Identity Theft Protection in Structured Overlays Lakshmi Ganesh Ben Y. Zhao University of California, Santa Barbara NPSec 2005.

Slides:

Advertisements

Similar presentations

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

Pastiche: Making Backup Cheap and Easy. Introduction Backup is cumbersome and expensive Backup is cumbersome and expensive ~$4/GB/Month (now $0.02/GB)

A Survey of Secure Wireless Ad Hoc Routing

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

1 PASTRY Partially borrowed from Gabi Kliot ’ s presentation.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Secure routing for structured peer-to-peer overlay networks M. Castro, P. Druschel, A. Ganesch, A. Rowstron, D.S. Wallach 5th Unix Symposium on Operating.

1 Towards a Common API for Structured Peer-to-Peer Overlays Frank Dabek, Ben Zhao, Peter Druschel, John Kubiatowicz, Ion Stoica Presented for Cs294-4 by.

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Rowstron and Peter Druschel Proc. of the 18th IFIP/ACM.

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Secure routing for structured peer-to-peer overlay networks Miguel Castro, Ayalvadi Ganesh, Antony Rowstron Microsoft Research Ltd. Peter Druschel, Dan.

Chord: A Scalable Peer-to-Peer Lookup Protocol for Internet Applications Stoica et al. Presented by Tam Chantem March 30, 2007.

Chord and CFS Philip Skov Knudsen Niels Teglsbo Jensen Mads Lundemann

Centre for Wireless Communications University of Oulu, Finland

A Scalable Content-Addressable Network Authors: S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker University of California, Berkeley Presenter:

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Weaving a Tapestry Distributed Algorithms for Secure Node Integration, Routing and Fault Handling Ben Y. Zhao (John Kubiatowicz, Anthony Joseph) Fault-tolerant.

Wide-area cooperative storage with CFS

1 Peer-to-Peer Networks Outline Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter Druschel.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Mobile Ad-hoc Pastry (MADPastry) Niloy Ganguly. Problem of normal DHT in MANET No co-relation between overlay logical hop and physical hop – Low bandwidth,

Security in MobileIP Fahd Ahmad Saeed. Wireless Domain Problem Wireless domain insecure Data gets broadcasted to everyone, and anyone hearing this can.

PIC: Practical Internet Coordinates for Distance Estimation Manuel Costa joint work with Miguel Castro, Ant Rowstron, Peter Key Microsoft Research Cambridge.

Thesis Proposal Data Consistency in DHTs. Background Peer-to-peer systems have become increasingly popular Lots of P2P applications around us –File sharing,

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.

SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.

Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Xiaozhou Li COS 461: Computer Networks (precept 04/06/12) Princeton University.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)

Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,

Hongil Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Secure Routing for Structured Peer-to-Peer Overlay Networks M. Castro, P. Druschel, A. Ganesh, A. Rowstron and D. S. Wallach Proc. Of the 5 th Usenix Symposium.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Rowstron and Peter Druschel, Middleware 2001.

Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.

The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.

Spring 2000CS 4611 Routing Outline Algorithms Scalability.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Fabián E. Bustamante, Fall 2005 A brief introduction to Pastry Based on: A. Rowstron and P. Druschel, Pastry: Scalable, decentralized object location and.

Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.

An Introduction To ARP Spoofing & Other Attacks

Christian Scheideler Dept. of Computer Science

Chord and CFS Philip Skov Knudsen

Presentation transcript:

Identity Theft Protection in Structured Overlays Lakshmi Ganesh Ben Y. Zhao University of California, Santa Barbara NPSec 2005

Lakshmi GaneshUniversity of California, Santa Barbara Background: Structured Overlays network abstraction – IDs, not IPs app level entities assigned keys from same namespace as IDs keys mapped to nodes (IDs) many applications – eg, dist. db Alice wants to store her files key(file) = hash(meta info) root(file) = ID closest to key(file) Alice file3 file2 file1 key based routing (KBR)

Lakshmi GaneshUniversity of California, Santa Barbara3 The Identity Attack Structured overlays rely on Key-based Routing –Nodes maintain limited state Route messages by forwarding progressively closer to destination Routing stops when a node claims it is the closest to the key –Relies on KBR for setting up connections between application nodes Identity Attacks hijacks key  node mappings –A hijacker would (falsely) claim that it is the closest node to the given key. –Hijack responsibility for storing / retrieving data, forwarding data, or any other application level responsibility

Lakshmi GaneshUniversity of California, Santa Barbara4 Identity Theft: Illustration Eg: Network with namespace length = 4 and base = 8 Source: Bob Looking for 5770 Actual root Hijacker: Carl! No node is closer to 5770 than I am! So here’s the file you requested Bad! 5770 could be Alice’s employee records ‘Bad’ could be criminal records!

Lakshmi GaneshUniversity of California, Santa Barbara5 Structured Peer-to-Peer Security Sybil Attack –Relies on: nodeIDs are free –Obtain large number of nodeIDs –Resulting virtual identities can collude as a group –Defense: centralized Certificate Authority Eclipse Attack –Relies on: routing table optimization for performance –Leverage Sybil, then fill victim’s routing table with colluders Now what… –Sybil or Eclipse get you close to the victim, now what? –DoS easily detected, Identity Attack more powerful –Can also perform Identity attack independently w/ single node, hence more general than Sybil or Eclipse

Lakshmi GaneshUniversity of California, Santa Barbara6 Outline What we’ve covered –Background Structured Overlays Attacks –Identity, Sybil, Eclipse –Preventing Identity attacks will disempower Sybil, Eclipse attacks Now we’ll see –How to detect Identity Attacks –Analysis of our solution

Lakshmi GaneshUniversity of California, Santa Barbara7 How to detect Identity Attacks First we get suspicious, then we seek proof Step 1: Figure out when some responder is suspicious –How far must the responder’s ID be from the key to warrant suspicion? Step 2: So now you’re suspicious: how to verify? –Ask others? But how do they know? Certification! Based on its ID, each node picks some nodes to certify itself with You can now ask these ‘proof managers’

Lakshmi GaneshUniversity of California, Santa Barbara8 He says he’s the closest I can get to Cairo (Liar!) Geographical Analogy: Intuition for Step 1 me ppl I knowI know 2 ppl in my countryI know 1 person from each continentI want to route to Cairo, Egypt (Africa)I contact the guy I know in Africa (Nigeria) I look at my address book: there are 3 ppl in my country – isn’t there even one in Egypt?? I’m unconvinced!

Lakshmi GaneshUniversity of California, Santa Barbara9 Step 1: How it looks for Bob Node 1024’s Routing Table Bob examines his routing table His assumption: node density in the key’s neighborhood ~ node density in his neighborhood He sees up to 3 nodes in the 102x range Is it likely that there isn’t even one node in the 577x range? NO! How many nodes in XXXX range?How many nodes in 1XXX range?How many nodes in 10XX range?How many nodes in 102X range?

Lakshmi GaneshUniversity of California, Santa Barbara10 Step 2: Proof Certificates Ok, we’re suspicious.. Now what? Intuition: –Each node ‘tells’ a set of other nodes about its existence Periodic certification (signed, time-stamped certificates) –These ‘proof managers’ can now be contacted for proofs –You verify the neighborhood you are in 5770 verifies 57xx and 577x (for example) –Proof manager (PM) set computed based on prefix certified PMs for 57xx = {hash(57,1), hash(57,2), hash(57,3)} PMs for 577x = {hash(577,1), hash(577,2), hash(577,3)} –Bob would now ask hash(577,x) for proofs Scalable –You don’t verify every possible neighborhood You don’t need to

Lakshmi GaneshUniversity of California, Santa Barbara11 Verification Clients requesting verification –Estimate several prefixes of key that “should” exist –E.g., key = 5770 Test prefixes 577x, then 57x –For each prefix Calculate location of proof managers by hashing prefix Issue request to proof managers for certificates –If certificates exist Proof of attack

Lakshmi GaneshUniversity of California, Santa Barbara12 Tying it all together: Illustration Hash(577,1) Hash(577,2) Hash(577,3) 1. Certification (of 577x, say)2. Routing3. Verification Attempted Identity Theft caught! Really ? Source: Bob Looking for 5770 Actual root Carl: Hijacker! No node is closer to 5770 than I am!

Lakshmi GaneshUniversity of California, Santa Barbara13 System Analysis: Performance Effectiveness of the verification system under ideal conditions (no denials, no certificate hijacks, no node churn).

Lakshmi GaneshUniversity of California, Santa Barbara14 System Analysis: Factors Message Hijacks –The Identity attack Certificate Hijacks –Malicious node on path between node and its proof manager Verification Denials –Malicious proof manager Node churn –Nodes come and go

Lakshmi GaneshUniversity of California, Santa Barbara15 System Analysis: Performance Use of replication factor to increase verification effectiveness (certificate denials, hijacks, and node churn assuming 20% malicious nodes).

Lakshmi GaneshUniversity of California, Santa Barbara16 System Analysis: Overhead Verification Overhead –Bandwidth: certs sent per node per second P*RF/T (=3*4/500 = certs/sec ~ 1.25 bytes/sec) –Storage: certs stored per node P*RF (=3*4 certs ~ 600 bytes) where P = num PGs certified by each node RF = replication factor, T = certification interval (secs) cert size ~ 50 bytes Small price to pay to keep Alice happy

Lakshmi GaneshUniversity of California, Santa Barbara17 Looking ahead… Dynamic computation of prefixes to verify Load balancing among members of a prefix group Extension to other protocols –For protocols that do not use prefix routing –Replace prefix groups with ‘range specifiers’ Each specifier includes central point and range on each side i.e. 123X  range(1234.5, 4.5)

Thank You! Questions?

Lakshmi GaneshUniversity of California, Santa Barbara19 Certification: Scalability The probability of the cusp including more than 2 routing levels is P ≤ b/e b, where b = base of the prefix digit. P < 0.07 for b = 4 and P < 1.8 ∗ 10 −6 for b = 16.

Lakshmi GaneshUniversity of California, Santa Barbara20 System Analysis: Performance Use of replication factor to increase verification effectiveness (certificate denials, no hijacks, no node churn).

Lakshmi GaneshUniversity of California, Santa Barbara21 System Analysis: Performance Use of replication factor to increase verification effectiveness (certificate denials and hijacks, no node churn).