Security for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818

Similar documents
Peer-to-Peer Computing

Peer-to-peer systems and overlay networks

Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

Searching for Shared Resources: DHT in General

Searching for Shared Resources: DHT in General

P2PNS: A Secure Distributed Name Service for P2PSIP

Debunking some myths about structured and unstructured overlays

Introduction to Peer-to-Peer Systems

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Should we build Gnutella on a structured overlay? We believe

Peer-to-Peer Systems. Network Science: Introduction. P2P History: P2P History: 1999 today

Kademlia: A peer-to peer information system based on XOR. based on XOR Metric,by P. Maymounkov and D. Mazieres

Making Gnutella-like P2P Systems Scalable

Distributed Systems. 17. Distributed Lookup. Paul Krzyzanowski. Rutgers University. Fall 2016

The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla

Detecting and Recovering from Overlay Routing Attacks in Peer-to-Peer Distributed Hash Tables

DISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES

EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Overlay Networks: Motivations

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University

CompSci 356: Computer Network Architectures Lecture 21: Overlay Networks Chap 9.4. Xiaowei Yang

S/Kademlia: A Practicable Approach Towards Secure Key Based Routing

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University

Distributed Hash Table

Peer-to-Peer Networks

On Demand secure routing protocol resilient to Byzantine failures

Overlay Networks: Motivations. EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Motivations (cont d) Goals.

Chapter 10: Peer-to-Peer Systems

Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis

L3S Research Center, University of Hannover

Distributed Systems. 16. Distributed Lookup. Paul Krzyzanowski. Rutgers University. Fall 2017

Practical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov

Symphony. Symphony. Acknowledgement. DHTs: : The Big Picture. Spectrum of DHT Protocols. Distributed Hashing in a Small World

Content Overlays. Nick Feamster CS 7260 March 12, 2007

: Scalable Lookup

CS514: Intermediate Course in Computer Systems

Peer- Peer to -peer Systems

Problems in Reputation based Methods in P2P Networks

Interdomain Routing Design for MobilityFirst

An On-demand Secure Routing Protocol Resilient to Byzantine Failures. Routing: objective. Communication Vulnerabilities

Lecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011

An On-demand Secure Routing Protocol Resilient to Byzantine Failures

Overlay and P2P Networks. Structured Networks and DHTs. Prof. Sasu Tarkoma

08 Distributed Hash Tables

Eclipse Attacks on Overlay Networks: Threats and Defenses

Security and Anonymity

GNUnet Distributed Data Storage

Peer-to-Peer Systems and Distributed Hash Tables

Today. Why might P2P be a win? What is a Peer-to-Peer (P2P) system? Peer-to-Peer Systems and Distributed Hash Tables

Distributed Systems 26. Mobile Ad Hoc Mesh Networks

Byzantine Fault Tolerance

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Mul$cast and Anycast. Outline today TODAY 3/11/14. Mike Freedman COS 461: Computer Networks. IP Anycast

P2P Network Structured Networks: Distributed Hash Tables. Pedro García López Universitat Rovira I Virgili

Veracity: Practical Secure Network Coordinates via Vote-Based Agreements

Sybil defenses via social networks

Overlay Networks for Multimedia Contents Distribution

Performance and dependability of structured peer-to-peer overlays

Goals. EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Solution. Overlay Networks: Motivations.

EE 122: Peer-to-Peer Networks

Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li

! Naive n-way unicast does not scale. ! IP multicast to the rescue. ! Extends IP architecture for efficient multi-point delivery. !

LECT-05, S-1 FP2P, Javed I.

Distributed Systems Final Exam

Securing Chord for ShadowWalker. Nandit Tiku Department of Computer Science University of Illinois at Urbana-Champaign

Failure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18

Detecting and Recovering from Overlay Routing. Distributed Hash Tables. MS Thesis Defense Keith Needels March 20, 2009

Architectures for Distributed Systems

Early Measurements of a Cluster-based Architecture for P2P Systems

A Survey of Peer-to-Peer Content Distribution Technologies

Motivation. The Impact of DHT Routing Geometry on Resilience and Proximity. Different components of analysis. Approach:Component-based analysis

March 10, Distributed Hash-based Lookup. for Peer-to-Peer Systems. Sandeep Shelke Shrirang Shirodkar MTech I CSE

The Impact of DHT Routing Geometry on Resilience and Proximity. Acknowledgement. Motivation

Distributed Systems Multicast & Group Communication Services

Ossification of the Internet

Telematics Chapter 9: Peer-to-Peer Networks

NodeId Verification Method against Routing Table Poisoning Attack in Chord DHT

Scalable overlay Networks

Motivation for peer-to-peer

Distributed Hash Tables

Dynamo: Amazon s Highly Available Key-value Store. ID2210-VT13 Slides by Tallat M. Shafaat

Overlay Networks. Behnam Momeni Computer Engineering Department Sharif University of Technology

Lecture 8: Application Layer P2P Applications and DHTs

Exploiting Route Redundancy via Structured Peer to Peer Overlays

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Naming WHAT IS NAMING? Name: Entity: Slide 3. Slide 1. Address: Identifier:

Practical Byzantine Fault

Overlay and P2P Networks. Unstructured networks. PhD. Samu Varjonen

A Common API for Structured Peer-to- Peer Overlays. Frank Dabek, Ben Y. Zhao, Peter Druschel, Ion Stoica

Practical Byzantine Fault Tolerance. Castro and Liskov SOSP 99

A Scalable Content- Addressable Network

ECE 435 Network Engineering Lecture 10

Advantages of P2P systems. P2P Caching and Archiving. Squirrel. Papers to Discuss. Why bother? Implementation

Wireless Network Security Spring 2015

Mobile Routing : Computer Networking. Overview. How to Handle Mobile Nodes? Mobile IP Ad-hoc network routing Assigned reading

Byzantine fault tolerance. Jinyang Li With PBFT slides from Liskov

CS 138: Practical Byzantine Consensus. CS 138 XX 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

Distributed Information Processing

ANYCAST and MULTICAST READING: SECTION 4.4

EE 122: Peer-to-Peer (P2P) Networks. Ion Stoica November 27, 2002

T Computer Networks II. Mobility Issues Contents. Mobility. Mobility. Classifying Mobility Protocols. Routing vs.

Introduction to P2P Computing

Transcription:

Security for Structured Peer-to-peer Overlay Networks By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818 1 Acknowledgement Some of the following slides are borrowed from talks by Yun Mao (University of Pennsylvania) 2 Outline Background & Model of P2P Network How to achieve Secure Routing How to use Secure Routing Conclusions 3 1

What is the paper about and not about Not about traditional attacks SYN flood, IP Spoofing, Buffer overflow, DoS attacks on resource access Keep in mind these attacks still work About unique security problems in P2P Goal: Secured Routing Ensure that when a correct node sends a message to a key, the message reaches all correct replica roots for the key with very high probability. 4 What s new in P2P for security? Nodes are MUCH more powerful Assign nodeid themselves Act as a router: has routing table, forwarding messages.. Fully Decentralized no authorization and authentication You can trust nobody Dynamic & self-organizing 5 Typical Routing Model Routing Given a key, locate the corresponding node with high probability Pastry, Tapestry Internet topology-aware in routing-table Chord, CAN Routing-table constrained Performance and security assumption: nodeid uniform random distribution 6 2

Fault model Byzantine failure model N: number of total nodes f: (0<=f<1) the fraction of nodes that may be faulty cn: (1/N<=c<=f) bound size of independent coalitions 7 Network model Assumption: no NAT, no DHCP Network level and Overlay level Adversary has complete control over network-level communication Adversaries may delay messages between correct nodes, but we assume that any message will go through a no faulty route in time D with Prob. P D 8 Possible Attacks and Counter Measures Attackes On nodeid assignment On routing maintenance On using routing table to forward messages Counter measures Securely nodeid assignment Secure routing table maintenance Secure message forwarding 9 3

(1) NodeID Assignment Attack What if attacker can choose nodeid? Surround a victim node Partition a p2p network become the key holder (root) Self ID generation Random (freenet), bad hash IP (chord), bad(?) Fundamental assumption: there is a uniform random distribution of nodeids that cannot be controlled by attacks 10 Solution: Certified NodeIDs Move ID generation to trusted CAs Centralized: survival under Sybil attack Multiple CAs working offline, open a connection when needed Include network address money or puzzles: prevent attacker get too many nodeids or too quickly 11 Review CA solutions Not a new problem. Pros Weaker than those used to verify web sites. Don t have to bind with realworld ID Cons Doesn t work with small overlay network Doesn t work with dynamic nodeid (CAN ) 12 4

(2) Attacks on maintaining routing table Fake the closest node Intercept probe message, let a near node to reply This attack is harder when c is small Can be ruled out if bind IP addr to nodeid Supply faulty routing update Faulty info propagate (1-f)*f+f*1>f Routing algorithm related Pastry VS Chord 13 Solution: Constrained Routing Table Use two routing tables: Pastry+Chord First: normal locality-aware Pastry routing table Slot(I,d): share first l digits, has value d in l+1 digit Second: Constrained Pastry routing table Slot(l,d): closest nodeid to a point p p: share first l digits, has value d in l+1 digit, and has the same remaining digit First is efficient, second is for backup 14 New Algorithms to Initialize and Maintain the routing table Bootstrap nodes Use a set of diverse bootstrap nodes It s big enough to ensure one is correct Procedure Pick up a set of bootstrap nodes and ask them to route using its nodeid as the key No-faulty bootstrap node uses secure forwarding techniques Collects all the proposed neighbor set from each of bootstrap nodes, pick the closed as its neighbor Pick the route entry with minimal delay as the localityaware routing table Initialize each entry of constrained routing table as the live nodeid closest to the desired point p in the id space (secure forwarding) 15 5

Review: constraints on routing tables Idea: trade complexity (2 routing tables) to both security and performance, but Complexity implies low performance Maintain more routing tables Expensive when building constrained routing table if b>1 unless more complex Complexity implies insecurity How to guarantee bootstrap node secure? Faulty routing tables still diffuse: (1- f)*f+f*1>f 16 (3) Attack on forwarding Simply ignore forwarding msgs Failed if ANY one in routing is faulty Prob. of success routing between two correct nodes: (1-f) h-1 (No conspiring needed) Root node for a key maybe faulty Prob. of success routing to a root : (1-f) h (h bounded to O(logN)) E.g. f=10%, successful routing=65% 17 Probability of Routing in Pastry 18 6

Solution on forwarding The most important part of Secure Routing Basic Idea Apply failure test to determine if routing worked correctly. If no, use redundant and/or iterative routing. Goal accomplish in reasonable time/expense 19 Routing failure test Takes a key and a set of prospective replica roots for the key Return negative if the set of roots is likely to be correct for the key Otherwise, return positive Timeout to detect ignoring routing msgs 20 Routing failure test Observation on average density of nodeid The average density of nodeids per unit of `volumn` in the id space is greater than the average density of faulty nodeids Basic idea Comparing density of nodeids in the neighbor set of the sender VS the density of nodeids close to the replica roots of the destination key. 21 7

Failure test in Pastry Density (N live nodes, D=2^128 nodeid space) average numerical distance u between consecutive nodeids in the neighbor set. Distance between normal consecutive nodeids Independent exponential random variable with mean D/N, Distance between fault consecutive nodeids Independent exponential random variable with mean : D/(c*N), Failure Test: u rn <u p * gamma u p : average numerical distance between consecutive NodeIds in neighbor set of p u np : average numerical distance between consecutive nodeids in rn Fail cases: False positive: alpha<=fun (gamma, n, k) False negative: beta<=fun (gamma, n, k, c) n is the sample used to compute u p, k is the number of sample to compute u np Independent of N, provided k<<n 22 Accuracy of detection 23 Exceptions Collect nodeid certificates that have left the overlay increase the density Mix both faulty and good nodes. Have to contact all prospective replicas nodeid suppression attack Idea: make it hard to calculate on density Solution: +alpha, -beta (assume more failure!) 24 8

Simulation: without suppression 25 Simulation: with suppression 26 Tradeoff between alpha and beta 27 9

Redundant routing Invoked when failure test is positive Route copies of the msgs over multiple routes toward each of the dest key s replica roots. Expectation: at least one copy is correct CAN & Tapestry Ask the neighbors to forward the copies of the message to the replica keys. Pastry & Chord anycast 28 Redundant Routing Simulation (30%, 0.999) 29 Checked iterative routing Alternative to redundant routing Basic idea The sender starts by looking up the next hop in its routing table and setting a variable n to point to that node Then asks the node for the next hop and update n to point to the returned value The process repeated until reach the destination key Expensive than recursive but more secure Add hop tests to make iterative routing stronger Better for constraint routing table 30 10

Review on the solution No perfect solution. Protocol specific Tricky in failure test But subject to more tricky attacks! Performance is low Trade off security for improved performance 31 Now we have Secure Routing Ensure that when a correct node sends a message to a key, the message reaches all correct replica roots for the key with very high probability. Slow, expensive Use common routing as possible as we can 32 When to use secure routing Joining Or point to all faulty nodes Inserting Or adversary arrange for all replicas Reading No. use self-certifying data. 33 11

Summary Pastry NodeID generation Routing table maintenance Forwarding CA Act like chord Constrained routing table Failure test redundant routing Checked Iterative routing 34 Conclusions Keep it as simple as possible It is a hard problem no perfect solution now Harder when conspiracy Have to trust something CAs, bootstrap nodes 35 Discussion: beyond this paper Given a nodeid, how to actively detect whether it is malicious or not? How to block the faulty nodes? Why not trust more? by certification by credit history or feedback 36 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback