A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL.

Slides:



Advertisements
Similar presentations
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Advertisements

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.
Chord A Scalable Peer-to-peer Lookup Service for Internet Applications Prepared by Ali Yildiz (with minor modifications by Dennis Shasha)
Technische Universität Yimei Liao Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei.
Technische Universität Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei Liao.
The Chord P2P Network Some slides have been borowed from the original presentation by the authors.
CHORD: A Peer-to-Peer Lookup Service CHORD: A Peer-to-Peer Lookup Service Ion StoicaRobert Morris David R. Karger M. Frans Kaashoek Hari Balakrishnan Presented.
Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Speaker: Cathrin Weiß 11/23/2004 Proseminar Peer-to-Peer Information Systems.
Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M
1 1 Chord: A scalable Peer-to-peer Lookup Service for Internet Applications Dariotaki Roula
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Robert Morris, M. Frans Kaashoek, David Karger, Hari Balakrishnan, Ion Stoica, David Liben-Nowell, Frank Dabek Chord: A scalable peer-to-peer look-up.
Robert Morris, M. Frans Kaashoek, David Karger, Hari Balakrishnan, Ion Stoica, David Liben-Nowell, Frank Dabek Chord: A scalable peer-to-peer look-up protocol.
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Ion StoicaRobert Morris David Liben-NowellDavid R. Karger M. Frans KaashoekFrank.
Haifeng Yu National University of Singapore
1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,
Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.
1 Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Robert Morris Ion Stoica, David Karger, M. Frans Kaashoek, Hari Balakrishnan.
Chord: A Scalable Peer-to-Peer Lookup Protocol for Internet Applications Stoica et al. Presented by Tam Chantem March 30, 2007.
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek and Hari alakrishnan.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.
SkipNet: A Scaleable Overlay Network With Practical Locality Properties Presented by Rachel Rubin CS294-4: Peer-to-Peer Systems By Nicholas Harvey, Michael.
Peer To Peer Distributed Systems Pete Keleher. Why Distributed Systems? l Aggregate resources! –memory –disk –CPU cycles l Proximity to physical stuff.
Wide-area cooperative storage with CFS
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
File Sharing : Hash/Lookup Yossi Shasho (HW in last slide) Based on Chord: A Scalable Peer-to-peer Lookup Service for Internet ApplicationsChord: A Scalable.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.
1 Koorde: A Simple Degree Optimal DHT Frans Kaashoek, David Karger MIT Brought to you by the IRIS project.
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
Mobile Ad-hoc Pastry (MADPastry) Niloy Ganguly. Problem of normal DHT in MANET No co-relation between overlay logical hop and physical hop – Low bandwidth,
INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.
Effizientes Routing in P2P Netzwerken Chord: A Scalable Peer-to- peer Lookup Protocol for Internet Applications Dennis Schade.
Network Layer (3). Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service for other.
Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.
Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.
1 Reading Report 5 Yin Chen 2 Mar 2004 Reference: Chord: A Scalable Peer-To-Peer Lookup Service for Internet Applications, Ion Stoica, Robert Morris, david.
Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Xiaozhou Li COS 461: Computer Networks (precept 04/06/12) Princeton University.
1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Presentation 1 By: Hitesh Chheda 2/2/2010. Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT Laboratory for Computer Science.
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.
Presented by: Tianyu Li
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan Presented.
SIGCOMM 2001 Lecture slides by Dr. Yingwu Zhu Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
Chord Advanced issues. Analysis Theorem. Search takes O (log N) time (Note that in general, 2 m may be much larger than N) Proof. After log N forwarding.
Chord Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, Robert E. Gruber Google,
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 2: Distributed Hash.
Chord Advanced issues. Analysis Search takes O(log(N)) time –Proof 1 (intuition): At each step, distance between query and peer hosting the object reduces.
SybilGuard: Defending Against Sybil Attacks via Social Networks.
LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.
Two Peer-to-Peer Networking Approaches Ken Calvert Net Seminar, 23 October 2001 Note: Many slides “borrowed” from S. Ratnasamy’s Qualifying Exam talk.
A Sybil-Proof Distributed Hash Table Chris Lesniewski-LaasM. Frans Kaashoek MIT 28 April 2010 NSDI
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
CS694 - DHT1 Distributed Hash Table Systems Hui Zhang University of Southern California.
Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,
1 Distributed Hash tables. 2 Overview r Objective  A distributed lookup service  Data items are distributed among n parties  Anyone in the network.
The Chord P2P Network Some slides taken from the original presentation by the authors.
Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M
The Chord P2P Network Some slides have been borrowed from the original presentation by the authors.
(slides by Nick Feamster)
DHT Routing Geometries and Chord
A Sybil-proof DHT using a social network
Koorde: A simple degree optimal DHT
Building Peer-to-Peer Systems with Chord, a Distributed Lookup Service
MIT LCS Proceedings of the 2001 ACM SIGCOMM Conference
A Scalable Peer-to-peer Lookup Service for Internet Applications
Presentation transcript:

A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL

Overview Distributed Hash Tables The Sybil attack Model (network, adversary) Tool: random sampling from a social network Sybil-proof DHT protocols

DHT routing in three slides Structured DHT: a layer in many P2P systems Used by requesting node to find another node by ID – IDs typically hash of public key: self-certifying – DHT maps ID to IP address ID = SHA-1(public key)

DHT routing in three slides Sub-linear table size – Nodes need not keep track of all other nodes – Reduces bandwidth usage – Enables scaling

DHT routing in three slides Routing via intermediate hops Result is authenticated Trade off table size versus routing hops s t {ID t } {IP addr} PKt

The Sybil Attack “One can have, some claim, as many electronic personas as one has time and energy to create.” Judith S. Donath

DHTs are subject to the Sybil attack Attacker creates many pseudonyms Disrupts routing or stabilization Douceur, 2002: “without a logically centralized authority, Sybil attacks are always possible” s t {ID t }

Methods to limit the Sybil attack Limit IDs per IP address Central CA issues IDs – Strong PKI – CAPTCHA – Cryptographic puzzles All methods have drawbacks – cost, compatibility, barriers to entry Adversary may have more resources

Social network can help Nodes have social links to other nodes – social links established outside of the DHT – provides additional information usable by DHT ChrisFrans Andy Robert Bryan Jacob Paul Larry Sean

Social network model

n = number of honest nodes – for this talk only, all nodes have ~same degree g = number of attack edges – g = o(n/log n) tolerable by protocol Correctness is independent of number of Sybil nodes! … Honest region Sybil region Attack edges

Mixing time Random walk: choose each hop randomly Mixing time: #hops until uniform probability Fast mixing network: mixing time = O(log n)

Sampling by random walks A random walk has o(1) chance of escaping* – True when g bounded by o(n/log n) – Of r walks, (1-o(1))r = Ω (r) end nodes are good! – Can’t distinguish good from bad nodes in set Honest region Sybil region escaping paths non-escaping path

Basic one-hop DHT design Construct finger table by r random walks Route to t by asking all fingers about t – If r = Ω ( √ n log n), some finger knows t WHP Adversary cannot interfere with routing s t r r {know t?} {t?} {t’s IP address} {forwarded message from s}

Properties of this solution Finger table size: r = O( ) Bandwidth to construct: O(r log n) bits Bandwidth to query: O(r) messages Probability of failure: 1/poly(n)

Preliminary results Input graph: Orkut scrape – 7335 nodes – edges – walk length 10 – table size r = 1000 n/log n ≈ % 2.64% g ~ m

Properties of this solution Finger table size: r = O( ) Bandwidth to construct: O(r log n) bits Bandwidth to query: O(r) messages Probability of failure: 1/poly(n)

Structured one-hop DHT Goal: reduce bandwidth used by routing lookup Method: add Chord-like structure to DHT Assign hash IDs on ring ID=SHA1(PK)

Structured one-hop DHT Goal: reduce bandwidth used by routing lookup Method: add Chord-like structure to DHT Assign hash IDs on ring Already have finger tables Need successor tables

Constructing successor tables Construct finger tables Sort finger table by ID Tell each finger about its successors in your finger table – costs extra messages – send O(log n) successors Each node learns its r successors WHP

Using successor tables To route, query closest finger to target – finger’s successor table should contain target If failed, finger may be evil or simply unlucky Try next closest finger – Expect O(1) tries t s

Hard to extend to O(log n) hops Would like to have smaller routing tables – this requires more hops per lookup First finger table (from random walks) has o(1) fraction of bad fingers Successive refinements (closer successors in ID space) using Chord stabilization: fraction of bad nodes grows at each step Tricky? Yes. Impossible? Unclear.

Summary DHTs are subject to the Sybil attack Social networks provide useful information Created a Sybil-resistant one-hop DHT – Resistant to g = o(n/log n) attack edges – Table sizes and routing BW O( √ n log n) – Uses O(1) messages to route This is important: enables fully decentralized and secure peer-to-peer systems

The “Tom” attack Tom has friends.

The “Tom” attack From: Flickr Mail Subject: [Flickr] You are aameesh's newest contact! Date: 29 Mar :00: To: Hi Chris Lesniewski, You are aameesh's newest contact! If you don't know aameesh, aameesh is probably a fan of your photos or wants a bookmark so they can find you again. There is no obligation for you to reciprocate, unless you want to. :)

The “Tom” attack From: Flickr Mail Subject: [Flickr] You are aameesh's newest contact! Date: 29 Mar :00: To: Hi Chris Lesniewski, You are aameesh's newest contact! If you don't know aameesh, aameesh is probably a fan of your photos or wants a bookmark so they can find you again. There is no obligation for you to reciprocate, unless you want to. :)

SybilGuard/SybilLimit [2006/2008 Yu, Gibbons, Kaminsky, Xiao] Not a DHT, but a “general” Sybil defense Provides a Sybil/not-Sybil test – Honest node accepts at most O(g log n) Sybils Wonderful insight: “fast mixing” social networks Generality comes with a price: – O( √ n) bandwidth per test (one suspect, one verifier) – To get at least one good node, need to test Ω (n)! remember that we must tolerate g = o(n/log n)

Attack on the ID space IDs come from a hash function (on IP, PK, etc) Adversary can create many IDs offline – can target a particular range of ID space Result: “eclipse” attack on a particular node ID t s

Balancing protocol Give each node O(log n) virtual IDs – Increases BW and table size by O(log n) In finger tables, prune IDs in too-dense ranges When choosing IDs to prune, always keep the finger with fewer virtual IDs left – result: evenly spaced fingers

Why balancing protocol works Doesn’t hurt good guys – Extremely unlikely to have very dense ranges Weeds out spuriously dense IDs from bad guys – Finger tables pruned until balanced Good guys keep at least one virtual ID – A node with only one virtual ID left always wins – Difficult for adversary to construct ID which collides on all virtual IDs

DHT routing in one slide Structured DHT: a layer in many P2P systems – Used by requesting node to find a replica node responsible for a key – Sublinear table size Nodes need not keep track of all other nodes Reduces bandwidth usage Enables scaling – Trade off table size versus routing hops 5,2 1,1 3,5 √N√N key: (3,5) 3,2

DHTs are subject to the Sybil attack Attacker creates many pseudonyms Disrupts routing or stabilization Methods to limit attack – Limit IDs per IP address – Central CA issues IDs Strong PKI? CAPTCHA? – all methods have drawbacks

Social network can help Nodes have social links to other nodes – social links established outside of the DHT – at least one link/node needed to bootstrap DHT If there is no path s ⇝ t in the social network, then no DHT protocol can find t from s ChrisFrans Andy Robert Bryan Jacob Paul Larry Sean T S S