Malicious Uplink uploading invalid data to Storage Node?

Hi everyone!

I was asking myself this question, but couldn’t find answer in the whitepaper.

So what happen if the Uplink client maliciously upload incorrect pieces to Storage Nodes? Could the Satelite detect this? If not, then does it mean some malicious actor can mess with our audit system?

Thanks,
Mathy.

1 Like

There are a few protections against such uplinks.

First, for every upload the uplink must sign the uploaded piece hash. This way the storage node can prove to the satellite that this is exactly what the uplink requested to upload. During audits the satellite may request that piece hash signed by uplink.

Similarly, the storage node after verifying the hash that uplink sent matches the data it uploaded, responds to the uplink with a piece hash with storage node signature. Without such piece hash signature the uplink cannot commit the data to the satellite. In other words storage node must give approval that it has received the data.

3 Likes

Thanks for the reply!

As I uderstand, the Satelite doesn’t know even the hash of individual pieces, so that at the audit time, the Satelite has to download all pieces and check for “outliners”.

So does the Satelite only check for hashes of the pieces during audit?

1 Like

As I uderstand, the Satelite doesn’t know even the hash of individual pieces, so that at the audit time, the Satelite has to download all pieces and check for “outliners”.

Yes, we do not store the piece hashes on the satellite.

To verify whether the piece hash matches piece, then yes, it will need to download the whole piece from the storage node. Satellite doesn’t need to download all the pieces for the segment, just the storage node being audited suffices.

However, most audit verifications download a single share from all storagenodes and then checks whether they can be recombined. In case of problems, we fall back to piece verification.

Of course, we are always looking for more effective measures for auditing, so the exact details may change.

So does the Satelite only check for hashes of the pieces during audit?

  • Satellite checks piece hash signed by storage node when uplink tries to commit the segment.
  • Satellite checks piece hash signed by uplink during audit.
2 Likes