Abstract
This paper presents a practical solution to Sybil and eclipse attacks in a fully decentralised peer-to-peer context by utilising trusted computing features of modern Android devices. We achieve this by employing hardware-based attestation mechanisms introduced in recent Android versions and bind each P2P network node identifier to a distinct physical device. In contrast to resource-testing approaches, this binding makes it impossible for attackers to rely on cheap cloud computing resources to outperform legitimate users. We address well-known P2P challenges by applying trusted computing approaches, which were previously only theorised in this context. This results in a system that can now actually be implemented on a global scale. We thoroughly mind bandwidth, power and performance constraints to achieve a ready-to-use solution whose only requirement is the possession of a recent Android phone.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 16th International Joint Conference on e-Business and Telecommunications |
| Publisher | SciTePress - Science and Technology Publications |
| Pages | 252--259 |
| Volume | 2: SECRYPT |
| DOIs | |
| Publication status | Published - Jul 2019 |