Embed Size (px)
Citation preview
Denial-of-Service Resilience in Peer-to-Peer Systems
D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel
Presenter: Yan Gao
Outline
Background P2P File Sharing
DoS Scenario File-targeted DoS attacks Network-targeted DoS attacks
Model Simulation Study
Gnutella Overview Peer-to-peer indexing and searching
service Built on top of an unstructured overlay
network Two level hierarchy Peer-to-peer point-to-point file
downloading using HTTP P2P file sharing application on top of an
overlay network Nodes maintain open TCP connections Messages are broadcasted (flooded) or back-
propagated
Gnutella - unstructured p2p system
A given file can be stored at any node
Original version used scoped flooding to locate a file flexible and robust, not scalable
Two-level hierarchy (KaZaA) Leaf nodes & supernodes
Hierarchy p2p systems are scalable than the original one
Freenet - unstructured p2p network
Aim - to provide anonymity and censorship resistance
Each file is assigned a unique ID by hashing the file content
Each node maintains a routing table Insert
The file is routed according to its ID and stored at all nodes along the path
Retrieve The file is copied along the path from the source to
the requester It is hard to locate all copies of a specific file Trying to locate a file will result in the file
being copied at even more nodes
Structured p2p networks Partition a global ID space across all nodes
Each node - for a chunk of the ID space Each file is associated with a unique ID
A file can be stored at an arbitrary node Efficient in locating such a node
Given an ID, find the node responsible for that ID
Find the node responsible for a given ID by contacting only O(logN) nodes
Example: CAN, Chord, Pastry, Tapestry, Kademlia
Structella—hybrid proposal
Use flooding to locate files, but in a more efficient way
Use the underlying structure of Pastry to send no more than one flood message per virtual link Reduce the flooding cost by a factor of k
Note: This paper assume that the replies are sent back to the requester using the Pastry routing protocol.
Outline
Background P2P File Sharing
DoS Scenario File-targeted DoS attacks Network-targeted DoS attacks
Model Simulation Study
File-targeted DoS attacks - pollution attacks
Malicious node advertises a corrupted file, and eventually distributes this copy
The p2p network topology does not play a role in the effectiveness
The user-behavior factors determine the spread of polluted files Willingness to share files Speediness in removing corrupted files Persistence in downloading files under
attack Attack against a single file
Attacker wants to prevent spread of file
Attack Model
Attacker responds to queries for a particular file
Replies with a very high bandwidth and low waiting time, to be attractive
Serves fake content for the file Requires relatively large resources
Attacker serves 10% of file
Analytical Model: Spreading Content
Spreading polluted and good copies
Non-cooperative users
Effect of User Persistence
Here it is!
Counterstrategy: Parallel Download
File-targeted DoS attacks
System is really quite vulnerable Attacker, however, requires large
resources to mount the attack FYI, there is evidence that these
pollution attacks are being carried out
Network-targeted DoS attacks
Directed against unstructured p2p networks like Gnutella or Kazaa
Attack against whole p2p network Attacker wants to significantly reduce
system goodput
System model
Two phase user-system interaction Query
User sends query for particular file Responses are received and stored
Download One or more responses are selected
based on policy Downloads are initiated
Attacker Strategy
False content attack Respond to all queries pointing to self Modify all replies and redirect to self Serve bad files
Slow node attack Modify all replies and redirect to
slowest nodes, advertising high speed for them.
Client Strategy
Download peer selection policy: Best
by expected download time Random Redundant best File chunking Reputation systems Detection
Network-targeted DoS attacks Again, systems are very vulnerable Again, attackers require quite large
resources to mount attack Random selection counterstrategy
effective However, it prevents selection of high
bandwidth peers Non-attack performance is significantly
reduced
Outline
Background P2P File Sharing
DoS Scenario File-targeted DoS attacks Network-targeted DoS attacks
Model Simulation Study
Supernodes and hierarchy
Long paths for anonymity
Power-law topologies
Outline Background
P2P File Sharing Gnutella
DoS Scenario System model Attacker strategy Client strategy
Model Simulation Study
Simulation Preliminaries Discrete event simulation Two peer classes
Leaf nodes (80%) – 56Kb to 1Mb Supernodes (20%) – 1Mb to 10Mb
Asymmetric bandwidth Upstream ¼ of downstream
Zipf file distribution TCP max-min fairness
Baseline Experiments
Baseline attack
System Factors
Overlay structure and hierarchy
System Factors
Path length
Victim counter strategies Random redundant downloads
1 or more in parallel Lowers base performance VERY MUCH Much less vulnerable to attack
Best redundant download Best N by estimated time in parallel Lowers base performance Moves system breaking point far out
Conclusions File-targeted attacks are inefficient in
cooperative p2p environment It is insufficient to only transmit false info to
launch an attack in p2p networks Structured p2p systems are more resilient
than hierarchical p2p systems System goodput degrades tremendously with
the number of malicious nodes in both cases Reputation systems are largely ineffective Randomization techniques are indeed able to
transform the system’s resilience from a devastating hyperexponential scaling to a more resilient linear scaling
Thank you!
