CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE

Slides:



Advertisements
Similar presentations
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Advertisements

Data Currency in Replicated DHTs Reza Akbarinia, Esther Pacitti and Patrick Valduriez University of Nantes, France, INIRA ACM SIGMOD 2007 Presenter Jerry.
Evaluation of a Scalable P2P Lookup Protocol for Internet Applications
Scalable Content-Addressable Network Lintao Liu
Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.
Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
An Overview of Peer-to-Peer Networking CPSC 441 (with thanks to Sami Rollins, UCSB)
Peer-to-Peer Networks João Guerreiro Truong Cong Thanh Department of Information Technology Uppsala University.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Object Naming & Content based Object Search 2/3/2003.
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
1 Seminar: Information Management in the Web Gnutella, Freenet and more: an overview of file sharing architectures Thomas Zahn.
Peer-to-Peer Networks Slides largely adopted from Ion Stoica’s lecture at UCB.
1 Freenet  Addition goals to file location: -Provide publisher anonymity, security -Resistant to attacks – a third party shouldn’t be able to deny the.
1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presentation by Theodore Mao CS294-4: Peer-to-peer Systems August 27, 2003.
Freenet. Anonymity  Napster, Gnutella, Kazaa do not provide anonymity  Users know who they are downloading from  Others know who sent a query  Freenet.
1 Napster & Gnutella An Overview. 2 About Napster Distributed application allowing users to search and exchange MP3 files. Written by Shawn Fanning in.
Introduction Widespread unstructured P2P network
PNear Combining Content Clustering and Distributed Hash-Tables Ronny Siebes Vrije Universiteit, Amsterdam The netherlands
Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.
Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.
Using the Small-World Model to Improve Freenet Performance Hui Zhang Ashish Goel Ramesh Govindan USC.
Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Xiaozhou Li COS 461: Computer Networks (precept 04/06/12) Princeton University.
1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
© 2002, Magdalena Punceva, EPFL-IC, Laboratoire de systèmes d'informations répartis Self-Organized Construction of Distributed Access Structures: A Comparative.
1 MANETS – An overview. 2 MANETs Model and Definitions Simulatability – mobility models Routing algorithms Security issues with routing algorithms Tracing.
1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.
P2PComputing/Scalab 1 Gnutella and Freenet Ramaswamy N.Vadivelu Scalab.
Automated P2P Backup Group 1 Anderson, Bowers, Johnson, Walker.
Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.
Chord Advanced issues. Analysis Search takes O(log(N)) time –Proof 1 (intuition): At each step, distance between query and peer hosting the object reduces.
Data Indexing in Peer- to-Peer DHT Networks Garces-Erice, P.A.Felber, E.W.Biersack, G.Urvoy-Keller, K.W.Ross ICDCS 2004.
CS Spring 2014 CS 414 – Multimedia Systems Design Lecture 37 – Introduction to P2P (Part 1) Klara Nahrstedt.
P2P Search COP6731 Advanced Database Systems. P2P Computing  Powerful personal computer Share computing resources P2P Computing  Advantages: Shared.
P2P Search COP P2P Search Techniques Centralized P2P systems  e.g. Napster, Decentralized & unstructured P2P systems  e.g. Gnutella.
Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,
Review session For DS final exam.
CS 268: Lecture 22 (Peer-to-Peer Networks)
Pastry Scalable, decentralized object locations and routing for large p2p systems.
Peer-to-Peer Data Management
Accessing nearby copies of replicated objects
COS 561: Advanced Computer Networks
EE 122: Peer-to-Peer (P2P) Networks
CS 268: Peer-to-Peer Networks and Distributed Hash Tables
DHT Routing Geometries and Chord
Chord Advanced issues.
Presentation by Theodore Mao CS294-4: Peer-to-peer Systems
CS 162: P2P Networks Computer Science Division
P2P Systems and Distributed Hash Tables
Chord Advanced issues.
Peer-to-Peer Information Systems Week 6: Performance
Joydeep Chandra, Santosh Shaw and Niloy Ganguly
Chord Advanced issues.
draft-bryan-sipping-p2p
An Overview of Peer-to-Peer
Distributed Hash Tables
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
COS 461: Computer Networks
DNSR: Domain Name Suffix-based Routing in Overlay Networks
Consistent Hashing and Distributed Hash Table
Kademlia: A Peer-to-peer Information System Based on the XOR Metric
#02 Peer to Peer Networking
Presentation transcript:

CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE Alexander Mohr Mayank Mishra State University of New York at Stony Brook

Motivation Many P2P networks are not designed with attack-resistance in mind (Gnutella, Shareaza, eDonkey2k, Chord, CAN, Pastry, etc). Those that are attack-resistant generally are not as efficient (Freenet, RON, etc). Let’s try for both in a sloppy DHT!

Goals Guarantee that a resource in the network can be located (even if 90-95% peers are malicious). Make searches efficient with extensive caching. Empower users to have control over their searches.

Scenario Object of search Querying Node Malicious Node Non Malicious Node

Threat Model Underlying network is well-behaved. Nodes can be malicious or non-malicious. Malicious peers are Byzantine. Co-ordinate amongst themselves. May delay communication between non-malicious peers.

System Description Each node stores : When queried for a key, a node : The keys that the node itself has inserted into the DHT (its "published keys"). A subset of alive peers (its "neighbors"). When queried for a key, a node : Consults its list of published keys, Responds with the associated value if it was present, Returns its list of neighbors. Searching the network is an iterative breadth-first search.

Claim If there exists any non-malicious path from a query originator to a peer publishing the search key, the search will eventually succeed!

Claim If there exists any non-malicious path from a query originator to a peer publishing the search key, the search will eventually succeed! But, we’ve said nothing about whether such a path is likely to exist!

Open Question Can we guarantee that a non-malicious path will exist? Maybe: we’re not yet sure how feasible it is. Secure Routing [Castro et al., 2002] When choosing a new neighbor: Flood the network to obtain a list of all peers. Pick one at random.

Traffic Amplification Attacks Iterative search prevents traffic amplification. More effort to search, but that might be good: Traffic Amplifier Networks like Gnutella Cascade Message

Man-in-the-Middle Attacks There is no man in the middle. Don’t have to trust what others say on someone else’s behalf. Y X’ X Y’ X’ Liar Liar Y Z

State Exhaustion Attacks All per-query state is located on the querying node itself. No per-query state is maintained by the network.

Caching and Performance Goal #2: Efficient search. Add passive caching: Known-peers cache. Results cache. Query cache. Caches are hints and are not required for correct operation!!

Known Peers Cache Whenever you discover a peer, store: Whom they were. When you saw them. Save this cache between program runs to bootstrap. With directed searches, get there faster.

Results Cache Store the results of your own searches: What you found. Where it was. When you saw it. When a node asks you for a key that you previously found, tell it where and when!

Query Cache When someone else queries you for a key, remember: What they queried for. Whom they were. When they queried you. Also: tell them if anyone else is looking for the same key and when they were looking! Like path-based replication, but passive!

Example NODE Query Cache Results Cache A - B C D D A B C A queries for key x which is located at D. NODE Query Cache Results Cache A - B C D

Example NODE Query Cache Results Cache A - B C D D A B C A queries for key x which is located at D. NODE Query Cache Results Cache A - B C D

Example NODE Query Cache Results Cache A - D B C D A B C A queries for key x which is located at D. NODE Query Cache Results Cache A - D B C

Example E A B C D Now E searches for key x . NODE Query Cache Results Cache A - D B C E

Example E D A B B C E follows B’s query cache hint to A. NODE Results Cache A - D B A,E C E

Example E D A B B C E follows A’s result cache hint to D. NODE Query Cache Results Cache A - D B A,E C E

Soft Structure It’s easy to add Chord-like structure! Responsibility cache: Key-value pairs that are nearby in identifier space. Structured neighbor list: In addition to random neighbors, add structured neighbors.

Flexibility and Control The user is in control of the search process!! Flexibility: The user may choose to trust a node and use its cached information (Fast Search). The user may NOT trust a peer’s cache and instead use a BFS (Reliable Search). Hybrids..

Conclusion In the best case, Chord-like structure and caches allow very efficient search. In the worst case, a node can search more if it really cares about search results! Dumb network, smart end-hosts!

Future Work Ensure that non-malicious paths are likely to exist. Prevent other attacks on the system. What are they? Quantify benefits of our caching schemes.