On-the-fly Verification of Erasure-Encoded File Transfers Mike Freedman & Max Krohn NYU Dept of Computer Science.

Slides:

Advertisements

Similar presentations

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Advertisements

What is RAID Redundant Array of Independent Disks.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

CSC 774 Advanced Network Security

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Henry C. H. Chen and Patrick P. C. Lee

Nattee Niparnan. Recall  Complexity Analysis  Comparison of Two Algos  Big O  Simplification  From source code  Recursive.

Network Coding in P2P-Systems Christian Ortolf. Overview ● Introduction ● Galois fields ● Encoding/Decoding of Files ● Gain – Coupon Collector's problem.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

Introduction to Computer Security Programming Assignment #2 Onsite Test.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.

Informed Content Delivery Across Adaptive Overlay Networks J. Byers, J. Considine, M. Mitzenmacher and S. Rost Presented by Ananth Rajagopala-Rao.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.

Announcements: 1. Class cancelled tomorrow 2. HW7 due date moved to Thursday. Questions? This week: Birthday attacks, Digital signatures Birthday attacks,

Introduction to Modern Cryptography Homework assignments.

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Distributed Cluster Repair for OceanStore Irena Nadjakova and Arindam Chakrabarti Acknowledgements: Hakim Weatherspoon John Kubiatowicz.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

On-The-Fly Verification of Rateless Erasure Codes Max Krohn (MIT CSAIL) Michael Freedman and David Mazières (NYU)

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu.

Stuart Hansen University of Wisconsin - Parkside.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Bob can sign a message using a digital signature generation algorithm

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.

Organization  Introduction to Network Coding  Practical Network Coding  Secure Network Coding  Structured File Sharing  Conclusion.

1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

Peer to Peer Network Anas Hardan. What is a Network? What is a Network? A network is a group of computers and other devices (such as printers) that are.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.

Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Network Computing Laboratory Scalable File Sharing System Using Distributed Hash Table Idea Proposal April 14, 2005 Presentation by Jaesun Han.

EXAMPLE 3 Find the inverse of a 3 × 3 matrix Use a graphing calculator to find the inverse of A. Then use the calculator to verify your result. 2 1 – 2.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Practical Byzantine Fault Tolerance

Fast Signature Scheme for Network Coding Mingxi Yang, Wenjie Yan Reporter: Wenjie Yan Mingxi Yang, Wenjie Yan1 DCABES 2009.

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.

Efficient Downloading and Updating Application on Smart Cards Yongsu Park, Junyoung Heo, Yookun Cho School of Computer Science and Engineering Seoul National.

SIGCOMM 2001 Lecture slides by Dr. Yingwu Zhu Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.

PEER TO PEER (P2P) NETWORK By: Linda Rockson 11/28/06.

On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine.

Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.

ADVANCED COMPUTER NETWORKS Peer-Peer (P2P) Networks 1.

Algorithms and Techniques in Structured Scalable Peer-to-Peer Networks

Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,

Implementation of Public Key Encryption Algorithms

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

Real-life cryptography Pfeiffer Alain.  Types of PRNG‘s  History  General Structure  User space  Entropy types  Initialization process  Building.

Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography.

A New Approach to Coding in Content-Based MANETs

A Tale of Two Erasure Codes in HDFS

DTTF/NB479: Dszquphsbqiz Day 26

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

SHA: Secure Hash Algorithm

Presentation transcript:

On-the-fly Verification of Erasure-Encoded File Transfers Mike Freedman & Max Krohn NYU Dept of Computer Science

Downloading Large Files From P2P Networks  For large files, transfer times are much bigger than average node uptimes.  Some files are very popular: multiple sources and multiple requesting nodes.  Is it possible to have multicast, even though sources and receivers frequently enter and leave the network.

Solution: Rateless Erasure Codes Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4)

Solution: Rateless Erasure Codes Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4) Wants file F

Mutli-Sourced Downloads Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4)

Mutli-Sourced Downloads Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4)   

Receiver (R3)Receiver (R4) Receiver (R3) “Overlapping Multicast Trees” Source (S1)Source (S2)Source (S3)Source (S4) Receiver (R2) Receiver (R1) 

Resuming Truncated Downloads Source (S1) Receiver (R1)Receiver (R2)

Resuming Truncated Downloads Source (S1) Receiver (R1)Receiver (R2)

Resuming Truncated Downloads Source (S1) Receiver (R1)Receiver (R2) 

Threat Model KaZaa eDonkey 2000 Gnutella Morpheus

Threat Model KaZaa eDonkey 2000 Gnutella Morpheus

Threat Model KaZaa eDonkey 2000 Gnutella Morpheus

Threat Model KaZaa eDonkey 2000 Gnutella Morpheus

Bogus Data Attack KaZaa eDonkey 2000 Gnutella Morpheus

Unwanted Data Attack KaZaa eDonkey 2000 Gnutella Morpheus

Attacking Erasure Encoded Transfers Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4)

Attacking Erasure Encoded Transfers Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4)

Erasure Encoding of Files …

Easily Verifiable…. …

…but Not on the Fly Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4)

What Happened?  R1 received checkblock c from S4. S4 claims: blah

What Happened?  R1 received checkblock c from S4. S4 claims:  R1 knows: But how can R1 verify c? Wouldn’t it be nice if: Not true for SHA1!

What Happened?  R1 received checkblock c from S4. S4 claims:  R1 knows:  But how can R1 verify c? Wouldn’t it be nice if: Not true for SHA1!

What Happened?  R1 received checkblock c from S4. S4 claims:  R1 knows:  But how can R1 verify c?  Wouldn’t it be nice if: Not true for SHA1!

What Happened?  R1 received checkblock c from S4. S4 claims:  R1 knows:  But how can R1 verify c?  Wouldn’t it be nice if:  Not true for SHA1!

A Homomorphic Hashing Scheme  Assume file block size of 8kB  Pick large prime (about 1024 bits) and small prime (about 256 bits) that divides, and 256 generators of order q:  Writes the file F as matrix, elements in

How To Hash  The hash of a message or check block is an element in :

How To Hash  The hash of a message or check block is an element in :  The hash of the entire file is an n-element vector of the hashes of the blocks:

The Only Important Slide implies that Why?

How To Encode  Checkblocks are constructed using modular addition over.  To generate a checkblock, pick a set And compute

How To Verify Given the correct hash: And a check block: verify that:  Note: LHS computation is expensive!

Success! Source (S1) Receiver (R1) Source (S2)Source (S3)Source (S4)

Analysis + Security of the hash function based on hardness of the discrete log. − Hashes are big (1/256 the size of the file), but we can apply this process recursively. + Our paper details a batched, probabilistic verification scheme that drastically reduces exponentiations. + Verifying rate is 40x faster than download rates on a T1.