MITM like attacks when `GET_PROVIDERS()`


I’m probably missing something but my concern is regarding a possible security vulnerability within the DHT queries using the Content Routing RPCs (ADD_PROVIDER and GET_PROVIDERS).

I’ll just describe a possible scenario with an example so that I can make it more clear.

Let’s suppose we’re dealing with a p2p computing network. Some peers advertise their offering of compute resources using the key to_multihash("/compute-providers/").

Example Scenario:

  1. Advertising Compute Resources: Peer A has compute resources available and wants to advertise its service. It uses the ADD_PROVIDER operation with the key derived from to_multihash("/compute-providers/") to announce its availability to the network.

  2. Discovering Compute Providers: Peer B requires compute resources and issues a GET_PROVIDERS query for the key to_multihash("/compute-providers/") to find available providers.

  3. DHT Query Handling: The DHT directs Peer B’s query to the nodes that are closest to the key. Let’s say Peers C and D are the closest nodes that respond to Peer B’s query.

  4. Malicious Node Response: Peer C is honest and returns a valid list of known compute providers. However, Peer D is malicious and responds with false provider information, advertising itself or another malicious peer as a provider.

  5. Consuming False Information: Peer B receives the provider lists from Peers C and D. Without a way to verify the authenticity of the information, Peer B might attempt to use the services of the non-existent or malicious providers advertised by Peer D.

Secondary question: is that a problem within gossipsub?

Maybe the same is possible within Gossipsub, but I’d say that its nature makes this kind of attack more difficult.

But when sending messages to peers within the mesh, it’s way harder to a malicious peer modify the content of messages and broadcast as if they were broadcasting the original message, right?

Hope that you can help me clarify this!
Thanks in advance!!

Hello @PedrobyJoao ,

What you’re describing is very similar to an eclipse attack: Eclipse Attacks Explained: What Are They? | Gemini

There are a number of mitigations for eclipse attacks in that article. Thank you for thinking deeply about the details of p2p networks. I hope you stick around and learn more and think more. There are many unsolved problems in p2p networking that we could use help with.

Cheers! :beers: