Detecting and Recovering from Overlay Routing. Distributed Hash Tables. MS Thesis Defense Keith Needels March 20, 2009

Similar documents
Secure Routing in Peer-to-Peer Distributed Hash Tables

Detecting and Recovering from Overlay Routing Attacks in Peer-to-Peer Distributed Hash Tables

NodeId Verification Method against Routing Table Poisoning Attack in Chord DHT

Routing Protocols of Distributed Hash Table Based Peer to Peer Networks

Problems in Reputation based Methods in P2P Networks

CSE 486/586 Distributed Systems

: Scalable Lookup

Should we build Gnutella on a structured overlay? We believe

Content Overlays. Nick Feamster CS 7260 March 12, 2007

March 10, Distributed Hash-based Lookup. for Peer-to-Peer Systems. Sandeep Shelke Shrirang Shirodkar MTech I CSE

Building a low-latency, proximity-aware DHT-based P2P network

Defending against Eclipse attacks on overlay networks

08 Distributed Hash Tables

The Effect of Replica Placement on Routing Robustness in Distributed Hash Tables

Chord : A Scalable Peer-to-Peer Lookup Protocol for Internet Applications

Security Considerations for Peer-to-Peer Distributed Hash Tables

Evaluation of the p2p Structured Systems Resistance against the Starvation Attack

CompSci 356: Computer Network Architectures Lecture 21: Overlay Networks Chap 9.4. Xiaowei Yang

Simulations of Chord and Freenet Peer-to-Peer Networking Protocols Mid-Term Report

Scalability In Peer-to-Peer Systems. Presented by Stavros Nikolaou

Last Time. CSE 486/586 Distributed Systems Distributed Hash Tables. What We Want. Today s Question. What We Want. What We Don t Want C 1

Distributed Systems. 17. Distributed Lookup. Paul Krzyzanowski. Rutgers University. Fall 2016

Distributed Hash Tables

Fault Resilience of Structured P2P Systems

Distributed Hash Table

Early Measurements of a Cluster-based Architecture for P2P Systems

A Structured Overlay for Non-uniform Node Identifier Distribution Based on Flexible Routing Tables

Chord: A Scalable Peer-to-peer Lookup Service For Internet Applications

416 Distributed Systems. Mar 3, Peer-to-Peer Part 2

C 1. Last Time. CSE 486/586 Distributed Systems Distributed Hash Tables. Today s Question. What We Want. What We Want. What We Don t Want

Peer to Peer I II 1 CS 138. Copyright 2015 Thomas W. Doeppner, Rodrigo Fonseca. All rights reserved.

Semester Thesis on Chord/CFS: Towards Compatibility with Firewalls and a Keyword Search

Finding Data in the Cloud using Distributed Hash Tables (Chord) IBM Haifa Research Storage Systems

Sybil-resistant DHT routing

Peer-to-Peer Systems and Distributed Hash Tables

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University

DHT Routing Using Social Links

Today. Why might P2P be a win? What is a Peer-to-Peer (P2P) system? Peer-to-Peer Systems and Distributed Hash Tables

Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

Athens University of Economics and Business. Dept. of Informatics

Security for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818

Searching for Shared Resources: DHT in General

Searching for Shared Resources: DHT in General

SPROUT: P2P Routing with Social Networks

Architectures for Distributed Systems

Securing Chord for ShadowWalker. Nandit Tiku Department of Computer Science University of Illinois at Urbana-Champaign

PEER-TO-PEER (P2P) systems are now one of the most

PEER-TO-PEER NETWORKS, DHTS, AND CHORD

A Directed-multicast Routing Approach with Path Replication in Content Addressable Network

L3S Research Center, University of Hannover

Flooded Queries (Gnutella) Centralized Lookup (Napster) Routed Queries (Freenet, Chord, etc.) Overview N 2 N 1 N 3 N 4 N 8 N 9 N N 7 N 6 N 9

Finding Data in the Cloud using Distributed Hash Tables (Chord) IBM Haifa Research Storage Systems

CS 640 Introduction to Computer Networks. Today s lecture. What is P2P? Lecture30. Peer to peer applications

Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications

Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis

Veracity: Practical Secure Network Coordinates via Vote-Based Agreements

DISTRIBUTED HASH TABLE PROTOCOL DETECTION IN WIRELESS SENSOR NETWORKS

Goals. EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Solution. Overlay Networks: Motivations.

L3S Research Center, University of Hannover

EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Overlay Networks: Motivations

Distributed Hash Tables: Chord

CPSC 426/526. P2P Lookup Service. Ennan Zhai. Computer Science Department Yale University

Availability for DHT-based Overlay Networks with Unidirectional Routing

EE 122: Peer-to-Peer Networks

A Chord-Based Novel Mobile Peer-to-Peer File Sharing Protocol

Distributed Hash Tables

Trust Management in Wireless Networks

Routing Table Construction Method Solely Based on Query Flows for Structured Overlays

MULTI-DOMAIN VoIP PEERING USING OVERLAY NETWORK

SplitQuest: Controlled and Exhaustive Search in Peer-to-Peer Networks

An Expresway over Chord in Peer-to-Peer Systems

P2P: Distributed Hash Tables

A Framework for Peer-To-Peer Lookup Services based on k-ary search

Distributed Systems Final Exam

Dynamic Load Sharing in Peer-to-Peer Systems: When some Peers are more Equal than Others

Overlay Networks: Motivations. EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Motivations (cont d) Goals.

Ch06. NoSQL Part III.

Telematics Chapter 9: Peer-to-Peer Networks

Content Overlays (continued) Nick Feamster CS 7260 March 26, 2007

12/5/16. Peer to Peer Systems. Peer-to-peer - definitions. Client-Server vs. Peer-to-peer. P2P use case file sharing. Topics

*Adapted from slides provided by Stefan Götz and Klaus Wehrle (University of Tübingen)

EE 122: Peer-to-Peer (P2P) Networks. Ion Stoica November 27, 2002

Comparing Chord, CAN, and Pastry Overlay Networks for Resistance to DoS Attacks

Peer-to-Peer (P2P) Systems

Distributed Hash Tables (DHT)

Towards Scalable and Robust Overlay Networks

Peer Clustering and Firework Query Model

Reminder: Distributed Hash Table (DHT) CS514: Intermediate Course in Operating Systems. Several flavors, each with variants.

Diminished Chord: A Protocol for Heterogeneous Subgroup Formation in Peer-to-Peer Networks

CIS 700/005 Networking Meets Databases

Application Layer Multicast For Efficient Peer-to-Peer Applications

Understanding Chord Performance

Proactive Caching for Better than Single-Hop Lookup Performance

Introduction to Peer-to-Peer Systems

Dorina Luminiţa COPACI, Constantin Alin COPACI

*Adapted from slides provided by Stefan Götz and Klaus Wehrle (University of Tübingen)

ReDS: A Framework for Reputation-Enhanced DHTs

CSE 124 Finding objects in distributed systems: Distributed hash tables and consistent hashing. March 8, 2016 Prof. George Porter

Peer to peer systems: An overview

Purpose and security analysis of RASTER

Transcription:

Detecting and Recovering from Overlay Routing Attacks in Peer-to-Peer Distributed Hash Tables MS Thesis Defense Keith Needels March 20, 2009

Thesis Information Committee: Chair: Professor Minseok Kwon Reader: Professor Alan Kaminsky Observer: Professor Warren R. Carithers Website: http://www.csh.rit.edu/~keithn/thesis Publication: ACM Symposium on Applied Computing, March 2009 http://www.cs.rit.edu/~jmk/papers/secchord.pdf

Distributed Hash Tables (DHTs) Distributed hash tables (DHTs) provide a lookup mechanism for peer-to-peer networks. Unlike centralized server approaches, DHTs are fully distributed. Unlike flooding approaches, DHTs are scalable. Peers in the network (nodes) and keys for desired items are both mapped to identifiers. DHT protocols define a structure for a p2p overlay network and a protocol to follow for finding nodes responsible for storing information about keys that map to a range of the network s identifier space.

Chord [1] - A popular DHT Chord s identifiers are 160 bit long integers. Nodes and keys are hashed to identifiers using SHA-1. The identifier of a node is the hash of its IP address. Each key s value is stored on the first node whose identifier succeeds the key s identifier. Identifiers are arranged in a ring. the identifier that succeeds 2 160-1 is 0. Keys may be hashed in different ways to map them to multiple nodes replication. Chord is efficient and scalable! Nodes must keep O(log n) routing entries. Lookups take O(log n) hops.

Chord Node and Key Organization (m = 10)

Chord Lookups Each node has a reference to the node half way across the ring, quarter way across the ring, 1/8 th of the way across the ring, and so on. I have a reference to the nodes responsible for key (myid + 2 i ) for i = 0 to m-1, where m is the identifier bit length (160 in Chord). Lookup requests are routed to the closest node I have a reference to whose identifier precedes the key. Routing tables in Chord are referred to as finger tables. We will refer to each (myid + 2 i ) value for i = 0 to m-1 as the finger pointer for table entry i.

Chord Finger Table (m = 10)

Chord routing example (m = 10)

Security Issues In order for Chord lookups to succeed, all nodes on the route to the destination must cooperate and follow the protocol correctly. Malicious nodes can easily drop, misroute, and modify routing requests. A relatively small percentage of compromised nodes can disrupt a large percentage of lookup requests.

Attacks Considered for this Thesis We will assume that a minority of nodes in the system are compromised. We are not defending against a Sybil attack. There are other mechanisms for defending against massive amounts of nodes joining to launch a Sybil attack. [2][3] We are considering the case where a relatively small subset of nodes are compromised. We also assume that nodes cannot choose their identifiers. Chord calls for nodes to hash their IP addresses to find their identifiers. We can alternatively have a CA grant identifiers. [4][5][6] Both mechanisms can be verified by other nodes.

Attacks Considered for this Thesis (continued) Here are some of the things our attackers can do: Drop lookup requests. Misroute lookup requests, either while colluding or not colluding with other malicious nodes. Try to modify lookup requests. Be selective in which lookup requests they attack. It only takes a small fraction of nodes to compromise a large fraction of lookups. In a 1,000 node system with an average hop count of 5, if 25% of nodes are compromised 76% of all lookups will be compromised.

Defense Overview 1. Use iterative routing instead of recursive routing. Recursive routing gives us no control over the routing process. 2. Validate each hop on the route to the destination using locally calculated statistics about the network. 3. When a hop fails validation, backtrack around the node that provided that hop.

Revised Finger Table In order to compute statistical data for hop validation, we need to store additional information in our finger table. We will now store the identifiers of the predecessors and successors of our finger table nodes. New finger table row format: Index Node Identifier and Reference Node Predecessor Identifier and Reference Node Successor Identifier and Reference

Iterative Routing Iterative routing means the node performing the lookup queries each node on the path to the destination for the next node on the route. Instead of asking for the next hop to the destination, we will ask for a node s entire finger table and find the next hop ourselves. We cache finger tables throughout the instance of a single lookup request so that we don t have to request it again while backtracking.

Backtracking If a hop fails validation, we backtrack to the last node on the path and use its finger table to find the second closest preceding node to the destination. The node that provided the bad hop will never be used again for this lookup. If we backtrack to a node again, we use its third closest preceding node (and so on.) If a router has no more hops to give, we backtrack again and stop using that router for the rest of the lookup request.

Backtracking Illustrated Solid nodes are uncompromised, hollow nodes are compromised.

Bypassing Nodes If all of the possible next hop nodes provided by a routing node give hops that fail validation, but the routing node happens to have a reference to the destination node and that hop passes validation, then we skip right to the destination. This allows us to avoid what would otherwise be an impassable cluster of compromised nodes. This also allows us to find the destination node if its predecessor is compromised.

Bypassing Illustrated

Hop Validation We use the additional data stored in our finger table to calculate the average distance between nodes in our Chord ring as well as the standard deviation. More on this in a minute If the distance between a finger table pointer and a finger table node is too many standard deviations over the calculated average distance between nodes in the system, that hop fails validation. The number of standard deviations over the average that we consider acceptable is a configurable parameter. We refer to this as the standard deviation parameter.

Distance Samples

Validation Illustrated Solid nodes are uncompromised, hollow nodes are compromised.

Validation Illustrated Solid nodes are uncompromised, hollow nodes are compromised.

Calculating Statistics Malicious nodes in our finger table can pollute our distance sample set with large values. Malicious nodes cannot give samples that are too small. We can verify that the claimed successor/predecessor of a node is valid and is in the network. Large samples will cause us to overestimate the distance between nodes and lead to more false negatives during hop verification.

Distance Sample Pruning The distance between node IDs on a Chord ring (or any ring DHT) is exponentially distributed as long as identifiers are randomly distributed throughout the ring. [6] With an exponential distribution, the average of all samples is equal to the standard deviation of those samples. To prune, we continually remove the largest distance samples until the standard deviation of those samples is within range of some multiple of the average. This multiple is a configurable parameter called the pruning parameter.

SYSTEM EVALUATION

Attack: Dropping routing requests With this type of attack, a node simply refuses to route our lookup request. This should be the easiest attack for us to recover from. We don t need to rely on our malicious hop detection algorithm, only our modified backtracking routing algorithm. We can test the backtracking algorithm independently of the hop detection algorithm. This will show how our system would perform with 100% accurate malicious hop detection. Experiment: 1000 nodes, varying percentage of malicious dropper nodes, infinite standard deviation parameter (malicious hop detection disabled).

100 Lookup Success Rate with Dropper Nodes (1000 Node System) 90 80 Percent of Look kups that were Successful 70 60 50 40 30 20 10 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Dropping Lookup Requests Modified Default Hop verification disabled (Standard deviation parameter = infinity)

Average Hop Count with Dropper Nodes (1000 Node System) 25 20 Averag ge Hop Count 15 10 5 0 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0.5 Percent of Nodes Dropping Lookup Requests Hop verification disabled (Standard deviation parameter = infinity)

Attack: Randomly routing lookup requests With this type of attack, a malicious node routes lookup requests to another random malicious node. Unlike with the previous attack, it now appears that our attacker is cooperating. Now we have to use the malicious hop detection algorithm, but detection should not be too difficult since most random hops will have much larger finger pointer to node distances than the locally computed average distance between nodes. Experiment: 1000 nodes, varying percentage of randomly routing nodes, standard deviation parameter = 3.0, pruning parameter = 1.0.

100 Lookup Success Rate with Randomly Routing Nodes (1000 Node System) 90 80 Percent of loo okups that were successful 70 60 50 40 30 20 10 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Randomly Misrouting Lookup Requests to Eachother Success - Modified Deceived - Modified Success - Default Standard deviation parameter = 3.0, Pruning parameter = 1.0

20 Average Hop Count with Random Router Nodes (1000 Node System) 18 16 14 Averag ge Hop Count 12 10 8 6 4 2 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Randomly Misrouting Lookup Requests to Eachother Standard deviation parameter = 3.0, Pruning parameter = 1.0

Attack: Colluding sub-ring This is an attack where malicious nodes route requests to the closest preceding malicious node in the network. The attacking node maintains a finger table of only compromised nodes and provides that finger table when requested. This attack will be more difficult to detect than the random attack since the attacker is now doing the best that it can to appear to be cooperating. Experiment: 1,000 and 10,000 nodes, varying percentage of compromised nodes, standard deviation parameter = 1.75 and 3.0 with each network size, pruning parameter = 1.0.

100 Lookup Success Rate With Colluding Sub-ring Nodes (1,000 Nodes) 90 80 70 Successfu ul Lookups (Percent) 60 50 40 30 20 10 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Colluding Modified - SD_PARAM of 1.75 Modified - SD_PARAM of 3.0 Default Pruning parameter = 1.0

14 Average Hop Count With Colluding Sub-ring Nodes (1000 Node System) 12 10 Aver rage Hop Count 8 6 4 2 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Colluding Modified - SD_PARAM of 1.75 Modified - SD_PARAM of 3.0 Default Pruning parameter = 1.0

Colluding attack data points Experiment Malicious % Modified Success % 1,000 nodes, 3.0 standard deviation parameter 10,000 nodes, 3.0 standard deviation parameter 1,000 nodes, 3.0 standard deviation parameter 10,000 nodes, 3.0 standard deviation parameter Unmodified Success % Difference 14% 92% 56% 36% 14% 93.5% 43% 50.5% 26% 77.5% 44.5% 33% 26% 76% 38% 38%

Measuring Parameter Impact In order to obtain a better understanding of how the standard deviation parameter and pruning parameter affect the performance of the system, I ran experiments where only those parameters were modified. The results are shown over the next few slides. But first, a review of the two parameters

Parameter Review Parameter Description Effect of Modifying Standard Deviation Parameter Pruning Parameter Controls how many standard deviations above the average node distance a finger pointer to node distance is allowed to be during hop validation. Controls how many multiples of the average node distance the standard deviation of node distances is allowed to be while pruning. A higher value will decrease false positives and increase likelihood of finding the correct destination. However, a higher value also increases false negatives and increases the average hop count. Too low and the calculated average node distance will be too low, resulting in more false negatives and failed lookups. Too high and the calculated average will be too high, resulting in more false positives and incorrect lookups.

100 Effect of Standard Deviation on Lookup Success (1000 nodes, 25% Colluding) 90 80 70 ful Lookups (Percent) Sucecssf 60 50 40 30 20 10 0-1 1 3 5 7 9 Standard Deviation Parameter Successful lookups Deceived lookups Failed lookups Pruning parameter = 1.0

Effect of Standard Deviation on Hop Count (1000 nodes, 25% colluding) 30 25 20 Averag ge Hop Count 15 10 5 0-1 1 3 5 7 9 Standard Deviation Parameter Pruning parameter = 1.0

100 Effect of Pruning on Lookup Success (1000 nodes, 25% Colluding) 90 80 70 Perce ent of All Lookups 60 50 40 30 20 10 0 0.5 0.7 0.9 1.1 1.3 1.5 1.7 1.9 Pruning Parameter Successful lookups Deceived lookups Failed lookups Standard deviation parameter = 1.75

Conclusion In the face of naïve attacks, the modified algorithm works well. In the face of a sophisticated attack, the modified algorithm s success rate drops but is still significantly better than the unmodified Chord algorithm. Our algorithm does not require a great deal of extra information and does not fundamentally change the underlying overlay structure. This means our solution should easily combine with other Chord enhancements.

Questions?

References (presentation only) 1. Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. Proc. Of ACM SIGCOMM 01, San Diego, California (2001) 2. Danezis, G., Lesiewski-Laas, C., Kaashoek, M. F., Anderson, R.: Sybil-resistant DHT routing. Proc. Of the 10 th European Symposium on Research In Computer Security. Milan, Italy (2005) 3. Dinger, J. and Hartenstein, H.: Defending the Sybil Attack in P2P Networks: Taxonomy, Challengers, and a Proposal for Self- Registration. Proc. Of the First International Conference on Availability, Reliability, and Security. Washington, DC (2006) 4. Wallach, D.: A Survey of Peer-to-Peer Security Issues. Proc. Of International Symposium on Software Security, Tokyo, Japan (2002)

References (continued) 5. Sit, E. and and Morris, R.: Security Considerations for Peer-to- Peer Distributed Hash Tables. Proc. Of the First International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, MA (2002) 6. Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, D.: 6. Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, D.: Security for Peer-to-Peer Routing Overlays. Proc. Of the Fifth Symposium on Operating Systems Design and Implementation (OSDI '02), Boston, MA (2002)

SUPPLEMENTAL SLIDES

Data for 100 nodes Not used in the paper EXTRA DATA

Effect of Standard Deviation on Hop Count - 100 nodes, 25% colluding 12 10 8 Hop Count Average 6 4 2 0-1 1 3 5 7 9 Standard Deviation Prameter

0.45 Effect of Standard Deviation on False Positive/Negative Rates - 100 nodes, 25% colluding 0.4 0.35 0.3 Fraction of All Hop Tests 0.25 0.2 0.15 0.1 0.05 0-1 1 3 5 7 9 Standard Deviation Parameter False Positive Rate False Negative Rate

100 Effect of Pruning on Lookup Success - 100 nodes, 25% Colluding 90 80 70 t of All Lookups Percent 60 50 40 30 20 10 0 0.5 0.7 0.9 1.1 1.3 1.5 1.7 1.9 Pruning Parameter Successful lookups Incorrect lookups Failed lookups

250 Effect of Pruning Parameter on Estimated Network Size -100 nodes, 25% Colluding ID / Average Node Distance) Estimated Network Size (Max I 200 150 100 50 0 0.5 0.7 0.9 1.1 1.3 1.5 1.7 1.9 Pruning Parameter

100 Lookup Success Rate - 100 Node System 90 80 70 l Lookups (Percent) Successful 60 50 40 30 20 10 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Colluding Modified Default

100 Effect of Standard Deviation on Lookup Success - 100 nodes, 25% Colluding 90 80 70 Percen nt of All Lookups 60 50 40 30 20 10 0-1 1 3 5 7 9 Standard Deviation Parameter Successful lookups Incorrect lookups Failed lookups

DHT OVERVIEW

Peer-to-Peer (P2P) Systems Distributed systems without central servers. Every participating computer (node) is both a client and a server. Nodes are connected to each other in an overlay network. Can be used for more than file sharing! Distributed file systems DNS (and any other naming system) Newsgroups Web Caching

Peer-to-Peer Systems The key function of a peer-to-peer system is to find nodes who have a resource that we are looking for. Bad approaches: Napster Not fully P2P: Central server Gnutella Slow, not scalable, lookup failures The solution? Distributed Hash Tables! (DHTs)

Distributed Hash Tables (DHTs) Traditional hash tables map key values to array indices in constant time. Distributed hash tables map key values to nodes. We would like to only keep track of a small subset of the nodes in the DHT, so we ll have to route lookups through other nodes. We want to find the node responsible for a key with as few hops through other nodes as possible.

Traditional Hash Table 3. Retreive OfficeArray[1400] 2. Return 1400 1. HASH(Kaminsky)

Distributed Hash Table 7. RETREIVE(Kaminsky) 2. Return 1400 1. HASH(Kaminsky)

Security Issues with DHTs Since I can only maintain information about some subset of the nodes in the system, I have to rely on others to route my lookup requests to their destination. What if one of the nodes on the route is an attacker? They could drop my request They could return the wrong node or a malicious node They could send bad routing information to other nodes and much more.

Example Attack 5. RETREIVE(Kaminsky) Kaminsky is the key 1400 is the identifier 2. Return 1400 1. HASH(Kaminsky)

ALGORITHMS

Revised Closest Preceding Node Algorithm n.next_hop(id, index, nodeid, fingertable) uc = 0 if id in range (nodeid, fingertable[1]): if index == 1: return fingertable[1] else: return null bypassnode = null for i = m down to 1: if id in range (fingertable[i].predecessor, fingertable[i]]: bypassnode = fingertable[i] if fingertable[i] in range (n, id]: if (i == m or fingertable[i]!= fingertable[i+i]): uc = uc + 1 if (uc == index): return fingertable[i] return bypassnode

Revised Find Successor Algorithm n.find_sucessor(id, hoplim): routerstates = new STACK of <id, fingertable, index> tuples blacklist = new LIST of nodes attempts = 0 routerstates.push(n.identifier, n.fingertable, 0); while!routers.isempty() and attempts < hoplim: currouterstate = routerstates.pop() currouterstate.index++ nexthop = n.next_hop_forward_bypass(id, currouterstate.index, currouterstate.id, currouterstate.fingertable); if (nexthop!= null and verify_hop(currouterstate.id, nexthop.id) and!routerstates.contains(nexthop)) or currouterstate.id = n.id: return null else: if id in range (n.id, nexthop.id): return nexthop else if blacklist.contains(nexthop.id): routerstates.push(curstate) else: routerstates.push(currouterstate) routerstates.push(<nexthop.id, nexthop.fingertable, 0> attempts++ blacklist.add(currouterstate.node.id)

Hop Verification Algorithm n.verify_hop(firstnodeid, secondnodeid, indexused) fingerpointer = (firstnodeid + pow(2, indexused)) % 2 m distance = secondnodeid fingerpointer % 2 m acceptabledistance = AVG_DISTANCE + (sd_mod * STD_DISTANCE) if (distance > acceptabledistance): return false else: return true

Calculate Statistics Algorithm n.calculate_statistics (distancesamples (LIST of <BigInt>), pruningparameter) done = false average = stdeviation = 0 distancesamples.sortascending() while (!done): average = AVG(distanceSamples); stdeviation = STDEV(distanceSamples); if stdeviation > average * pruningparameter: distancesamples.remove(distancesamples.size() 1) else: done = true return (average, stdeviation)

JOIN PROTOCOL

Joining the Network This is the one scenario where trust must exist. We must, out of band, retrieve a set of uncompromised nodes. To join, we ask each node in the bootstrap list to perform a lookup of each of our finger pointer identifiers (nodeid+2 i for i from 0 to m-1). For each entry, we accept the node that was closest to our finger table entry.

MISCELLANEOUS

Security Issues (continued) If the average hop count is h and the fraction of malicious nodes is f, then the probability of a route containing no malicious nodes is (1-f) h With Chord, the average hop count of an n node network is approximately ½ log 2 n. With a 1,000 node network, this means the average hop count will be around 5. If 25% of the nodes in a 1,000 node Chord network are compromised, the probability of a routing request avoiding any malicious node is 0.75 5, or 24%. An attacker only needs to control 25% of the nodes in a 1,000 node system to disrupt 76% of lookups!

Dropped routing request result The system performs well in the presence of malicious dropper nodes. When half of all nodes are compromised, the unmodified Chord algorithm finds the correct node 6% of the time, while our modified algorithm finds the correct node 94.7% of the time. The average hop count increases slowly at first, but then more quickly once over 25% of nodes are compromised: 0% compromised: 4.84 hops 25% compromised: 9.15 hops 50% compromised: 20.50 hops

Random routing attack results With 50% of nodes compromised, the modified algorithm finds the correct node 91% of the time while the unmodified algorithm still only finds it 6% of the time. Note the hop count differences between the dropper attack and random router attack: With no nodes compromised, the modified algorithm adds about one hop to every lookup due to false positives with the malicious hop detection algorithm. With 50% of nodes compromised, our average hop count is 3 hops less than with the malicious dropper nodes. This is due to false negatives that result in us reaching the wrong destination and not backtracking to find the correct one.

Colluding sub-ring attack results With less than 25% of nodes compromised, the modified algorithm significantly outperforms the unmodified algorithm. This difference is not as great when more than 25% are compromised. The larger the network, the greater the margin is that the modified algorithm outperforms the default protocol. Although the modified algorithm outperforms the default protocol for this type of attack, it does not perform as well as it does for the previous two types of attack.

Parameter Test Results No big surprises in these test results. The optimal pruning parameter value is around 1.0. This makes sense. With a random node distribution, the average distance between nodes should equal the standard deviation.

0.45 Effect of Standard Deviation on False Positive/Negative Rates (1000 nodes, 25% colluding) 0.4 0.35 0.3 Fractio on of All Hop Tests 0.25 0.2 0.15 0.1 0.05 0-1 1 3 5 7 9 Standard Deviation Parameter False Positive Rate False Negative Rate Pruning parameter = 1.0

2500 Effect of Pruning Parameter on Estimated Network Size (1000 nodes, 25% Colluding) Estimated Network Size (M Max ID / Average Node Distance) 2000 1500 1000 500 0 0.5 0.7 0.9 1.1 1.3 1.5 1.7 1.9 Pruning Parameter Standard deviation parameter = 1.75

100 Lookup Success Rate with Colluding Sub-ring Nodes (10,000 Nodes) 90 80 70 Successfu ul Lookups (Percent) 60 50 40 30 20 10 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Colluding Modified - SD_PARAM of 1.75 Modified - SD_PARAM of 3.00 Default Pruning parameter = 1.0

18 Average Hop Count With Colluding Sub-ring Nodes (10,000 Node System) 16 14 12 Ave erage Hop Count 10 8 6 4 2 0 0 5 10 15 20 25 30 35 40 45 50 Percent of Nodes Colluding Modified - SD_PARAM of 1.75 Modified - SD_PARAM of 3.00 Default Pruning parameter = 1.0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback