elective-stereophonic
elective-stereophonic
Bounty ANN:: Papers on NXT network security requested
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.11.15 | Latest Experimental Nxt Client: Nxt 1.12.0e

Author Topic: Bounty ANN:: Papers on NXT network security requested  (Read 5499 times)

EvilDave

  • Hero Member
  • *****
  • Karma: +341/-40
  • Offline Offline
  • Posts: 1789
    • View Profile
    • NXT Foundation
Bounty ANN:: Papers on NXT network security requested
« on: March 23, 2014, 10:46:39 pm »

Bounty ANN:: Papers on NXT network security requested.

The Infrastructure Committee (infCom) would like to put out a public request for papers on aspects of NXT network security.
http://107.170.117.237/index.php?topic=49.msg111#msg111

The papers should address the following from both a general P2P and a specifically NXT perspective:

  An analysis/description of the NXT P2P network architecture and the communication within.

  Attacks that could be conducted on Nxt infrastructure (the NXTwork), identification methods and countermeasures that could be used against them,   including : - DoS - Sybil - Poisoning - Eclipse - Tracking - Node Spoofing and any other relevant attack vectors.


InfCom will be rewarding two bounties for submitted papers, the bounties will be somewhere between 10-20,000 NXT per paper.

Deadline is 2 months from now, 24 May 2014.

If you have any questions, post on this thread or contact one of the InfCom members via PM.

As inspiration:
http://world-comp.org/p2012/SAM9754.pdf
   
« Last Edit: May 26, 2014, 02:49:40 pm by EvilDave »
Logged
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

joefox

  • Hero Member
  • *****
  • Karma: +62/-1
  • Offline Offline
  • Posts: 522
    • View Profile
    • The Nxt Wiki
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #1 on: May 25, 2014, 10:36:46 pm »

This bounty's deadline is today (May 24).  Is it being extended?  Have any bounties been rewarded?
Logged
GPG Key Id: 0x94A521DA613CAE76 | BitMessage BM-NBzUURL9jLagPALxCpxYDaMVe9E3965u
Nxt Wiki: http://wiki.nxtcrypto.org/
Tips: NXT-DBDW-STA8-ARBE-6JRPA

EvilDave

  • Hero Member
  • *****
  • Karma: +341/-40
  • Offline Offline
  • Posts: 1789
    • View Profile
    • NXT Foundation
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #2 on: May 26, 2014, 02:49:16 pm »

Good point, deadline is hereby extended until...., well, until we get the papers.
Logged
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #3 on: June 16, 2014, 07:00:18 pm »

Where can I see the NXT source code. It would definitely help in writing a whitepaper.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

gs02xzz

  • Hero Member
  • *****
  • Karma: +56/-12
  • Offline Offline
  • Posts: 1101
    • View Profile
Logged
Nxt Mission is to commercialize the crypto technology and build new commerce and society.

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #5 on: June 16, 2014, 07:41:49 pm »

Good point, deadline is hereby extended until...., well, until we get the papers.

Oh no, the pressure!
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

EvilDave

  • Hero Member
  • *****
  • Karma: +341/-40
  • Offline Offline
  • Posts: 1789
    • View Profile
    • NXT Foundation
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #6 on: June 19, 2014, 10:45:43 pm »

Yeah, I'm pushing hard on this one.....how about if I push the bounty up to definitely 20,000 NXT, maybe more if the paper is exceptional ?

The events of today should add a little bit of importance to these papers. We need this information and research....
Logged
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #7 on: June 23, 2014, 12:01:16 am »

Yeah, I'm pushing hard on this one.....how about if I push the bounty up to definitely 20,000 NXT, maybe more if the paper is exceptional ?

The events of today should add a little bit of importance to these papers. We need this information and research....

I have started looking into it and NXT so far seems safe from a number of different attacks.

Edit: I found a few possible security flaws in Jetty. Which version of Jetty is being used? The most recent in 9.something but if you guys are using 7 or earlier there are some known flaws I mentioned in the paper I am writing.
« Last Edit: June 23, 2014, 06:02:50 pm by colin012 »
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #8 on: June 27, 2014, 06:16:27 pm »

Done! The word document can be downloaded here: http://nxtmetals.webs.com/nxt%20security.docx
« Last Edit: June 27, 2014, 07:28:04 pm by colin012 »
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

^[GS]^

  • Jr. Member
  • **
  • Karma: +2/-1
  • Offline Offline
  • Posts: 51
  • NXTio
    • View Profile
    • NXTio
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #9 on: June 28, 2014, 11:34:40 pm »

The document is very full! I Like it! It would also be good that accompany with safety tips for both users and servers.
Logged
NXTio.org First automated NXT's forging platform! http://www.nxtio.org - OFFLINE!
NXT: NXT-9G2H-XNCD-MH92-AU3D7 | BTC: 1BMNBnuthKn9hBKXWXbvVNYTJ8NecdaAdc | DOGE: DSC2Ub8q2Ta8kKUxb2sVwkg438H5Xu3RNW

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #10 on: June 29, 2014, 05:59:06 pm »

The document is very full! I Like it! It would also be good that accompany with safety tips for both users and servers.

Yeah, I am kind of kicking myself for missing some of the major typos though.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

joefox

  • Hero Member
  • *****
  • Karma: +62/-1
  • Offline Offline
  • Posts: 522
    • View Profile
    • The Nxt Wiki
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #11 on: June 30, 2014, 04:04:18 am »

Edit: I found a few possible security flaws in Jetty. Which version of Jetty is being used? The most recent in 9.something but if you guys are using 7 or earlier there are some known flaws I mentioned in the paper I am writing.

We're on Jetty 9.2, I believe
Logged
GPG Key Id: 0x94A521DA613CAE76 | BitMessage BM-NBzUURL9jLagPALxCpxYDaMVe9E3965u
Nxt Wiki: http://wiki.nxtcrypto.org/
Tips: NXT-DBDW-STA8-ARBE-6JRPA

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #12 on: June 30, 2014, 04:05:59 pm »

Edit: I found a few possible security flaws in Jetty. Which version of Jetty is being used? The most recent in 9.something but if you guys are using 7 or earlier there are some known flaws I mentioned in the paper I am writing.

We're on Jetty 9.2, I believe

If that is the case, should I take that part out of the paper?
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #13 on: July 01, 2014, 09:07:27 pm »

About Jetty: security implications on 9.2?
Logged

colin012

  • Hero Member
  • *****
  • Karma: +65/-18
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #14 on: July 01, 2014, 09:49:04 pm »

About Jetty: security implications on 9.2?

Not that I know of.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

EvilDave

  • Hero Member
  • *****
  • Karma: +341/-40
  • Offline Offline
  • Posts: 1789
    • View Profile
    • NXT Foundation
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #15 on: July 17, 2014, 12:01:24 am »

Quick update:

We've decided that the paper needs to be expanded considerably and to go into more depth on the various attack vectors.

Having said that , it's a good piece of work , so InfCom has authorised a payment of 5000 NXT to Colin012, with more to come for any additions to the paper.

Since the InfCom fund is currently in escrow with Damelon, pending a new treasurer, I've paid colin012 out of my personal funds, and will retrieve the 5000 from the InfCom fund once we have a treasurer in place.
Logged
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

DoM P

  • Hero Member
  • *****
  • Karma: +114/-147
  • Offline Offline
  • Posts: 1115
    • View Profile
    • Crypto Finance Analysis Consulting
Re: Bounty ANN:: Papers on NXT network security requested
« Reply #16 on: August 09, 2014, 08:15:43 pm »

As new treasurer I paid Dave back his 5k Nxt
Tx ID: 14791304493729433602
Logged
Have you heard of CryptoCoins? You should!
Crypto Finance Analysis Consulting: cfa-consulting.ch
Nxt : NXT-LP8G-9NHV-VUQB-58ZZF
 

elective-stereophonic
elective-stereophonic
assembly
assembly