A Security Analysis of the Emerging P2P-Based Personal Cloud Platform MaidSafe

The emergence of decentralized crypto currencies such as Bitcoin and the success of the anonymizing network TOR lead to an increased interest in peer-to-peer based technologies lately--not only due to the prevalent deployment of mass network surveillance technologies by authorities around the globe. While today's application services typically employ centralized client/server architectures that require the user to trust the service provider, new decentralized platforms that eliminate this need of trust are on their rise. In this paper we critically analyze a fully decentralized alternative to today's digital ecosystem--MaidSafe--that drops most of the commonly applied principles. The MaidSafe network implements a fully decentralized personal data storage platform on which user applications can be built. The network is made up by individual users who contribute storage, computing power and bandwidth. All communication between network nodes is encrypted, yet users only have to remember a username and password. To guarantee these objectives, MaidSafe combines mechanisms such as Self-Authentication, Self-Encryption, and a P2P-based public key infrastructure. This paper provides a condensed description of MaidSafe's key protocol mechanisms, derives the underlying identity and access management architecture, and evaluates it with respect to security and privacy aspects.