Ideas for security related research for IPFS

Hi all,

For a research project at the university I am looking at performing a security related research on IPFS. I am currently in the brain storming stage and looking for input that will help me in shaping the direction I go with the research.

Since I am also new to IPFS, I do not have the overview to quickly tell what could be interesting from a security point of view, hence why I am posting here.

To help with generating ideas, I have some couple of questions. I believe input from folks more familiar with ipfs ecosystem would help. Basically:

  1. What would you say the common attack vectors in IPFS are?
  2. What qualities of IPFS would you say makes it more secure?
  3. I believe the content addressing deals with ensuring integrity of data, how are confidentiality and availability addressed within IPFS
  4. Has there been known security exploit in IPFS? if so do kindly point them to me. Those could lead to interesting ideas
  5. Has IPFS been used for malicious purposes? if so do kindly point them to me. Those could lead to interesting ideas.
  6. How is privacy guaranteed?
  7. How are things like authentication and authorization handled?
  8. Any other ideas you think someone looking at security research of IPFS should consider :slight_smile:

Hoping to hear what folks think! Thanks :slight_smile:

1 Like

First: Welcome to this board and in the community :slightly_smiling_face:

Any work done to improve IPFS is highly appreciated!

  1. there’s currently work going on to make ipfs more censorship resistant.

This might be also an interesting topic to explore.

I did also a rough proposal how to increase the censorship resistant by hiding ipfs behind regular https/quic https/tcp traffic:

Best regards


For your queries

  1. DoS and InterPlanetary Storm Malware
  2. End to End Integrity.
  3. Confidentiality and availability can be addressed by following certain security protocols depending on your requirements.
  4. Only DDOS and Storm Malware but can be avoided using certain protocols.
  5. For malicious purposes? Not sure Or Not that I know of.
  6. Privacy cannot be guaranteed with any platform which you are using online.
  7. There are several threads related to this one
    IPNS Signature Authentication
  8. Just answered by @RubenKelevra

Hi @Ape21 thanks for the response. Just one little thing, can you expand more on what the “certain security protocols” are? Thanks

There so many that I can’t name them. You have to find them according to your needs. Search this forum.