Embed Size (px)
Citation preview
MIS: Malicious Nodes Identification SchemeNetwork-Coding-Based Peer-to-Peer Streaming
Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana
Department of Computer ScienceUniversity of Illinois at Urbana Champaign‐
IEEE INFOCOM 2010
Outlines
• Introduction
• MIS: Malicious Node Identification Scheme
• Simulation Results
• Conclusion
Network Coding
• New paradigm of routing: – Packet mixing at intermediate nodes
• Benefits: – Maximum throughput, robustness to link failure, energy efficiency …
• Applications:– Multicast/broadcast, wireless unicast, P2P streaming, P2P file distributing …
2
A A= f( , , )
Traditional routing : store-and-forward Network coding
E
A
F
B
C
D
H
G
Segment [b1, b2, … , bm]
3
… …
Video stream S
Network Coding in P2P Streaming Networks3
• Benefits of network coding in P2P streaming:––––
Higher playback qualityShorter buffering delaysMinimal bandwidthBetter resilience to peer dynamics
SE
A
F
B
C
D
…
G
H
Pollution rapidly spreads over the network!
Failure to decode the original blocks!
4
Pollution Attacks in Network Coding4
• Malicious nodes inject corrupted blocks.
Segment [b1, b2, … , bm]
Video stream
…
6
The Pollution Attack
• Attacker joins an ongoing video channel • Attacker advertises it has a large
number of chunks • When neighbors request chunks,
attacker sends bogus chunks• Receiver plays back bogus chunks • Each receiver may further forward the
polluted chunksP. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.
7
Peer
Peer
Peer
Peer
Peer
Peer
Peer
Polluter
request
request
reques
t
5
SE
A
F
B
C
D
…
G
H
Drop corrupted blocks at the runtime
Existing Defense Strategy:5
• Checking corrupted blocks at the runtime– Too computationally costly for real time streaming‐
Segment [b1, b2, … , bm]
Video stream
…
9
Pollution Defense Strategy
• Blacklist
• Traffic Encryption
• Chunk Signing– Use PKI
– Every video source has public-private key pair
– Source uses private key to sign the chunks
– Receiver uses public key of source to verify integrity of chunk
P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.
6
The Idea of MIS (Malicious Identification Scheme)
• Optimal online efficiency:– We don’t check corrupted blocks at the runtime (before decoding).
• Fundamental limit on pollution attacks: – Instead, we identify malicious nodes whenever pollution attacks take place.
– We “permanently” remove the identified malicious nodes from the overlay, so that the system is free from pollution attacks in the future.
7
MIS (Malicious node Identification Scheme)
B
C
D
E
F
G
H
I
J
K
A
M
LS server‐
8
MIS (Malicious node Identification Scheme)
• Infected nodes: I, J, K, M, L
B
C
D
E
F
G
H
I
J
K
A
M
LS server‐
9
B
C
D
E
F
G
H
I
J
K
A
M
LS server‐
MIS (Malicious node Identification Scheme)
• Detect the existence of pollution attacks based on the content of decoded original blocks.
Alert (with the sequence number of the segment,
a time stamp, the reporting node’s ID)
10
MIS (Malicious node Identification Scheme)
• S server generates a ‐ random checksum for the polluted segment.
• S server disseminates ‐ the checksum to the overlay.
B
C
D
E
F
G
H
I
J
K
A
M
LS server‐
Checksum
11
MIS (Malicious node Identification Scheme)
• The checksum can help the infected node (K, or I) to find out which neighbor (J, or F) has sent him a corrupted block.
B
C
D
E
F
G
H
I
J
K
A
M
LS server‐
Checksum
MIS (Malicious node Identification Scheme)• The Infected node (K, or I) reports the discovered suspicious
neighbors (J, or F) to the M server‐ , and forwards the checksum to the reported suspicious neighbors (J, or F).
A
B
C
D
E
F
G
H
I
J
K
M
LS server‐
F is suspicious
JF
Suspicious node list (SNL)
12
M server‐
J is suspicious
MIS (Malicious node Identification Scheme)
• With the received checksum, an innocent suspicious node (J) can find another suspicious node (F), but the malicious node (F) cannot.
A
B
C
D
E
F
G
H
I
J
K
M
LS server‐ J
FSuspicious node list (SNL)
13
M server‐
F is suspicious
MIS – Security Guarantees
• Correctness– A malicious node cannot deny having sent a corrupted
block or disparage any innocent node.• Guarantee
– When a suspicious node is reported, an evidence is shown to the M-server to demonstrate that this reported node has indeed sent out a corrupted block.
• Approaches– Public-key signature scheme
• Let each node sign the block it sends out using a public-key signature scheme, and the signature associated with the block can be used as the evidence.
• This approach requires applying public key signature on each transmitted block, introducing substantial computational delays due to the expensive signature generation and verification.
– Non-repudiation transmission protocol
Fig. 2: An example to illustrate network coding in P2P streaming. Each segment consists of m = 2 blocks, and each block has d = 3 codewords. Peer X receives two coded blocks e1,i, e2,i in Si from the S-server, and produces a new coded block e3,i for peer Y .
Non-Repudiation Transmission Protocol
λ=6 δ=3
Upstream neighbor
Downstream neighbor
X: the suspicious nodeY: the reporting node
e
Verify evidence with γ2 , γ4, γ5
Non-Repudiation Transmission Protocol
• Table I lists the probabilities that a malicious party succeeds in our protocol under several sample parameter selections.
• Prob X (or Prob Y) – the probability that a malicious X (or Y ) succeeds. The space overhead includes Φ(e) and Seq(e) (one byte for Seq(e)).
0 ≤ θ ≤ λ- δ
Evaluation
• Simulation based on real PPLive overlays obtained in our previous work [TOMCCAP’09]– The overlay contains 1600, or 4000 nodes– Malicious nodes are picked at random– Each segment consists of 32 blocks, and each block has 256 c
odewords in GF(256)– Time taken to identify malicious nodes is less than 6 seconds
[TOMCCAP’09] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang “Understanding the Overlay Characteristics of a Large scale Peer to Peer IPTV system”, ACM TOMCCAP, 2009.‐ ‐ ‐
17
Comparison
• Online computational times: MIS (5 10us)‐ , Null key (1 2us), ‐ ‐MAC based (2ms), Homomorphic signatures or hashes (> 1s).‐• Per block communication overhead: ‐ MIS (22B),Homomorphic signatures or hashes (128 256B), Null key and ‐ ‐MAC based (>256B).‐
Conclusions
• We propose a novel scheme (MIS) to limit network-coding pollution attacks by identifying malicious nodes.
• MIS can fully satisfy the requirements of P2P live streaming systems.
• MIS has high computational efficiency, small space overhead, and the capability of handling a large number of corrupted blocks and malicious nodes.
References
• [5] M. Krohn, M. Freeman, and D. Mazieres, “On-the-fly Verification of Rateless Erase Codes for Efficient Content Distribution”, in Proc. IEEE Symp. on Security and Privacy (Oakland), 2004.
• [6] C. Gkantsidis, and P. R. Rodriguez, “Cooperative Security for Network Coding File Distribution”, in Proc. of IEEE INFOCOM, 2005.
• [7] Q. Li, D.-M. Chiu, and J. C. S. Lui, “On the Practical and Security Issues of Batch Content Distribution Via Network Coding”, in Proc. of IEEE International Conference on Network Protocols (ICNP’06), 2006.
• [9] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An Efficient Signature-based Scheme for Securing Network Coding against Pollution Attacks”, in Proc. IEEE INFOCOM, 2008.
• [10] E. Kehdi, and B. Li, “Null Keys: Limiting Malicious Attacks Via Null Space Properties of Network Coding”, in Proc. of IEEE INFOCOM, 2009.
• [11] Z. Yu, Y. Wei, B. Ramkumar, Y. Guan, “An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks”, IEEE INFOCOM, 2009.
• [16] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang, “Understanding the Overlay Characteristics of a Large-scale Peer-to-Peer IPTV System”, ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP), 2009.
Related Works
• Homomorphic signatures or hashes [Krohn04, Gkantsidis05, Li06, Charles06, Yu08, Boneh09]– It’s computationally expensive to verify/generate the signature f
or each packet at each hop.• Null‐key based on the property of null space [Kehdi09]
– Verification key needs to be repeatedly distributed.• MAC‐based scheme [Yu09]
– Substantial communication overheads are introduced.• Error‐correction codes [Jaggi07, Kotter07]
– Achievable throughput is determined by the power of the adversary
• Combining homomorphic MAC and TESLA [Dong09]– It introduces authentication delay and is suspicious to DoS atta
cks.
