Nxt Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client 1.11.10 - NEW RELEASE: Ardor 2.0.5e TestNet - The Ignis ICO is over!! Ardor genesis snapshots will happen at Nxt block 1,630,000 (expected for 25th December)

Pages: [1]

Author Topic: Bounty ANN:: Papers on NXT network security requested  (Read 2839 times)

EvilDave

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1791
    • View Profile
    • NXT Foundation
  • Karma: +341/-40

Bounty ANN:: Papers on NXT network security requested.

The Infrastructure Committee (infCom) would like to put out a public request for papers on aspects of NXT network security.
http://107.170.117.237/index.php?topic=49.msg111#msg111

The papers should address the following from both a general P2P and a specifically NXT perspective:

  An analysis/description of the NXT P2P network architecture and the communication within.

  Attacks that could be conducted on Nxt infrastructure (the NXTwork), identification methods and countermeasures that could be used against them,   including : - DoS - Sybil - Poisoning - Eclipse - Tracking - Node Spoofing and any other relevant attack vectors.


InfCom will be rewarding two bounties for submitted papers, the bounties will be somewhere between 10-20,000 NXT per paper.

Deadline is 2 months from now, 24 May 2014.

If you have any questions, post on this thread or contact one of the InfCom members via PM.

As inspiration:
http://world-comp.org/p2012/SAM9754.pdf
   
« Last Edit: May 26, 2014, 02:49:40 pm by EvilDave »
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

joefox

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 523
    • View Profile
    • The Nxt Wiki
  • Karma: +62/-1

This bounty's deadline is today (May 24).  Is it being extended?  Have any bounties been rewarded?
GPG Key Id: 0x94A521DA613CAE76 | BitMessage BM-NBzUURL9jLagPALxCpxYDaMVe9E3965u
Nxt Wiki: http://wiki.nxtcrypto.org/
Tips: NXT-DBDW-STA8-ARBE-6JRPA

EvilDave

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1791
    • View Profile
    • NXT Foundation
  • Karma: +341/-40

Good point, deadline is hereby extended until...., well, until we get the papers.
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

Where can I see the NXT source code. It would definitely help in writing a whitepaper.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

gs02xzz

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1101
    • View Profile
  • Karma: +56/-12
Nxt Mission is to commercialize the crypto technology and build new commerce and society.

bitcoinpaul

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 3093
  • Karmageddon
    • View Profile
  • Karma: +589/-588

Good point, deadline is hereby extended until...., well, until we get the papers.

Oh no, the pressure!
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

EvilDave

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1791
    • View Profile
    • NXT Foundation
  • Karma: +341/-40

Yeah, I'm pushing hard on this one.....how about if I push the bounty up to definitely 20,000 NXT, maybe more if the paper is exceptional ?

The events of today should add a little bit of importance to these papers. We need this information and research....
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

Yeah, I'm pushing hard on this one.....how about if I push the bounty up to definitely 20,000 NXT, maybe more if the paper is exceptional ?

The events of today should add a little bit of importance to these papers. We need this information and research....

I have started looking into it and NXT so far seems safe from a number of different attacks.

Edit: I found a few possible security flaws in Jetty. Which version of Jetty is being used? The most recent in 9.something but if you guys are using 7 or earlier there are some known flaws I mentioned in the paper I am writing.
« Last Edit: June 23, 2014, 06:02:50 pm by colin012 »
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

Done! The word document can be downloaded here: http://nxtmetals.webs.com/nxt%20security.docx
« Last Edit: June 27, 2014, 07:28:04 pm by colin012 »
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

^[GS]^

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 51
  • NXTio
    • View Profile
    • NXTio
  • Karma: +2/-1

The document is very full! I Like it! It would also be good that accompany with safety tips for both users and servers.
NXTio.org First automated NXT's forging platform! http://www.nxtio.org - ONLINE!
NXT: NXT-9G2H-XNCD-MH92-AU3D7 | BTC: 1BMNBnuthKn9hBKXWXbvVNYTJ8NecdaAdc | DOGE: DSC2Ub8q2Ta8kKUxb2sVwkg438H5Xu3RNW

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

The document is very full! I Like it! It would also be good that accompany with safety tips for both users and servers.

Yeah, I am kind of kicking myself for missing some of the major typos though.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

joefox

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 523
    • View Profile
    • The Nxt Wiki
  • Karma: +62/-1

Edit: I found a few possible security flaws in Jetty. Which version of Jetty is being used? The most recent in 9.something but if you guys are using 7 or earlier there are some known flaws I mentioned in the paper I am writing.

We're on Jetty 9.2, I believe
GPG Key Id: 0x94A521DA613CAE76 | BitMessage BM-NBzUURL9jLagPALxCpxYDaMVe9E3965u
Nxt Wiki: http://wiki.nxtcrypto.org/
Tips: NXT-DBDW-STA8-ARBE-6JRPA

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

Edit: I found a few possible security flaws in Jetty. Which version of Jetty is being used? The most recent in 9.something but if you guys are using 7 or earlier there are some known flaws I mentioned in the paper I am writing.

We're on Jetty 9.2, I believe

If that is the case, should I take that part out of the paper?
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

ChuckOne

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 3438
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
  • Karma: +291/-17

About Jetty: security implications on 9.2?

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

About Jetty: security implications on 9.2?

Not that I know of.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

EvilDave

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1791
    • View Profile
    • NXT Foundation
  • Karma: +341/-40

Quick update:

We've decided that the paper needs to be expanded considerably and to go into more depth on the various attack vectors.

Having said that , it's a good piece of work , so InfCom has authorised a payment of 5000 NXT to Colin012, with more to come for any additions to the paper.

Since the InfCom fund is currently in escrow with Damelon, pending a new treasurer, I've paid colin012 out of my personal funds, and will retrieve the 5000 from the InfCom fund once we have a treasurer in place.
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

DoM P

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1117
    • View Profile
    • Crypto Finance Analysis Consulting
  • Karma: +114/-147

As new treasurer I paid Dave back his 5k Nxt
Tx ID: 14791304493729433602
Have you heard of CryptoCoins? You should!
Crypto Finance Analysis Consulting: cfa-consulting.ch
Nxt : NXT-LP8G-9NHV-VUQB-58ZZF
Pages: [1]