This paper presents a practical solution to Sybil and eclipse attacks in a fully decentralised peer-to-peer context by utilising trusted computing features of modern Android devices. We achieve this by employing hardware-based attestation mechanisms introduced in recent Android versions and bind each P2P network node identifier to a distinct physical device. In contrast to resource-testing approaches, this binding makes it impossible for attackers to rely on cheap cloud computing resources to outperform legitimate users. We address well-known P2P challenges by applying trusted computing approaches, which were previously only theorised in this context. This results in a system that can now actually be implemented on a global scale. We thoroughly mind bandwidth, power and performance constraints to achieve a ready-to-use solution whose only requirement is the possession of a recent Android phone.
|Title of host publication
|Proceedings of the 16th International Joint Conference on e-Business and Telecommunications
|SciTePress - Science and Technology Publications
|Published - Jul 2019