Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Defense Against Forged Data #814

Open
dnwiebe opened this issue Oct 28, 2024 · 1 comment
Open

Defense Against Forged Data #814

dnwiebe opened this issue Oct 28, 2024 · 1 comment
Labels
hardenning Getting a feature working stronger question Further information is requested

Comments

@dnwiebe
Copy link

dnwiebe commented Oct 28, 2024
edited
Loading

Background
The problem is an evil exit Node that continues sending garbage data on behalf of a server after the exit Node has received a CORES package with last_data = true.

As this card is being written, GH-800 and GH-801 are on the way in to deal gracefully with honest exit Nodes from which the originating Nodes receive data after they've expressed a desire to stop receiving it; but we can still be repeatedly victimized by evil exit Nodes that continue to send us data we don't want and can't use but that well-behaved relay Nodes will charge us for and eventually delinquency-ban us.

Once GH-800 and GH-801 are in place, the originating Node will start a timer at the moment it first expresses disinterest in further data, but will continue to pay for data it receives and throws away until that timer expires--at which point it will retire the StreamKey and stop paying. This limits exposure per stream, but if the exit Node is evil, it will pull the same scam on the next stream it's called upon to exit. We need a way to malefactor-ban it the first time so it doesn't scam us again.

Solution

  1. Modify the ProxyServer so that instead of using a fixed timeout, it calculates a reasonable timeout based on the relevant route's hop count, and keep in mind that we will probably eventually want to add more factors into the calculation of that timeout: for example, route and/or individual Node latency, once we start keeping it.
  2. Modify the ProxyServer so that every time it receives a CORES package on a particular stream, it stamps the time and stores it keyed by that StreamKey, so that it always knows the instant it received the most recent package. (Note that only the most recent timestamp is required; it can be overwritten with each packet.)
  3. When the ProxyServer's interval expires after declaring that it is no longer interested in data on a particular stream, use that stream's most-recent-data-received timestamp to determine whether the exit Node is still actively sending data or not: was the most recent data received just moments (milliseconds) ago? If it was, then conclude that the exit Node is evil and malefactor-ban it.
@dnwiebe dnwiebe converted this from a draft issue Oct 28, 2024
@kauri-hero kauri-hero added the hardenning Getting a feature working stronger label Nov 3, 2024
@kauri-hero kauri-hero added the question Further information is requested label Nov 17, 2024
@kauri-hero kauri-hero moved this from 🆕 New to 📋 Backlog in MASQ Node v2 Nov 17, 2024
@kauri-hero
Copy link

A more priority and positive outcome from the solution outlined, would be creating a card that approaches point 1 and starts to track and measure average latency, using it to score routes with undesirability factors.
Although average route latency won't identify individual Nodes on the route itself since the latency is based on entire route

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hardenning Getting a feature working stronger question Further information is requested
Projects
MASQ Node v2
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dnwiebe @kauri-hero