[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 114/164: Added probabilistic security check for full sync
|
From: |
gnunet |
|
Subject: |
[gnunet] 114/164: Added probabilistic security check for full sync |
|
Date: |
Fri, 30 Jul 2021 15:33:00 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
commit 8eff00cafca5fe0987e09183203362bcee856d05
Author: Elias Summermatter <elias.summermatter@seccom.ch>
AuthorDate: Thu May 27 01:36:52 2021 +0200
Added probabilistic security check for full sync
---
src/setu/gnunet-service-setu.c | 89 ++++++++++++++++++++++++++++-----
src/setu/gnunet-service-setu_protocol.h | 4 +-
2 files changed, 79 insertions(+), 14 deletions(-)
diff --git a/src/setu/gnunet-service-setu.c b/src/setu/gnunet-service-setu.c
index 2cc3ed894..9b2aee8b0 100644
--- a/src/setu/gnunet-service-setu.c
+++ b/src/setu/gnunet-service-setu.c
@@ -56,7 +56,7 @@
#define SE_IBF_SIZE 79
/**
- * Primes for all 4 different strata estimators 79,83,89,97
+ * Primes for all 4 different strata estimators 79,83,89,97 348
*/
#define SE_IBFS_TOTAL_SIZE 348
@@ -506,7 +506,7 @@ struct Operation
/**
* Estimated or committed set difference at the start
*/
- uint64_t set_diff;
+ uint64_t remote_set_diff;
};
@@ -992,12 +992,12 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
if (full_min < total_bytes_diff) {
/* Decide between sending all element first or receiving all elements
*/
if (total_bytes_full_remote_send_first >
total_bytes_full_local_send_first) {
- return DIFFERENTIAL_SYNC; // FULL_SYNC_LOCAL_SENDING_FIRST;
+ return FULL_SYNC_LOCAL_SENDING_FIRST; //
FULL_SYNC_LOCAL_SENDING_FIRST;
} else {
- return DIFFERENTIAL_SYNC; // FULL_SYNC_REMOTE_SENDING_FIRST;
+ return FULL_SYNC_LOCAL_SENDING_FIRST; //
FULL_SYNC_REMOTE_SENDING_FIRST;
}
} else {
- return DIFFERENTIAL_SYNC;
+ return FULL_SYNC_LOCAL_SENDING_FIRST;
}
}
@@ -1424,6 +1424,68 @@ fail_union_operation (struct Operation *op)
}
+
+/**
+ * Function that checks if full sync is plausible runnig
+ * @param initial_local_elements_in_set
+ * @param estimated_set_difference
+ * @param repeated_elements
+ * @param fresh_elements
+ * @param op
+ * @return GNUNET_OK if
+ */
+
+static int
+full_sync_plausibility_check (struct Operation *op) {
+ uint32_t security_level_ub = 1 << 30;
+ long double security_level_lb = (1 / (long double) security_level_ub);
+ uint64_t duplicates = op->received_fresh - op->received_total;
+
+ /*
+ * Protect full sync from receiving double element when in FULL SENDING
+ */
+
+ if(GNUNET_YES == op->byzantine && PHASE_FULL_SENDING == op->phase) {
+ if(duplicates > 0)
+ {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "PROTOCOL VIOLATION: Received duplicate element in full
receiving "
+ "mode of operation this is not allowed! Duplicates: %lu\n",
+ duplicates);
+ GNUNET_break_op (0);
+ fail_union_operation (op);
+ return GNUNET_SYSERR;
+ }
+
+ }
+
+ /*
+ * Protect full sync with probabilistic algorithm
+ */
+ if(GNUNET_YES == op->byzantine && PHASE_FULL_RECEIVING == op->phase) {
+ if (0 == op->remote_set_diff)
+ op->remote_set_diff = 1;
+
+ long double base = (1 - (long double) (op->remote_set_diff /
+ (long double) (op->initial_size
+ op->remote_set_diff)));
+ long double exponent = (op->received_total - (op->received_fresh *
((long double) op->initial_size /
+
(long double) op->remote_set_diff)));
+ long double value = powl(base, exponent);
+ if(value < security_level_lb || value > security_level_ub) {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "PROTOCOL VIOLATION: Other peer violated probabilistic rule
for receiving "
+ "to many duplicated full element : %LF\n",
+ value);
+ GNUNET_break_op (0);
+ fail_union_operation (op);
+ return GNUNET_SYSERR;
+ }
+ }
+ return GNUNET_OK;
+}
+
+
+
/**
* Derive the IBF key from a hash code and
* a salt.
@@ -1999,6 +2061,7 @@ handle_union_p2p_strata_estimator (void *cls,
strata_estimator_read (&msg[1],
len,
is_compressed,
+ SE_IBFS_TOTAL_SIZE,
remote_se))
{
/* decompression failed */
@@ -2014,6 +2077,7 @@ handle_union_p2p_strata_estimator (void *cls,
int diff_remote = remote_se->stratas[0]->strata[0]->remote_decoded_count;
int diff_local = remote_se->stratas[0]->strata[0]->local_decoded_count;
diff = diff_remote + diff_local;
+ op->remote_set_diff = diff_remote;
@@ -2091,7 +2155,7 @@ handle_union_p2p_strata_estimator (void *cls,
struct TransmitFullMessage *signal_msg;
struct GNUNET_MQ_Envelope *ev;
ev = GNUNET_MQ_msg_extra(signal_msg,sizeof(struct
TransmitFullMessage),GNUNET_MESSAGE_TYPE_SETU_P2P_SEND_FULL);
- signal_msg->set_difference = htonl(diff_remote + diff_local);
+ signal_msg->remote_set_difference = htonl( diff_local);
signal_msg->set_size = htonl(op->number_elements_local);
GNUNET_MQ_send (op->mq,
ev);
@@ -2107,7 +2171,7 @@ handle_union_p2p_strata_estimator (void *cls,
perf_rtt.request_full.sent += 1;
struct TransmitFullMessage *signal_msg;
ev = GNUNET_MQ_msg_extra(signal_msg,sizeof(struct
TransmitFullMessage),GNUNET_MESSAGE_TYPE_SETU_P2P_REQUEST_FULL);
- signal_msg->set_difference = htonl(diff_remote + diff_local);
+ signal_msg->remote_set_difference = htonl(diff_local);
signal_msg->set_size = htonl(op->number_elements_local);
GNUNET_MQ_send (op->mq,
ev);
@@ -2459,7 +2523,7 @@ handle_union_p2p_send_full (void *cls,
}
op->remote_element_count = ntohl(msg->set_size);
- op->set_diff = ntohl(msg->set_size);
+ op->remote_set_diff = ntohl(msg->remote_set_difference);
op->phase = PHASE_FULL_RECEIVING;
}
@@ -2927,7 +2991,6 @@ handle_union_p2p_full_element (void *cls,
GNUNET_NO);
op->received_total++;
-
ke = op_get_element (op,
&ee->element_hash);
if (NULL != ke)
@@ -2936,6 +2999,7 @@ handle_union_p2p_full_element (void *cls,
"# repeated elements",
1,
GNUNET_NO);
+ full_sync_plausibility_check(op);
ke->received = GNUNET_YES;
GNUNET_free (ee);
}
@@ -2949,9 +3013,9 @@ handle_union_p2p_full_element (void *cls,
send_client_element (op,
&ee->element,
GNUNET_SETU_STATUS_ADD_LOCAL);
+ full_sync_plausibility_check(op);
}
- uint64_t received_repeated = op->received_total - op->received_fresh;
if ((GNUNET_YES == op->byzantine) &&
op->received_total > op->remote_element_count)
@@ -3130,8 +3194,8 @@ handle_union_p2p_request_full (void *cls,
return;
}
- op->remote_element_count = ntohl(msg->set_size);
- op->set_diff = ntohl(msg->set_size);
+ op->remote_element_count = ntohl(msg->set_size);
+ op->remote_set_diff = ntohl(msg->remote_set_difference);
perf_rtt.request_full.received += 1;
@@ -4626,6 +4690,7 @@ handle_client_accept (void *cls,
se = op->se;
buf = GNUNET_malloc (se->stratas[0]->strata_count * IBF_BUCKET_SIZE *
SE_IBFS_TOTAL_SIZE);
len = strata_estimator_write (se,
+ SE_IBFS_TOTAL_SIZE,
buf);
perf_rtt.se.sent += 1;
perf_rtt.se.sent_var_bytes += len;
diff --git a/src/setu/gnunet-service-setu_protocol.h
b/src/setu/gnunet-service-setu_protocol.h
index 64a99bb1b..d2cfd94c1 100644
--- a/src/setu/gnunet-service-setu_protocol.h
+++ b/src/setu/gnunet-service-setu_protocol.h
@@ -228,9 +228,9 @@ struct TransmitFullMessage
struct GNUNET_MessageHeader header;
/**
- * Set difference Calculated with strata estimator
+ * Remote set difference calculated with strata estimator
*/
- uint32_t set_difference;
+ uint32_t remote_set_difference;
/**
* Local set size
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] 125/164: Removed unusable counter, (continued)
- [gnunet] 125/164: Removed unusable counter, gnunet, 2021/07/30
- [gnunet] 122/164: Improved code and commtents, gnunet, 2021/07/30
- [gnunet] 150/164: Fixed a bug in message controll, gnunet, 2021/07/30
- [gnunet] 145/164: Return early from function, gnunet, 2021/07/30
- [gnunet] 151/164: Fixed some bugs in implementation, gnunet, 2021/07/30
- [gnunet] 156/164: Added check to enforce active passive switch when inquiry colision occour, gnunet, 2021/07/30
- [gnunet] 155/164: Fixed implementaion, gnunet, 2021/07/30
- [gnunet] 115/164: Prepare fore messurement 1, gnunet, 2021/07/30
- [gnunet] 118/164: Prepare fore messurement 8, gnunet, 2021/07/30
- [gnunet] 141/164: Does this fix the mem leak, gnunet, 2021/07/30
- [gnunet] 114/164: Added probabilistic security check for full sync,
gnunet <=
- [gnunet] 140/164: Fixed wrong place for null check, gnunet, 2021/07/30
- [gnunet] 137/164: Fixed one more, gnunet, 2021/07/30
- [gnunet] 148/164: Override some stuff for performance messurement, gnunet, 2021/07/30
- [gnunet] 147/164: Fixed some stuff, gnunet, 2021/07/30
- [gnunet] 160/164: Fixed some stuff, gnunet, 2021/07/30
- [gnunet] 163/164: Added some more comments, gnunet, 2021/07/30
- [gnunet] 164/164: completing rebase to master, gnunet, 2021/07/30
- [gnunet] 138/164: Fixed one more, gnunet, 2021/07/30
- [gnunet] 135/164: Made perf compleate in time, gnunet, 2021/07/30
- [gnunet] 146/164: Added comment to explain |1, gnunet, 2021/07/30