Monitoring Data Requests in Decentralized Data Storage Systems: A Case Study of IPFS
Key: balduf2022icdcs
Author: Leonhard Balduf, Sebastian Henningsen, Martin Florian, Sebastian Rust, Björn Scheuermann
Date: July 2022
Kind: In proceedings
Keywords: ipfs, p2p, monitoring, bitswap
Abstract: Decentralized data storage systems like the Interplanetary Filesystem (IPFS) are becoming increasingly popular, e. g., as a data layer in blockchain applications and for sharing content in a censorship-resistant manner. In IPFS, data is hosted by an open set of nodes and data requests are broadcast to connected peers in addition to being routed via a distributed hash table (DHT). In this paper, we present a passive monitoring methodology that exploits this design for obtaining data requests from a significant and upscalable portion of nodes. Using an implementation of our approach for the IPFS network and data collected over a period of fifteen months, we demonstrate how our methodology enables profound insights into, among other things: the size of the IPFS network, activity levels and structure, and content popularity distributions. We furthermore present that our methodology can be abused for attacks on users’ privacy. For example, we were able to identify and successfully surveil the IPFS nodes corresponding to public IPFS/HTTP gateways. We give a detailed analysis of the mechanics and reasons behind implied privacy threats and discuss possible countermeasures.
View Full paper (PDF) | Download Full paper (PDF)

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.