security (Re: [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...)

[Alatalo Toni]

On Wed, 5 Mar 2003, Hermanni Hyytiälä wrote:

>       Documentation/misc/hemppah-progradu: masterthesis.tex
>  In this chapter we evaluate Fenfire in Peer-to-Peer environment.

this is one thing we probably should develope in the article -- not to
mention making it current, though.

i haven't (had time to) read this thesis yet, definitely should, but one
remark (as i've tried to do something related):

> -In the following sections, we don't respond to security issues. We assume

i'm writing an essay (might even end up as a small publication, mehopes)
about the security -- is in gzz cvs antont-wireless_security i think.

> +As we discussed already in chapter 4, Fenfire's Storm design
>  uses SHA-1 \footnote{SHA-1 is considered a collision free hash function. 
> Therefore, it is
>  very unlikely that two different Storm scroll blocks would have same 
> identifier.}

doesn't this also guarantee (some degree, or even absolute..?) data
integrity? i don't know that algorithm yet (or the other, bitzi?, things)

> +throughout the Peer-to-Peer overlay. Our task is to locate and fetch
> +(i.e. obtain) \emph{all} Storm scroll blocks, associated to a specific 
> ''virtual
> +file'', from Peer-to-Peer overlay as efficiently as possible. In addition to
> +\emph{direct} scroll block obtaining using globally unique identifier of 
> Storm block,
> +we also must support \emph{indirect} obtaining of Storm scroll block using 
> pointer blocks.

are there tradeoffs between that efficiency and security?

> +In the following sections, we don't respond to security issues. We assume
> +that either system has a reliable techique for identifying invidual 
> entities, or
> +there are no hostile entities in the system.

those do sound like sane assumptions to me (i.e. there are techniques
available for those tasks?) for this limited treatment. or? should read
the whole text to able to see that, of course.

~Toni