Gladius is an automated marketplace powered by blockchain offering users: (i) the opportunity to make money from renting out their spare bandwidth and storage and (ii) the opportunity to purchase accelerated content delivery and DDoS protection services.
Changing Circumstances in the DDoS Landscape
Gladius was founded in response in to the spike in DDoS attacks related to the growth in Internet of Things (IoT) botnets and significant increased investment in digital currencies. In a recent Medium post, the company referred to SecureList’s May 2017 report on the huge growth in DDoS attacks in Q1 2017, from 86 to 994 every day. Gladius notes that DDoS attacks amounted to a loss of $150 billion in 2016, and the costs for businesses of protecting against such attacks.
Gladius’ mission is to employ the spare computing power and bandwidth available globally to mitigate attacks; and “address the needs of an ever changing Internet landscape to meet the requirements set forth by these market driving forces”.
The Content Delivery Market and the Need for Speed
In Gladius’ White Paper, it stresses the market’s need for speed. It goes into depth on e-commerce and one of the barriers to companies success online being slow speeds, saying “Long loading times on sites make the site seem untrustworthy to most consumers and insecure”. They stress that the human attention span is only eight seconds, and that because of this, all sites need to make their websites as fast as possible.
Gladius: The Mission
Gladius states its essential mission as the creation of “very fault tolerant and inexpensive pools, which are tailored to a client’s specific needs”, which can accelerate content and filter traffic. Businesses can pay for exactly what they use in terms of DDoS protection; and customers can put their own high-speed (and sometimes high cost) Internet connections to profitable use.
Furthermore, Gladius intends “to negate the harm brought by new vulnerabilities and take advantage of the same style of decentralized network that attackers have long used. Gladius is concerned primarily with protection from DDoS attackers and the implementation of a high quality CDN.”
Development Business Plan
Phase I: Build an Initial Content Distribution and DDoS Protection Network
The initial phase is the creation of a CDN and DDoS mitigation service which employs blockchain technology, distributed mining pools and smart contracts.
Phase I is made up of 3 stages:
- Proof of Concept phase – showcase the network’s basic functions while not going into production mode; this will culminate in a pre token sale.
- A Closed production period – in which anyone can download and run the client node, and limited websites can purchase DDoS protection;
- Making both services openly available (once the Gladius Network can support a large attack)
Development Goals | Phase 1 (ETA: March 2018)
- Smart Contract V2.0
- Gladius Client V2.0 – Full pool integration, headless client mode, and improved blockchain integration
- Gladius Node Pools V2.0 – Improved blockchain integration, and the start of a vetting process for new nodes
- Fully Encrypted communications
Phase II: Develop Network to a Commercial Scale
Gladius’ goal is to make the network commercially viable on a wide scale, aiming for “a network large enough to take on hundreds, if not thousands, of websites”. This will involve increasing the amount of data throughput to handle a greater demand. Gladius node pools will also be improved with full vetting and rating processes, and it will expand its smart contract services.
Development Goals | Phase 2 (ETA: August. 2018)
- Remove centralized server
- Smart contracts for discovery and identi cation services -Interface implementation for add-on modules
- Gladius Node Pools V3.0 – full vetting and rating process -Complete auto-payment and bid/ask system for the marketplace
Phase III: Add Additional Features to the Gladius Network
Depending on funding obtained, the goal of this phase is for Gladius to add other CDN features, such as static content caching.
Development Goals | Phase 3 (ETA: December 2018)
- Release open source network builder for closed-systems
- Complete multi-pool support for protection purchasers
- Add novel CDN techniques to further increase load speeds
- Stretch Goals
How Does Gladius Work
Anyone owning a computer can download and run the Gladius peer client in the background to rent out their unused bandwidth and storage space, and in doing so, earn Gladius Tokens (GLA). Users (or nodes) will be part of localized verification pools, which will then handle a continuous stream of requests to validate website connections and block DDoS attacks.
Nodes can sell their GLA back to websites; and websites looking for DDoS protection can sign up for Gladius protection. They will then have access to a live request graph from which they can monitor connections, protection and speed deltas.
There will be configuration settings for both user groups to automatically toggle the service based upon various factors, such as other programs running, time of day, etc.
Cost is set by the pool provider and split proportionally between the nodes in the pool with the potential of a certain percentage being maintained by the load balancer to incentivise the upkeep and maintenance of high quality pools.
Pools can modify prices on a need basis (adjust for the value of the Gladius Token).
Token System: the GLA
Gladius’ platform will run on the Gladius Token, or GLA. A fixed supply of tokens will be issued during the Token Creation period, and no further tokens will be created. They will be immediately available for use on the Gladius network system.
The token will be used by websites to purchase their DDoS protection and CDN services. The node owner will receive the majority of their fees, with a small portion (currently unspecified) kept by Gladius for “protocol development and support”.
The node owners will essentially act as miners and be incentivized with GLA for their support of the network. They will be recompensed for their individual work in their own social mining pools. As opposed to standard blockchain, mining will be rewarded for sharing bandwidth and storage space as opposed to computing power and ownership of the currency.
Max Sale Issuance: 34,000,000
GLA Max Token Issuance: 48,200,000
GLA Max Token Market Cap: $12,500,000
Max Market Cap: $20,500,000
GLA Creation Ratios
Public release: 60%
Operations: 15% (part of this supply of GLA will be kept for potential future funding).
Gladius Network Architecture
The platform’s network architecture is comprised of several sections:
- Ethereum Blockchain: a centralized database for storing the proxies and their service providers (users pay for access).
- Custom Proxy: a series of clients or nodes that act as a distributed traffic validator. These nodes will also cache site content into thousands of tiny parts able to communicate with each other in fractions of sections. The nodes will be Points of Presence (PoP) within the Gladius network; a client will be directed to the node closest to them using a location based DNS server.
- Protected & Enhanced Service – to enable protection, nameservers are changed to the ones linked to the custom proxy.
As with any DDoS protection system, the IP address of the server is kept hidden. The Gladius network does this by having a final proxy mask for the IP from the nodes in the pool. Additionally, the network will have a built-in reputation system to prevent malicious pools from forming. Pools will have the ability to approve individual nodes entering it, to help build a secure experience.
How the Pools Work
The database of pools will be maintained on the blockchain and modified by miners. The inherent associated costs incentivizes nodes to be serious and honest. A node must have an Ethereum smart contract to join a pool. The pool can deny the request if it believes the node would not be beneficial based on its general demographic information (e.g. location, available bandwidth, storage space).
The reputation of each pool will be determined by key information, including user reports, protection provided over time, total pool age, and total pools size. Bandwidth will be allocated based on the aggregate of the nodes available bandwidth plus the maximum bandwidth that the pool receives. Maximum cache size is determined by the aggregate of storage space made available by nodes.
Having this information available lets websites choose which pools are best suited for their needs. Websites could pay more for a trusted pool with nodes close to their target audience, for instance.
Each pool will have a DNS service that distributes the traffic to the nodes for verification. The nameservers will be protected from most attacks with firewall rules as they are only serving simple content. Pools will then be able to decide how they want to distribute their resources to serve the needs of their customers.
There will also be a final proxy server (or servers) run by the pool manager to mask the true IP of the destination from a potentially malicious node/s.
This model is highly scalable and acceleration benefits by being geographically based.
There is only one small point of failure to the system: as the majority of the network architecture is hidden, it makes it easy to see where an attacker would target, allowing the pool to use appropriate defenses at the single point of entry.
How Does the Software Work
The software node client is a cross-platform desktop application that runs in the background of the node’s device to communicate with associated pools and verify forwarded traffic requests in real-time. The process is securely encrypted. Once the cycle is complete, the node is awarded a portion of the Gladius Tokens.
Nodes can be part of multiple, meaning they can accumulate more GLA (depending on the capacity of their bandwidth, storage, and computing power).
Once a node is approved, it will exchange public keys with the pool manager so that it can securely transfer information, such as IP address and location. Then the node ID will be appended to the blockchain as a member of the pool.
Each node can communicate with other about potentially malicious traffic or the threat of floods. This strategy can allow a pool to block traffic before an attack happens.
Requesting DDoS Protection
To request DDoS protection, individuals and companies go onto the Gladius web portal and add a new request. This is communicated with selected pools and activated in near real-time through Ethereum smart contracts. The user only needs to change their DNS settings to match the ones Gladius generates for them.
The client adds the provided domain/s to their primary nameservers and their site/s is protected behind the pool. If the contract is not renewed, the domains can expire, effectively ending service. Payment is sent only when the successful completion of a contract has taken place.
The web client looks up your pool and allows you to initiate a smart contract with the client. An agreement is made between the pool, agreeing to provide the client services, and the client, agreeing to pay them in exchange.
Inside each pool, Gladius nodes will perform a number of services to ensure that requests are not malicious and prevent attacks, including Layer 7 and beyond:
- Rate-Limiting (block IP addresses that are making requests above a certain threshold)
- IP Address Matching (group similar IPs that have known associations with each other)
- Intelligent Geo Matching (Gladius will analyze requests for geographic anomalies)
- Browsing Behavior (Gladius will pick out dangers based on information gathered from the request)
New prevention software will be added on a continuous basis to guard against new types of DDoS attack.
Comparison with Traditional CDNs
Gladius will have a pay-as-you-go service, which enables websites to customize their protection to their needs, removing the middleman of traditional CDNs. They will provide a tiered service, in which “if you don’t get DDoS’ed, you don’t have to pay as much”.
Gladius’ marketplace of protection pools has the goal of individuals competing to provide protection at the lowest prices, leading to “a continuous downward trend” for prices per Gb on the platform.
In addition, because of the decentralized nature of Gladius’ network, a single point of failure cannot take it down. They compare this to Cloudfare’s “centralized” network, saying that the thousands of different pools that will provide service in Gladius’ platform would have to be hit simultaneously to “have the same effect as DDoSing Cloudflare”.
In addition, because the Gladius network will have many relatively low bandwidth notes spread over a wide geographic area, a potential client will be connected to a node that is very close to them. Even though a client will have less capacity than a data center, the advantage is its geographic proximity.
Each node and pool will develop a reputation based on various factors, which will lead to better performing nodes receiving higher rewards and providing better service.
Who is Behind Gladius
The Gladius Team emerged in early 2017 from a University of Maryland College Park student team who specialized in computer science, blockchain technology, and cybersecurity and built the initial core architecture that became the Gladius Network.
Along with growth in the enabling technology, the team has also grown in size and experience, allowing them to quickly create a working prototype.
The founder of Gladius is Max Niebylski and the co-founders are Alexander Godwin and Marcelo McAndrew.