking into account multiple address spaces • A DHT maintains a tuple space • An eid is unstructured globally unique hash of some public key K (corresponding to private k) • Tuples have the form (eid, eid+ | IP, TTL, *) • A tuple for eid = H(K) is signed with k • Packets are addressed to a list of eids. The sender queries the list in sequence, expanding eids into eid+s as necessary, and sends the packet with the current list to the first IP that reaches the list’s front. • Senders cache tuples, not just DOA nodes.
i3 Discussion • Who operates the tuple space? • If this is centralized (with managed churn), why use a DHT? • If it is decentralized, what are the security implications? (What if we consider Sybil attacks?) • What are the security implications in general? • Anonymity wasn’t very well addressed • Trigger hijacking • How about concerns about efficiency? • Select ids based on some metric to an i3 node? • All forwarding has to be done inside the i3 network • Authors disabled the most interesting features during evaluation!
DOA Discussion • Who operates the tuple space? • How do we get the keys to check signatures? Isn’t this expensive? • What if more than one tuple space exists? • Efficiency concerns • What is the maximum depth of an eid expansion? • DOA routing may choose bad paths • How about security? • How long do eids last? Are they vulnerable to attack? • Replay attacks • What is the utility of outsourcing/eids? • … given latency concerns? • … given consumer-level solutions (eg, UPnP)? • … given that organizations don’t want some machines behind NATs to be publicly-addressable anyhow?