Security & CouchDB & p2p

Overview

Couchdb is an open source distributed key value pair store. It is designed to work on commodity desktop computers which makes it very suitable for p2p applications (vs running on corporate clusters, such as cassandra, bigtable, mongodb, etc).

        This document is a proposal for untrusted p2p nodes to cooperatively store couchdb documents safely and securely.

Goals

Non Goals

Attacks

        List of attacks we’ve considered:

Related work

This proposal is based on this

http://wiki.apache.org/couchdb/SignedDocuments

Design

        Because of replication, we cannot rely on couchdb’s existing user based authentication features. When replicating, couchdb doesn’t send the user credential, which means we can’t enforce a strong security.

        To solve that issue, we designed a standard for couchdb documents to be signed and encrypted. Each couchdb document is self authenticated, meaning that it has enough information to prove that it should be commited on the database.

        Design facts:

Implementation

        We implement this system using GNUs gpg and a java frontend, bouncy castle.

        Implementation facts:

Examples

-----BEGIN KUMBAYA MESSAGE-----

Version: v1.0

Id:

Revision:

-----BEGIN PGP MESSAGE-----

Version: BCPG v1.45

hQEMA0k29A+/2oWWAQf+LNctOfLyQLiTAo9MM3Ue3NJxy4r6aVT4UVK5upNa8Jpb

7kf93/ROattgB+9yZjjjDcL4kbi0gMmKoT5mGh224j2pFkmct418124cDlplc8d0

JdYHzUe2JKtSxgiIPCyusJVo6BoMVI1fiafJUDsIzXMjItMw7h34t6+bQOmtlI4u

Kk2FVJ6K9TK4llZ10PLXaowAsG8ek4KJP9ExFmNuItfxbHSKGFq7UW9W7teF045x

upfr2tkBdFSbRrOnjr4la9uKMRDTAiJVwbVm90Ce79c33kToJ5VRUuv8ZjnXrJta

nX8+eCVEsI55GD2BvWX8Dd235cJ+Bl7tWqisfNei+NJkAWK72bFeHqBx1Nzee38M

IfBewEgdjz5jQpC4tMr7DPDJ5QTrWbqIK/qX90rmoUlUwT9eMOLk2rKfcKZnlOz8

HOHt1om7HxuyPk6XdV4UTkff/9Mlw0Nh/TaW5Nc452sY6BHzsA==

=8P/T

-----END PGP MESSAGE-----

-----END KUMBAYA MESSAGE-----

-----BEGIN PGP SIGNATURE-----

Version: BCPG v1.45

iQEcBAABAgAGBQJMd2OWAAoJEEk29A+/2oWWPpAIAIuC+oECzsHlBotmrh6hBy39

Pp7yhZWocSbSuiq/zng4lKwJqWwvljG4T7n2kWX9MKqzjJ60f+3RRhwl+t6tOw3N

h4ZQuGbrgAPzKLWwUzjNXWnsZc5EDenDTHINIVnL0MEKEEIFhnKqVRkm6VkKG0FB

Etgs1hH2tN3bpZUx3RZ95FGEZnrRdNIyeGwJg76GUFTWyxoD1YJtdeGVcUmacng+

6qN1Q5Re2blvIqkccFSsJSNVmhI/9Pz+wsDpvNcgJJpQhdzRhD3lfM8CpXZ4rDCa

hW95BIdK15hYD6Rhd4666DGAwPWtmU0xLd2LvVtlKBUhxOjRjPnXxCeRBqeu2Ak=

=S9lb

-----END PGP SIGNATURE-----

{

   "_id": "02431575b260bcf27a0733c681000879",

   "_rev": "1-2717b14337855be35ba8859046280f5d",

   "data": "-----BEGIN KUMBAYA MESSAGE-----\nVersion: v1.0\nId: \nRevision: \n\n-----BEGIN PGP MESSAGE-----\nVersion: BCPG v1.45\n\nhQEMA0k29A+/2oWWAQf+LNctOfLyQLiTAo9MM3Ue3NJxy4r6aVT4UVK5upNa8Jpb\n7kf93/ROattgB+9yZjjjDcL4kbi0gMmKoT5mGh224j2pFkmct418124cDlplc8d0\nJdYHzUe2JKtSxgiIPCyusJVo6BoMVI1fiafJUDsIzXMjItMw7h34t6+bQOmtlI4u\nKk2FVJ6K9TK4llZ10PLXaowAsG8ek4KJP9ExFmNuItfxbHSKGFq7UW9W7teF045x\nupfr2tkBdFSbRrOnjr4la9uKMRDTAiJVwbVm90Ce79c33kToJ5VRUuv8ZjnXrJta\nnX8+eCVEsI55GD2BvWX8Dd235cJ+Bl7tWqisfNei+NJkAWK72bFeHqBx1Nzee38M\nIfBewEgdjz5jQpC4tMr7DPDJ5QTrWbqIK/qX90rmoUlUwT9eMOLk2rKfcKZnlOz8\nHOHt1om7HxuyPk6XdV4UTkff/9Mlw0Nh/TaW5Nc452sY6BHzsA==\n=8P/T\n-----END PGP MESSAGE-----\n\n-----END KUMBAYA MESSAGE-----",

   "signature": "-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.45\n\niQEcBAABAgAGBQJMd2OWAAoJEEk29A+/2oWWPpAIAIuC+oECzsHlBotmrh6hBy39\nPp7yhZWocSbSuiq/zng4lKwJqWwvljG4T7n2kWX9MKqzjJ60f+3RRhwl+t6tOw3N\nh4ZQuGbrgAPzKLWwUzjNXWnsZc5EDenDTHINIVnL0MEKEEIFhnKqVRkm6VkKG0FB\nEtgs1hH2tN3bpZUx3RZ95FGEZnrRdNIyeGwJg76GUFTWyxoD1YJtdeGVcUmacng+\n6qN1Q5Re2blvIqkccFSsJSNVmhI/9Pz+wsDpvNcgJJpQhdzRhD3lfM8CpXZ4rDCa\nhW95BIdK15hYD6Rhd4666DGAwPWtmU0xLd2LvVtlKBUhxOjRjPnXxCeRBqeu2Ak=\n=S9lb\n-----END PGP SIGNATURE-----\n",

   "folder": true,

   "name": "",

   "path": "/"

}

Performance