An Eclipse attack on content availability in IPFS : a large-scale decentralized storage service

The web is an ever-changing ecosystem. New technologies emerge and shake traditional habits. A new phenomenon called Web3 brings a new wave of decentralized applications to the web. The web is transitioning from an internet dominated by big industries to a more open internet where users gain control of their data. One actor in Web3 enables a decentralized way of hosting multiple types of content. Such a system is absolutely needed for Web3. The Interplanetary File System (IPFS) is a peer-to-peer distributed data storage service. The content is distributed among users of the network. IPFS is a stepping stone for many projects of Web3 and is considered to be one of the main actors. Since IPFS is fundamental in this new web paradigm, it is important to analyze how the system works and if there are any vulnerabilities that can affect the safety of using this system. Web3 should be an upgrade of Web2. In this thesis, our first goal is to perform a detailed study of the content resolution in IPFS. We need this content resolution system to find where the data is hosted on the network. Once we know where the content is, we are able to rerieve it. Content resolution in IPFS is constituted of two non-trivial peer-to-peer systems. Both systems have complementary features and rely on each other to correctly serve content from one provider of data to a user. The knowledge we gather when analyzing these two protocols allows us to understand the multiple potential points of failures in IPFS. As IPFS is a significant actor in Web3, we are interested in improving its reliability and security. The essential component of IPFS is the way it retrieves content. Based on this, we discovered an attack capable of hiding new data from the rest of the network. While not harming other IPFS users, we deploy this attack and measure the consequences it can have for the network. By deploying this attack on the live IPFS, we highlight vulnerabilities that need to be fixed by the IPFS team. We also introduce some counter-measures in order to help them.