Download A PRESENTATION ON SECURING THE PEER-TO

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
Document related concepts

AppleTalk wikipedia , lookup

Distributed firewall wikipedia , lookup

Backpressure routing wikipedia , lookup

Airborne Networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Distributed operating system wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Everything2 wikipedia , lookup

CAN bus wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Peer-to-peer wikipedia , lookup

Kademlia wikipedia , lookup

Transcript 
A PRESENTATION ON
RESOURCE DISCOVERY
IN THE
PEER-TO-PEER NETWORK
by
Aravind Renganathan
PAPERS…..

N.Daswani and H.Garcia-Molina, “PONG –
CACHE POISONING IN GUESS”, ACM
Conference On Computer and Communications
Security 2004

E.Damiani, S.De Capitani di Vimercati,
S.Paraboschi, P.Samarati and F.Violante,
“A REPUTION BASED APPROACH FOR
CHOOSING RELIABLE RESOURCE IN PEERTO-PEER NETWORK”, ACM Conference On
Computer and Communications Security 2002
Introduction…

What is Peer-to-Peer Network?



A sharing and delivery of user specified files among groups
of people who are logged on to a file sharing network. (1)
Peer-to-Peer, or abbreviated P2P, a type of network in
which each workstation has equivalent capabilities and
responsibilities. (2)
What is Resource Discovery?

In a P2P network, discovery of the required file (resource)
over the vast spread clients for downloading.
1 - www.mp3-cdburner.com/MP3-glossary.shtml
2 - http://www.webopedia.com/TERM/p/peer_to_peer_architecture.html
“PONG – CACHE POISONING IN GUESS”
N.Daswani and H.Garcia-Molina
Pong-Cache Poisoning In GUESS

Proposes Policy On…..


Resource Discovery that are resilient to attacks by
Malicious Node
Algorithms Proposed (Remodeling GUESS)







Seeding Policy (SP)
Introduction Protocol (IP)
Ping Probe and Pong Choice Policy (PPP and PCP)
Cache Replacement Policy (CRP)
ID Smearing Algorithm (IDSA)
Dynamic Network Partitioning (DNP)
Malicious Node Detection (MND)
Gnutella UDP Extension for
Scalable Searches (GUESS)

Nodes Cache…
 Cache contains IDs of the
available node in the network.
Node are classified as


Good Node
Malicious Node
ID’s are classified as




Live
Poisoned
Dead
Cache Management..
 Node’s cache are updated using the
“PING” and “PONG” messages
 Ping: Query to the available Node’s
Cache to find any new node added
 Pong: Reply to the Ping from the node’s
cache of the updated network information
Threats to GUESS…

What is Pong Cache Poisoning?


Contaminating the good Node’s cache with the Malicious
node’s ID.
Pong cache Poisoning leads to…



Denial of Service (DOS)
 A good node may query a malicious node, and may not
receive a response
Inauthentic Results
 Query a malicious node and may receive a incorrect
answers to the query.
Propagated Cache Poisoning
 A good node may respond to a ping with a malicious ID
We Modify the GUESS to….


Maximize the number of live node in the
Pong cache
To mitigate the Pong Cache poisoning


Limit the number of cache entries with the
malicious node ID
Reduce the rate of poisoning occurs
Policies Introduced in GUESS…

Seeding Policy (SP)

Seeding is done when a new node wants to join the
network
 Various Seeding Policies..




Random Friend (RF) – New nodes seeds its cache with a random
nodes cache
Popular Node (PN) – New node seeds from a node N1, where N1
is a “popular” node
Trusted Directory (TD) – New node seeds from a node that
guarantees to be a non-dead. A “Trusted Directory” node is
responsible to maintain non-dead node’s list.
Introduction Protocol (IP)

Here new born node ping to an existing node’s so that the
existing node makes update the new born node in its
cache.

Note: SP should be used in tandem with IP to Achieve liveliness of
the network.

Ping Probe and Pong Cache Policy

Ping Probe Policy (PPP)



Pong Cache Policy (PCP)


Used to decide which node to ping
It helps in identifying dead nodes
Determines to which |S| node id’s to respond for a ping
operation
 |S| - Subset of node IDs in the Pong cache
Cache Replacement Policy (CRP)

When pong arrives a subset of the cache is
replaced with new pong IDs. Choices are done by



Random
Most Recently Used (MRU)
Least Recently Used (LRU)

Note: MRU CRP reduces the poisoning rate

ID Smearing Algorithm (IDSA)

When node ID repeats in many pong message,
it implies




Node may be a malicious node
Good node that is overloaded
In this case we drop that ID from the Pong cache.
In IDSA a node ID can repeats itself in 1/n pong message.
n – No: of nodes in the system.


Note: IDSA limits the no: of poisoned entries
Dynamic Network Partitioning (DNP)

In this we partition the network that enhances the search.




J-length of ID
Size of partition is 2p : 0<=p<=j
No: of partition is 2j-p
When j=p there is no need of DNP
 Note: when DNP is used with IDSA it mitigates the poisoning

Malicious Node Detection (MND)

We try to detect a node is malicious or not based
on our previous experiences.


Note: MND is required where Malicious Node > Pong
Cache Size.
Modified GUESS…
“A REPUTION BASED APPROACH FOR
CHOOSING RELIABLE RESOURCE IN
PEER-TO-PEER NETWORK”
E.Damiani, S.De Capitani di Vimercati,
S.Paraboschi, P.Samarati and F.Violante
A REPUTION BASED APPROACH FOR CHOOSING
RELIABLE RESOURCE IN PEER-TO-PEER NETWORK

Paper Proposes…



Reputation Sharing of a client by which resource
requestor can assess the reliability of the resource
offered.
This achieved over the existing P2P protocol by
piggybacking.
Algorithm Proposes…

Combined reputations of servant and resources
which provides informative polling and overcomes
limitation of servant based systems.
Servants and Resources

Resources


File shared over the network
Servants - Nodes


Servers when sharing resources
Client when requesting for resources
XREP Protocol…

Basic Assumption



Require a servant to be associated with a servant_id,
obtained using a secure hash function
Resource identifier to be associated with the resource
content (using hash function on the content)
Experience Repositories

Resource repository
 (resource_id, value)



Resource_id – specify the resource
Value – binary value specifying good or bad
Servant repository
 (servant_id, num_plus, num_minus)


Servant_id – peer has associated with the servants
No: successful and unsuccessful downloads
XREP Protocol Phases…





Resource Searching
Resource Selection and Vote Polling
Vote Evaluation
Best Servant Check
Resource Downloading
XREP Phases…
XREP Security Consideration

Attacks on P2P

Self Replication



At any point of time a node can change it name or
resource name.
This is overcome by collecting votes on both the
servant and the resource
Man in the Middle Attack

A -> D-> B




A – client
B – server
D – Malicious node
This is overcome during the vote evaluation and best
servant check phase.
XREP Security Consideration

Attacks on Reputation based system

Pseudo spoofing
 Exploits the use of pseudonyms


ID Stealth
 Malicious node generates multiple replies for a query with
the stolen ID and its own ID


This is prevented in Best Servant Check Phase
Another attack is that Malicious node stealing the Hash of a
good resource


This is discovered in the Vote Evaluation Phase
This becomes ineffective as the downloaded file hash does not
match
Shilling
 The attacker creates a multiple users with real IP address
trying to influence the voting
 This invariably increases the cost for the attacker

This is made by the TrustVote/TrustVoteReply
Advantages of Combining Both Servant
and Resource Reputations.







Reputation’s Life Cycle
Impact on peers anonymity
Cold-start
Performance Bottleneck
Blacklisting
Data Storage and Bandwidth requirements
Threshold Effects
Thank You
Related documents
Problem 3.4 For the circuit in Fig. P3.4: (a) Apply nodal analysis to
Problem 3.4 For the circuit in Fig. P3.4: (a) Apply nodal analysis to
Circulatory System: Blood system transporting materials in the body
Circulatory System: Blood system transporting materials in the body
Math 155. Reading 3. Preview to Section 1.11: The Heart. Section
Math 155. Reading 3. Preview to Section 1.11: The Heart. Section
4.2 KeyTerms
4.2 KeyTerms
Control of the Heart Rate (students)
Control of the Heart Rate (students)
Heartbeat
Heartbeat
Here we would like to find the three indicated node... method. So I’ll begin at node 1.
Here we would like to find the three indicated node... method. So I’ll begin at node 1.
Chapter 10.2 Part 2
Chapter 10.2 Part 2
to be levied on AMS
to be levied on AMS
Who Wants to Be a Millionaire?
Who Wants to Be a Millionaire?
Energy Aware Networks
Energy Aware Networks