Exploring the storj network: a security analysis

ABSTRACTThe recent decade has seen a tremendous increase in volumes of data consumed and generated. Towards storing such data, companies typically make use of centralised cloud storage systems which allow for on-demand scalability and a pay-per-use model. These storage providers, while presenting many benefits, have several downsides in terms of (i) posing as a single point of failure (e.g. data breaches), (ii) featuring the potential for misuse of confidential or personal data, as well as (iii) being not nearly as competitive as they could be which has resulted in inflated prices. In recent years, along with blockchain-based technologies, novel distributed storage platforms such as Storj and Sia, have emerged that tackle these issues by enabling a dynamic storage market between hosts and renters. In comparison to traditional Peer-to-Peer (P2P) storage solutions (e.g. BitTorrrent), these platforms rely on incentivization-based P2P hosting which ensures file availability, robustness and price competitiveness, while also preserving confidentiality and ownership through end-to-end encryption. In this paper, we present a brief overview of such storage platforms, as well as provide two major contributions in the form of (i) an architectural overview, as well as (ii) a high-level security exploration on the dev./test environment of Storj. The latter has resulted in the discovery of a DoS vulnerability, which we experimentally evaluated to be highly feasible. We have contacted Storj and they assessed that their production system1 is not vulnerable to such an attack.