All detected attacks are logged with attack_type, agent_id, ctx_id, and timestamp. Query via GET /audit.
| Attack | Detection Mechanism | GRG Layer | Log Field |
|---|---|---|---|
| Token Replay Reuse of a previously valid PoT token |
seen_tokens HashMap — duplicate token hash detected on verify | Application | REPLAY |
| Timestamp Drift NTP manipulation, clock skew injection |
±60s window check against server time; Roughtime chain_digest bound into GRG commitment — any timestamp deviation causes commitment mismatch | chain_digest → FORGE | DRIFT / FORGE |
| Signature Forgery Fake issuer, tampered token body |
Ed25519 signature verification against published pubkey — cryptographically unforgeable without issuer private key | Ed25519 | FORGE |
| Flood / DDoS Request rate abuse, resource exhaustion |
Per-IP and per-agent rate limiting (requests/min); excess requests rejected with 429 | Application | FLOOD |
| Ordering Attack Out-of-sequence token submission |
Fleet cross-reference — token sequence validated across agent set | Application | ORDERING |
| Cross-Pool Replay Token from Pool A submitted to Pool B |
Context-bound cryptographic commitment — cross-pool commitment mismatch is cryptographically certain | Commitment | FORGE |
| Sybil Attack Multiple fake agent IDs from same node |
Service context commitment binding — each context has a unique cryptographic key; cross-context token reuse fails verification | Commitment | FORGE |
| GPS Spoofing Falsified satellite time signals |
Roughtime chain spans ≥3 independent time sources; single-source GPS spoof creates chain spread violation → commitment diverges | chain_digest → FORGE | FORGE |
| NTP Injection Rogue NTP server, synchronized clock bias |
Roughtime chain_digest is GRG-committed alongside payload — manipulated timestamp shifts chain_digest, breaking Ed25519 signature | chain_digest → Ed25519 | FORGE |
| BGP Hijacking Route manipulation, man-in-the-middle |
Intercepted tokens cannot be re-signed without issuer private key — any modification invalidates Ed25519 signature | Ed25519 | FORGE |
| DNS Poisoning Redirected API endpoint, fake issuer |
Issuer pubkey is pinned and published out-of-band; tokens from any other key fail Ed25519 verification | Ed25519 | FORGE |
| SDN Flow Manipulation Packet reordering via SDN controller |
ORDERING cross-reference detects sequence anomalies; GRG integrity layer recovers partial data corruption | GRG + ORDERING | ORDERING |
| Protocol Violation Malformed token, missing fields |
Schema validation on all fields; multi-layer ECC detects bit-level corruption | ECC | INVALID |
All attacks ultimately converge to a commitment mismatch, caught at the Ed25519 layer.
Input Payload (P)
└─ Compression layer
└─ Erasure coding layer
└─ Error correction layer
└─ Context commitment layer (ctx_id bound)
└─ GRG_Commitment (cryptographic hash over payload + chain_digest)
└─ Ed25519 signature over GRG_Commitment
curl "https://api.kenosian.com/audit?ctx_id=<ctx_id>&window=3600" \ -H "X-API-Key: <your-api-key>"
{
"ctx_id": "dlr-poc",
"window_secs": 3600,
"total_requests": 142,
"byzantine_total": 3,
"byzantine_ratio": 0.021,
"attack_breakdown": {
"REPLAY": 2,
"DRIFT": 1,
"FORGE": 0,
"FLOOD": 0,
"ORDERING": 0,
"INVALID": 0
}
}
tttps_attack_total{type="replay"} 2
tttps_attack_total{type="drift"} 1
tttps_attack_total{type="forge"} 0
tttps_byzantine_ratio 0.021
tttps_valid_count 139
# API access by request — contact peter@kenosian.com
# 1. Health check
curl https://api.kenosian.com/health
# 2. Generate PoT token
curl -X POST https://api.kenosian.com/pot/generate \
-H "X-API-Key: <your-api-key>" \
-H "Content-Type: application/json" \
-d '{"agent_id":"<agent_id>","ctx_id":"<ctx_id>"}'
# 3. Verify + Byzantine detection
curl -X POST https://api.kenosian.com/pot/verify \
-H "X-API-Key: <your-api-key>" \
-H "Content-Type: application/json" \
-d '{"token":"<token>","agent_id":"<agent_id>","ctx_id":"<ctx_id>"}'
# 4. Audit report
curl "https://api.kenosian.com/audit?ctx_id=<ctx_id>&window=3600" \
-H "X-API-Key: <your-api-key>"