Download ppt - ICS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

Backpressure routing wikipedia , lookup

Computer security wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Distributed operating system wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

CAN bus wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Airborne Networking wikipedia , lookup

Kademlia wikipedia , lookup

Routing wikipedia , lookup

Peer-to-peer wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
Security

Michael Foukarakis ([email protected])
–
13/12/2004

A Survey of Peer-to-Peer Security Issues

Dan S. Wallach
Rice University, Houston, TX 77005, USA

Security






Introduction
Background, models and solution
Routing in p2p systems
Storage
Trust in p2p overlays
Conclusions
Introduction




Peer to Peer systems:
Gnutella & Napster: mainly for file sharing
CAN, Chord, Pastry, Tapestry: structured p2p
overlays
Designed for various services such as
network storage, content distribution, web
caching, searching and indexing (use of
routing tables)
Introduction



These systems are scalable, fault-tolerant
and provide effective load balancing
Making them secure is a challenge
Several types of attack:
–
–
–
–
Erroneous responses (false data/routes)
Abuse of resources (disk space/bandwidth)
“trust” issues (malicious code)
Other
Security






Introduction
Background, models and solution
Routing in p2p systems
Storage
Trust in p2p overlays
Conclusions
Background, models and solution




Abstract routing overlay model
Nodes and objects have unique identifiers
called nodeIds and keys respectively. Keys
are mapped to unique live nodes called roots
Nodes have routing tables and neighbor sets
Replica functions are used to map keys to
sets of replica keys
Background, models and solution



Pastry
Random assignment of nodeIds from a
circular 128-bit id space
nodeIds and keys are thought of as a
sequence of digits in base 2b (b is usually 4)
Routing is based on prefix
Background, models and solution
Pastry routing table
Background, models and solution
Message Routing Example
Source node: 65a1fc
Message has key: d46a1c
Message arrives at node
D467c4 after 4 hops
Background, models and solution




System model
The system has N nodes
Fraction of faulty nodes (f): 0 ≤ f < 1
Faulty nodes form clusters of independent
coalitions whose size is bounded by cN
where 1/N ≤ c < f
Parameter c is coalition independency factor
Background, models and solution


System model
All IP addresses are static
Communication is over Internet connections
–
–

Network-level: no routing through the overlay
Overlay-level: routing through the overlay using
corresponding protocol
Cryptographic techniques are used to
prevent data observation and modification
Security






Introduction
Background, models and solution
Routing in p2p systems
Storage
Trust in p2p overlays
Conclusions
Routing in p2p systems


The problem: a malicious overlay node can
corrupt, delete, deny access to or supply
stale copies of all replicas of an object
We need a secure routing technique
–
–
Successful delivery of a message even if some
nodes corrupt, drop or misroute it
Successful delivery to all legitimate replica roots
for a given key
Routing in p2p systems

Secure routing requires:
–
1)Securely assigning nodeIds to nodes

–
2)Securely maintaining the routing tables

–
Attackers can’t choose values of nodeIds assigned to
nodes they control
The fraction of faulty nodes in routing tables is less than
the fraction of faulty nodes in the entire overlay
3)Securely forwarding messages

At least one copy of a message sent to a key reaches
correct replica roots for the key with high probability
Routing in p2p systems



1)Secure nodeId assignment
Nodes might choose their identifiers
maliciously so that it is easy to censor
specific documents or appear on the routing
table of a victim node
Random assignment of nodeIds is necessary
Possible use of a server that is only
consulted when new nodes join
Routing in p2p systems



1)Secure nodeId assignment
What if a hostile node or coalition of nodes
try to get a large number of nodeIds?
Best solution: moderate the rate at which
nodeIds are given out
Other solutions: charging money for nodeId
certificates or external authentication
requirements
Routing in p2p systems




2)Robust routing primitives
Attackers control a fraction f of the nodes in the p2p
network
For h hops, the probability a route is free of
malicious nodes is (1 – f)h
Unfortunately, adversaries take advantage from
locality and they try to appear more often in their
neighbor's routing table
Constrained routing tables
Routing in p2p systems




3)Robust routing primitives
To increase the odds of a message reaching its
destination, we attempt redundant routes
In Pastry, source node sends to all its neighbors.
Then, each of them forwards the message to the
target node
If at least one route is successful, the message is
considered successfully delivered
For f ≤ 30% probability of success is 99.9%
Routing in p2p systems




Ejecting misbehaving nodes
That is an open problem
If a node is accused of cheating, proof needs
to be presented
It’s not clear how proof can be generated at
the routing layer
False positives
Security






Introduction
Background, models and solution
Routing in p2p systems
Storage
Trust in p2p overlays
Conclusions
Storage

Systems should be designed to limit how
much remote space one can consume
without providing a suitable amount of
storage for the use of others

The same applies to network bandwidth
Storage – Disk Space




A malicious node might choose to claim its
storage is full, when it actually has free space
What if we use a central authority again, just
like in nodeId assignment? Use of quotas
That way every request to store a document
would require a query to the quota authority
Bottleneck
Storage – Disk Space

Method 1: Attach Smartcards that provide
quota information to each node.
–

Problem: Impractical, can be hacked
Method 2: Ask your neighbors to act as quota
managers. Distribute quota information just
like sending messages.
–
Problem: No incentive for the neighbors
Storage – Disk Space

Nodes keep two logs
–
–


Local list of files that the node is storing on behalf
of remote nodes
Remote list of files that other nodes are storing on
behalf of the local node
Log entries contain IP addresses of remote
nodes and file sizes
The local list also contains the amount of free
disk space available
Storage – Disk Space



Of course, feeding false information to nodes
is a problem
Anonymous communication prevents this
This way a node does not know who is
checking on it
Storage – Disk Space



Cheating chains
Example: A claims it’s storing a file for B and
B confirms that, but no files are actually
stored. The same can happen with more
nodes
Random audits should be performed with
random keys. This way cheaters will be
eventually caught, but it is costly
Storage – Network Bandwidth







Bandwidth sharing
Micropayment systems
Perform query→spend a token
Receive a query→get a token
Surplus of tokens→refuse to service queries
High cost of evaluating validity of tokens
Data needs to be widely replicated
Security






Introduction
Background, models and solution
Routing in p2p systems
Storage
Trust in p2p overlays
Conclusions
Trust in p2p overlays


Spoofing of search results is possible
Solution: implementation of something like
Google’s PageRank technology
–
–
–

For Google, pages linked by “popular” pages are
themselves more popular
We could add this notion of popularity in p2p
systems using the audit log
Users themselves could rank the files
Code → Architecture to safely execute it
Security






Introduction
Background, models and solution
Routing in p2p systems
Storage
Trust in p2p overlays
Conclusions
Conclusions

Summary of security techniques
–
–
–

Cryptography
Redundant routing
Economic methods
Diversity of p2p systems → diversity of
solutions
Related documents
Distributed Information System 2010 SUMMARY
Distributed Information System 2010 SUMMARY
bryan-vsgc06
bryan-vsgc06
Abstract
Abstract
Automatic Payment/Withdrawal Switch Form (Account Number)
Automatic Payment/Withdrawal Switch Form (Account Number)
Modeling and Evaluation of Fibre Channel Storage Area Networks
Modeling and Evaluation of Fibre Channel Storage Area Networks
B.E. Sixth Semester
B.E. Sixth Semester
Topologies for Power Efficient Wireless Sensor Networks
Topologies for Power Efficient Wireless Sensor Networks
Link - Indico
Link - Indico
Computer Network
Computer Network
Chapter 4: Network Layer
Chapter 4: Network Layer
Distributed System Structures
Distributed System Structures
Brief Overview of Academic Research on P2P
Brief Overview of Academic Research on P2P