Download A Secure Distributed Hash Table - PDOS-MIT

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
Document related concepts

CAN bus wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Kademlia wikipedia , lookup

Routing wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
A Sybil-Proof
Distributed Hash Table
Chris Lesniewski-Laas
M. Frans Kaashoek
MIT
28 April 2010
NSDI
http://pdos.csail.mit.edu/whanau/slides.pptx
Distributed Hash Table
• Interface: PUT(key, value), GET(key)→value
• Route to peer responsible for key
GET( sip://alice@foo )
PUT( sip://alice@foo, 18.26.4.9 )
The Sybil attack on open DHTs
• Create many pseudonyms (Sybils), join DHT
• Sybils join the DHT as usual, disrupt routing
Brute-force attack
Clustering attack
P2P mania!
Sybil state of the art
Chord, Pastry, Tapestry, CAN
The Sybil Attack [Douceur], Security Considerations [Sit, Morris]
Restricted tables [Castro et al]
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
BFT [Rodrigues, Liskov]
SPROUT, Turtle, Bootstrap graphs
Puzzles [Borisov]
CAPTCHA [Rowaihy et al]
SybilLimit [Yu et al]
SybilInfer, SumUp, DSybil
(This work)
P2P mania!
Contribution
• Whānau: an efficient Sybil-proof DHT protocol
– GET cost: O(1) messages, one RTT latency
– Cost to build routing tables: O(√N log N)
storage/bandwidth per node (for N keys)
– Oblivious to number of Sybils!
• Proof of correctness
• PlanetLab implementation
• Large-scale simulations vs. powerful attack
Division of labor
• Application provides integrity
• Whānau provides availability
• E.g., application signs values using private key
• Proc GET(key):
Until valid value found:
Try value = LOOKUP(key)
Repeat
Approach
• Use a social network to limit Sybils
– Addresses brute-force attack
• New technique: layered identifiers
– Addresses clustering attacks
Two main phases
• SETUP: periodically build tables using social links
• LOOKUP: use tables to route efficiently
key
value
PUT(key, value)
Social Network
PUT Queue
key
SETUP
LOOKUP
Routing Tables
value
Social links created
Social links maintained over Internet
Honest
region
Social network
Attack edges
Sybil
region
…
Random walks
c.f. SybilLimit [Yu et al 2008]
Building tables using random walks
c.f. SybilLimit [Yu et al 2008]
What have we accomplished?
• Small fraction (e.g. < 50%) of
bad nodes in routing tables
• Bad fraction is independent
of number of Sybil nodes
key
value
PUT(key, value)
Social Network
PUT Queue
key
SETUP
LOOKUP
Routing Tables
value
Routing table structure
• O(√n) fingers and O(√n) keys stored per node
• Fingers have random IDs, cover all keys WHP
• Lookup: query closest finger to target key
Zyzzyva
Finger tables:
(ID, address)
Aardvark
Kelvin
Keynes
Key tables:
(key,value)
From social network to routing tables
• Finger table: randomly sample O(√n) nodes
• Most samples are honest
ID
IP address
Honest nodes pick IDs uniformly
A
B
Z
C
Y
D
X
E
W
F
V
U
G
T
H
I
S
J
R
K
Q
L
P
O
N
M
Plenty of fingers near key
Sybil ID clustering attack
A
B
Z
C
Y
D
X
E
W
F
V
U
G
T
H
I
S
J
R
K
Q
Many bad fingers near key
L
P
O
N
M
[Hypothetical scenario: 50% Sybil IDs, 50% honest IDs]
Honest layered IDs mimic Sybil IDs
Layer 0
Layer 1
A
A
C
Y
B
Z
B
Z
D
X
C
Y
E
W
D
X
F
V
E
W
F
V
U
G
U
G
T
H
T
H
I
S
J
R
K
Q
L
P
O
N
M
I
S
J
R
K
Q
L
P
O
N
M
Every range is balanced in some layer
Layer 0
Layer 1
A
A
B
Z
C
Y
B
Z
D
X
C
Y
E
W
D
X
F
V
E
W
F
V
U
G
U
G
T
H
T
H
I
S
J
R
K
Q
L
P
O
N
M
I
S
J
R
K
Q
L
P
O
N
M
Two layers is not quite enough
Layer 0
Layer 1
A
A
B
Z
C
Y
Ratio =
1 honest :
10 Sybils
I
J
R
K
Q
L
P
O
N
M
E
W
F
V
S
D
X
E
W
T
C
Y
D
X
U
B
Z
F
V
G
U
H
T
G
Ratio =
10 honest :
100 Sybils
S
H
I
J
R
K
Q
L
P
O
N
M
Log n parallel layers is enough
Layer 0
W
V
U
T
S
R
X
Y Z
A
B C
Layer 1
D
E
F
G
H
I
Q
P O
L
N M
K
J
W
V
U
T
S
R
X
Y Z
A
B C
Layer 2
D
E
F
G
H
I
Q
P O
L
N M
K
J
W
V
U
T
S
R
X
Y Z
A
B C
Layer L
D
E
F
G
H
I
Q
P O
L
N M
K
J
• log n layered IDs for each node
• Lookup steps:
1. Pick a random layer
2. Pick a finger to query
3. GOTO 1 until success or timeout
…
W
V
U
T
S
R
X
Y Z
A
B C
D
E
F
G
H
I
Q
P O
L
N M
K
J
Main theorem: secure DHT routing
If we run Whānau’s SETUP using:
1. A social network with walk length = O(log n)
and number of attack edges = O(n/log n)
2. Routing tables of size Ω(√N log N) per node
Then, for any input key and all but εn nodes:
• Each lookup attempt (i.e., coin flip) succeeds
with probability Ω(1)
• Thus GET(key) uses O(1) messages (expected)
Evaluation: Hypotheses
1. Random walk technique yields good samples
2. Lookups succeed under clustering attacks
3. Layered identifiers are necessary for security
4. Performance scales the same as a one-hop DHT
5. Whānau handles network failures and churn
Method
• Efficient message-based simulator
– Social network data spidered from Flickr, Youtube,
DBLP, and LiveJournal (n=5.2M)
– Clustering attack, varying number of attack edges
• PlanetLab implementation
Escape probability
1
0.8
0.6
2M attack edges
200K attack edges
0.4
20K attack edges
0.2
0
0
10
20
30
40
50
60
Random walk length
70
80
[Flickr social network: n ≈ 1.6M, average degree ≈ 9.5]
Walk length tradeoff
1
0.8
0.6
2M attack edges
200K attack edges
0.4
20K attack edges
Clumpiness
0.2
0
0
10
20
30
40
50
60
Random walk length
70
80
[Flickr social network: n ≈ 1.6M, average degree ≈ 9.5]
Whānau delivers high availability
3√n
40
Median lookup messages
2M attack edges (>n)
200K attack edges
30
20K attack edges
No attacker
20
10
0
100
1000
10000
Table size
100000
[Flickr social network: n ≈ 1.6M, 3√n ≈ 4000]
1000000
Everything rests on the model…
…
Contributions
• Whānau: an efficient Sybil-proof DHT
– Use a social network to filter good nodes
– Resist up to O(n/log n) attack edges
– Table size per node: O(√N log N)
– Messages to route: O(1)
• Introduced layers to combat clustering attacks
Related documents
A Sybil-Proof Distributed Hash Table Chris Lesniewski-Laas M. Frans Kaashoek MIT
A Sybil-Proof Distributed Hash Table Chris Lesniewski-Laas M. Frans Kaashoek MIT
Minimum Spanning Trees - Baylor School of Engineering
Minimum Spanning Trees - Baylor School of Engineering
Data Mining on Graphs and Social Networks
Data Mining on Graphs and Social Networks
A Sybil-proof DHT using a social network
A Sybil-proof DHT using a social network
Games and the Impossibility of Realizable Ideal Functionality
Games and the Impossibility of Realizable Ideal Functionality
Peer-to-Peer Networks 07 Degree Optimal Networks
Peer-to-Peer Networks 07 Degree Optimal Networks
Link - Indico
Link - Indico
Denial of Service Attacks in Cognitive Radio Networks and Counter
Denial of Service Attacks in Cognitive Radio Networks and Counter
Assignment 4: 674: Introduction to Data Mining
Assignment 4: 674: Introduction to Data Mining
New_Laboratory_2
New_Laboratory_2
Syllabus - V-SECT
Syllabus - V-SECT
Document
Document
GEOMETRY LINES, SEGMENTS, and RAYS
GEOMETRY LINES, SEGMENTS, and RAYS
310409-Theory of computation
310409-Theory of computation
HW2
HW2
Network Addressing
Network Addressing
ANALYSIS OF LIGHTWEIGHT SYBIL ATTACK DETECTION
ANALYSIS OF LIGHTWEIGHT SYBIL ATTACK DETECTION
Chapter 12 Greedy Algorithms for Minimum Spanning Trees
Chapter 12 Greedy Algorithms for Minimum Spanning Trees
Running Head: Sybil Sybil Kayla DeMeo The College of New Jersey
Running Head: Sybil Sybil Kayla DeMeo The College of New Jersey
Whakaterea te Aratika ki Mua: Navigating Pathways into the
Whakaterea te Aratika ki Mua: Navigating Pathways into the
Community cancer support pilot evaluation
Community cancer support pilot evaluation