Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
A Sybil-Proof Distributed Hash Table Chris Lesniewski-Laas M. Frans Kaashoek MIT 28 April 2010 NSDI http://pdos.csail.mit.edu/whanau/slides.pptx Distributed Hash Table • Interface: PUT(key, value), GET(key)→value • Route to peer responsible for key GET( sip://alice@foo ) PUT( sip://alice@foo, 18.26.4.9 ) The Sybil attack on open DHTs • Create many pseudonyms (Sybils), join DHT • Sybils join the DHT as usual, disrupt routing Brute-force attack Clustering attack P2P mania! Sybil state of the art Chord, Pastry, Tapestry, CAN The Sybil Attack [Douceur], Security Considerations [Sit, Morris] Restricted tables [Castro et al] 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 BFT [Rodrigues, Liskov] SPROUT, Turtle, Bootstrap graphs Puzzles [Borisov] CAPTCHA [Rowaihy et al] SybilLimit [Yu et al] SybilInfer, SumUp, DSybil (This work) P2P mania! Contribution • Whānau: an efficient Sybil-proof DHT protocol – GET cost: O(1) messages, one RTT latency – Cost to build routing tables: O(√N log N) storage/bandwidth per node (for N keys) – Oblivious to number of Sybils! • Proof of correctness • PlanetLab implementation • Large-scale simulations vs. powerful attack Division of labor • Application provides integrity • Whānau provides availability • E.g., application signs values using private key • Proc GET(key): Until valid value found: Try value = LOOKUP(key) Repeat Approach • Use a social network to limit Sybils – Addresses brute-force attack • New technique: layered identifiers – Addresses clustering attacks Two main phases • SETUP: periodically build tables using social links • LOOKUP: use tables to route efficiently key value PUT(key, value) Social Network PUT Queue key SETUP LOOKUP Routing Tables value Social links created Social links maintained over Internet Honest region Social network Attack edges Sybil region … Random walks c.f. SybilLimit [Yu et al 2008] Building tables using random walks c.f. SybilLimit [Yu et al 2008] What have we accomplished? • Small fraction (e.g. < 50%) of bad nodes in routing tables • Bad fraction is independent of number of Sybil nodes key value PUT(key, value) Social Network PUT Queue key SETUP LOOKUP Routing Tables value Routing table structure • O(√n) fingers and O(√n) keys stored per node • Fingers have random IDs, cover all keys WHP • Lookup: query closest finger to target key Zyzzyva Finger tables: (ID, address) Aardvark Kelvin Keynes Key tables: (key,value) From social network to routing tables • Finger table: randomly sample O(√n) nodes • Most samples are honest ID IP address Honest nodes pick IDs uniformly A B Z C Y D X E W F V U G T H I S J R K Q L P O N M Plenty of fingers near key Sybil ID clustering attack A B Z C Y D X E W F V U G T H I S J R K Q Many bad fingers near key L P O N M [Hypothetical scenario: 50% Sybil IDs, 50% honest IDs] Honest layered IDs mimic Sybil IDs Layer 0 Layer 1 A A C Y B Z B Z D X C Y E W D X F V E W F V U G U G T H T H I S J R K Q L P O N M I S J R K Q L P O N M Every range is balanced in some layer Layer 0 Layer 1 A A B Z C Y B Z D X C Y E W D X F V E W F V U G U G T H T H I S J R K Q L P O N M I S J R K Q L P O N M Two layers is not quite enough Layer 0 Layer 1 A A B Z C Y Ratio = 1 honest : 10 Sybils I J R K Q L P O N M E W F V S D X E W T C Y D X U B Z F V G U H T G Ratio = 10 honest : 100 Sybils S H I J R K Q L P O N M Log n parallel layers is enough Layer 0 W V U T S R X Y Z A B C Layer 1 D E F G H I Q P O L N M K J W V U T S R X Y Z A B C Layer 2 D E F G H I Q P O L N M K J W V U T S R X Y Z A B C Layer L D E F G H I Q P O L N M K J • log n layered IDs for each node • Lookup steps: 1. Pick a random layer 2. Pick a finger to query 3. GOTO 1 until success or timeout … W V U T S R X Y Z A B C D E F G H I Q P O L N M K J Main theorem: secure DHT routing If we run Whānau’s SETUP using: 1. A social network with walk length = O(log n) and number of attack edges = O(n/log n) 2. Routing tables of size Ω(√N log N) per node Then, for any input key and all but εn nodes: • Each lookup attempt (i.e., coin flip) succeeds with probability Ω(1) • Thus GET(key) uses O(1) messages (expected) Evaluation: Hypotheses 1. Random walk technique yields good samples 2. Lookups succeed under clustering attacks 3. Layered identifiers are necessary for security 4. Performance scales the same as a one-hop DHT 5. Whānau handles network failures and churn Method • Efficient message-based simulator – Social network data spidered from Flickr, Youtube, DBLP, and LiveJournal (n=5.2M) – Clustering attack, varying number of attack edges • PlanetLab implementation Escape probability 1 0.8 0.6 2M attack edges 200K attack edges 0.4 20K attack edges 0.2 0 0 10 20 30 40 50 60 Random walk length 70 80 [Flickr social network: n ≈ 1.6M, average degree ≈ 9.5] Walk length tradeoff 1 0.8 0.6 2M attack edges 200K attack edges 0.4 20K attack edges Clumpiness 0.2 0 0 10 20 30 40 50 60 Random walk length 70 80 [Flickr social network: n ≈ 1.6M, average degree ≈ 9.5] Whānau delivers high availability 3√n 40 Median lookup messages 2M attack edges (>n) 200K attack edges 30 20K attack edges No attacker 20 10 0 100 1000 10000 Table size 100000 [Flickr social network: n ≈ 1.6M, 3√n ≈ 4000] 1000000 Everything rests on the model… … Contributions • Whānau: an efficient Sybil-proof DHT – Use a social network to filter good nodes – Resist up to O(n/log n) attack edges – Table size per node: O(√N log N) – Messages to route: O(1) • Introduced layers to combat clustering attacks