Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays Håvard Johansen University of Tromsø Norway André Allavena Robbert van Renesse University.

Slides:



Advertisements
Similar presentations
Ranveer Chandra Ramasubramanian Venugopalan Ken Birman
Advertisements

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Alex Cheung and Hans-Arno Jacobsen August, 14 th 2009 MIDDLEWARE SYSTEMS RESEARCH GROUP.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Cognitive Publish/Subscribe for Heterogeneous Clouds Šarūnas Girdzijauskas, Swedish Institute of Computer Science (SICS) Joint work with:
CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.
Chord: A Scalable Peer-to- Peer Lookup Service for Internet Applications Ion StoicaRobert Morris David Liben-NowellDavid R. Karger M. Frans KaashoekFrank.
EL9331 Meridian: A Lightweight Network Location Service without Virtual Coordinates Bernard Wong, Aleksandrs Slivkins, Emin Gun Sirer SIGCOMM’05 ( Slides.
SplitStream: High- Bandwidth Multicast in Cooperative Environments Monica Tudora.
Ýmir Vigfússon IBM Research Haifa Labs Ken Birman Cornell University Qi Huang Cornell University Deepak Nataraj Cornell University.
Failure Detectors CS 717 Ashish Motivala Dec 6 th 2001.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
ZIGZAG A Peer-to-Peer Architecture for Media Streaming By Duc A. Tran, Kien A. Hua and Tai T. Do Appear on “Journal On Selected Areas in Communications,
SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Informed Detour Selection Helps Reliability Boulat A. Bash.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
CoolStreaming/DONet: A Data- driven Overlay Network for Peer- to-Peer Live Media Streaming INFOCOM 2005 Xinyan Zhang, Jiangchuan Liu, Bo Li, and Tak- Shing.
Breaking the O(n 2 ) Bit Barrier: Scalable Byzantine Agreement with an Adaptive Adversary Valerie King Jared Saia Univ. of VictoriaUniv. of New Mexico.
Distributed Lookup Systems
1 PLuSH – Mesh Tree Fast and Robust Wide-Area Remote Execution Mikhail Afanasyev ‧ Jose Garcia ‧ Brian Lum.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
6/27/2015Page 1 This presentation is based on WS-Membership: Failure Management in Web Services World B. Ramamurthy Based on Paper by Werner Vogels and.
Fireflies: Scalable Intrusion-Tolerant Overlay Networking Robbert van Renesse and Maya Haridasan, Cornell University Håvard Johansen, Tromsø University,
MuON: Epidemic Based Mutual Anonymity Neelesh Bansod, Ashish Malgi, Byung Choi and Jean Mayo.
Dr. Multicast for Data Center Communication Scalability Ymir Vigfusson Hussam Abu-Libdeh Mahesh Balakrishnan Ken Birman Cornell University Yoav Tock IBM.
March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Backbone Support for Host Mobility: A Joint ORBIT/VINI Experiment Jennifer Rexford Princeton University Joint work with the ORBIT team (Rutgers) and Andy.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Effect of Intrusion Detection on Reliability Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member, IEEE, and Phu-Gui Feng IEEE TRANSACTIONS ON RELIABILITY,
Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.
Communication (II) Chapter 4
COCONET: Co-Operative Cache driven Overlay NETwork for p2p VoD streaming Abhishek Bhattacharya, Zhenyu Yang & Deng Pan.
PIC: Practical Internet Coordinates for Distance Estimation Manuel Costa joint work with Miguel Castro, Ant Rowstron, Peter Key Microsoft Research Cambridge.
An Efficient Topology-Adaptive Membership Protocol for Large- Scale Cluster-Based Services Jingyu Zhou * §, Lingkun Chu*, Tao Yang* § * Ask Jeeves §University.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Bullet: High Bandwidth Data Dissemination Using an Overlay Mesh.
Project Presentation Students: Yan Michalevsky Asaf Cidon Supervisors: Alexander Shraer Assoc. Prof. Idit Keidar.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Jonathan Walpole CSE515 - Distributed Computing Systems 1 Teaching Assistant for CSE515 Rahul Dubey.
RON: Resilient Overlay Networks David Andersen, Hari Balakrishnan, Frans Kaashoek, Robert Morris MIT Laboratory for Computer Science
Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,
RON: Resilient Overlay Networks David Andersen, Hari Balakrishnan, Frans Kaashoek, Robert Morris MIT Laboratory for Computer Science
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.
A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡
Mangai Vetrivelan Snigdha Joshi Avani Atre. Sensor Network Vulnerabilities o Unshielded Sensor Network Nodes vulnerable to be compromised. o Attacks on.
What’s the scuttlebutt on Secure Gossip? Robbert van Renesse.
Scalable Self-Repairing Publish/Subscribe Robbert van Renesse Ken Birman Werner Vogels Cornell University.
Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.
Ad Hoc Network.
Chord Advanced issues. Analysis Theorem. Search takes O (log N) time (Note that in general, 2 m may be much larger than N) Proof. After log N forwarding.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 2: Distributed Hash.
Chord Advanced issues. Analysis Search takes O(log(N)) time –Proof 1 (intuition): At each step, distance between query and peer hosting the object reduces.
CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.
1 FairOM: Enforcing Proportional Contributions among Peers in Internet-Scale Distributed Systems Yijun Lu †, Hong Jiang †, and Dan Feng * † University.
The Cost of Inconsistency in Chord Shelley Zhuang, Ion Stoica, Randy Katz OASIS/i3 Retreat, January 2005.
Alibi Routing Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Brendan Rowen, Neil Spring, Bobby Bhattacharjee Presented.
Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,
CSE 486/586 Distributed Systems Gossiping
Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M
CS 268: Lecture 22 (Peer-to-Peer Networks)
Providing Secure Storage on the Internet
Chord Advanced issues.
Chord Advanced issues.
Chord Advanced issues.
Sisi Duan Assistant Professor Information Systems
Presentation transcript:

Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays Håvard Johansen University of Tromsø Norway André Allavena Robbert van Renesse University of Waterloo Cornell University Canada USA

Overlay networks are easy targets Adds important Internet functionality –Routing, search, Skype, etc. Deployed on untrusted hosts –Malicious behavior is likely Fireflies provides scalable intrusion-tolerant group membership that supports robust overlay networks Malicious members cannot –Keep correct members out –Keep failed members in

Fireflies: a group membership protocol Gossip –Disseminates membership events Membership –Accuse members suspected of being failed –Rebut false accusations Failure detection (monitoring) –Adaptive pinging –Can make mistakes Failure Detection Gossip Membership other members

Problem: false accusations A false accusation does not imply that the accuser is Byzantine How to prevent Byzantine members from overloading the system with false accusations?

Assigning monitors 6 members: CA assigns identifiers 3 identifier spaces (rings) 1 23

Assigning monitors members: CA assigns identifiers 3 identifier spaces (rings) s-hash ( | #), # = 1, 2, 3

Assigning monitors members: CA assigns identifiers 3 identifier spaces (rings) s-hash ( | #), # = 1, 2, 3

Assigning monitors members: CA assigns identifiers 3 identifier spaces (rings) 3 pseudo-random permutations of the members

Assigning monitors 1 23 Monitor successors: monitors Monitored by predecessors: monitored by

Disabling predecessors 1 23 Prevents predecessor from accusing a member on a specific ring disables predecessor on ring 1 as part of rebutting a false accusation X

How many rings? Use 2t + 1 rings Choose t so that there are no more than t Byzantine predecessors for any member members disable t predecessors of their choice t + 1 predecessors remains enabled  at least 1 correct enabled predecessor … 2t + 1 rings 12342t+1

Calculating t P byz : bounded probability that a member is Byzantine min t:  > binominal.cdf( t; 2t+1; 1 - P byz )  = O( 1 / # members )

PlanetLab evaluation setup Configuration –t = 12 (25 monitoring rings) –Gossip rate = 1 gossip / 3.5 seconds Byzantine members: –aggressive attacks: accuse at any opportunity do not forward rebuttals –passive attacks: never accuse do not forward accusations

Protocol overhead on PlanetLab # members Byzantine: 20% (10% aggressive + 10% passive) bytes/sec

Applications Intrusion-Tolerant video streaming –Gossip mesh ideal for multicast dissemination –Based on Chainsaw randomized flooding protocol Intrusion-Tolerant software mirroring tool –Replicate GNU/Linux Debian APT repositories –Time critical patches

Conclusions Fireflies: a group membership protocol –Intrusion-tolerant –Scalable –Probabilistic guarantees Available on SourceForge:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.