Samsara Honor among thieves in peer-to-peer storage.

Slides:

Advertisements

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Advertisements

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Storage management and caching in PAST Antony Rowstron and Peter Druschel Presented to cs294-4 by Owen Cooper.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

Chord A Scalable Peer-to-peer Lookup Service for Internet Applications Prepared by Ali Yildiz (with minor modifications by Dennis Shasha)

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Samsara: Honor Among Thieves in Peer-to-Peer Storage Landon P. Cox and Brian D. Noble University of Michigan.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

Protecting Free Expression Online with Freenet Presented by Ho Tsz Kin I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley 14/08/2003.

Object Naming & Content based Object Search 2/3/2003.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Wide-area cooperative storage with CFS

Improving Data Access in P2P Systems Karl Aberer and Magdalena Punceva Swiss Federal Institute of Technology Manfred Hauswirth and Roman Schmidt Technical.

Computer Science Lecture 12, page 1 CS677: Distributed OS Last Class Vector timestamps Global state –Distributed Snapshot Election algorithms.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

Distributed Databases

Encryption Methods By: Michael A. Scott

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Freenet: A Distributed Anonymous Information Storage and Retrieval System Presentation by Theodore Mao CS294-4: Peer-to-peer Systems August 27, 2003.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.

Freenet. Anonymity  Napster, Gnutella, Kazaa do not provide anonymity  Users know who they are downloading from  Others know who sent a query  Freenet.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

CH2 System models.

Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.

Pond: the OceanStore Prototype Sean Rhea, Patric Eaton, Dennis Gells, Hakim Weatherspoon, Ben Zhao, and John Kubiatowicz University of California, Berkeley.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.

Freenet File sharing for a political world. Freenet: A Distributed Anonymous Information Storage and Retrieval System I. Clarke, O. Sandberg, B. Wiley,

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

The EigenTrust Algorithm for Reputation Management in P2P Networks

March 16 & 21, Csci 2111: Data and File Structures Week 9, Lectures 1 & 2 Indexed Sequential File Access and Prefix B+ Trees.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.

Peer-to-Peer Network Tzu-Wei Kuo. Outline What is Peer-to-Peer(P2P)? P2P Architecture Applications Advantages and Weaknesses Security Controversy.

Chapter 4 Using Encryption in Cryptographic Protocols & Practices.

The Replica Location Service The Globus Project™ And The DataGrid Project Copyright (c) 2002 University of Chicago and The University of Southern California.

1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.

Chord Advanced issues. Analysis Search takes O(log(N)) time –Proof 1 (intuition): At each step, distance between query and peer hosting the object reduces.

Thoughts on KeySec John Viega

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

Topic Distributed DBMS Database Management Systems Fall 2012 Presented by: Osama Ben Omran.

BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

Fall 2006CS 395: Computer Security1 Key Management.

Cryptography CSS 329 Lecture 13:SSL.

File-System Management

Presented by Muhammad Abu Saqer

Providing Secure Storage on the Internet

Presentation by Theodore Mao CS294-4: Peer-to-peer Systems

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Lecture 4 - Cryptography

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

A Scalable Peer-to-peer Lookup Service for Internet Applications

Presentation transcript:

Samsara Honor among thieves in peer-to-peer storage

2 Objectives The objective of this paper is to construct a storage system for peer-to-peer backup systems that will ensure – –Consumption proportional to contribution without the need of centralized administration, at the same time providing some degree of flexibility –Fair punishment to cheating participants, while minimizing the effect of punishment to participants suffering transient failure

3 What is Samsara A storage system for peer-to-peer backup systems Controls the storage relationships for the P2P system A,B,C…,J - Nodes in the P2P network D,G,J… - Replica nodes of A P2P Client Samsara OS Network backbone ABCDE FGHIJ

4 What is Samsara – contd. A node can choose replica sites to store its backup image Every node maintains a hash table of its active content, helps in finding a better replica node The main functions of Samsara are – Maintaining storage relationships Creating symmetry Punishing non-responsive nodes

5 Why is such a system needed? Problems with peer-to-peer storage systems – –Tragedy of the commons - Users have no incentive to contribute –Under-reporting of resources Problems with mechanisms to compel fairness –Trusted third parties require centralized administration –Certified identities and public keys require trusted means of certification Symmetrical systems are restrictive –No freedom in choice of replica sites –Transient failures are punished too severely

6 The Samsara model No Greed – When you ask for space, promise same amount in return This promise is called Claims Claims are physical storage space reserved for the party that holds it A stores a 1 on B, and stores claim β 1 for B in return B has total ownership on its claim β 1, it can use it to store data when it needs storage space AB a1a1 β1β1

7 Claim forwarding Claims could be forwarded downstream –B stores data for A, owns claim on A –C stores data for B, owns claim on B –B could forward C’s claim to A in lieu of its own claim ABC a1a1 b1b1 γ1γ1 ABC a1a1 b1b1 γ1γ1 β1β1

8 Claim forwarding – contd. Forwarded claim, not forwarded responsibility –A node still remains responsible for the claims it owes, even after forwarding –If a claim becomes unavailable then claim owner punishes the node it had the original claim on –Forwarding not preferable unless essential –The claim owner has information about the forwarding

9 Claim cycle When a node wants space on some node that holds its forwarded claim Continuing from the diagrams on slide 7 –C takes space on A, A passes C’s claim back to C –C deletes its claim ABC a1a1 b1b1 c1c1

10 Reliability of forwarding B a1a1 E d1d1 D c1c1 C b1b1 A ε1ε1 Before failure No claim cycle AB a1a1 ED β1β1 After failure No claim cycle If C fails All the data stored upstream of C is lost

11 Reliability of forwarding – contd. B a1a1 E d1d1 D β1β1 A e1e1 B a1a1 E d1d1 D c1c1 C b1b1 A e1e1 If C fails Only data stored on C is lost –Claim cycles are more reliable Before failure Claim cycle After failure Claim cycle

12 Claim construction Incompressible placeholders, provided in return of storage space Three values needed for computing claims –A secret pass-phrase P –A private, symmetric key K –A location in the storage space Process of claim computation –Claims are made of hash values –One hash value is 20 bytes long –i th hash is SHA1 hash of concatenation of P and number i –h 0 = SHA1(P, 0) –h i = SHA1(P, i)

13 Claim construction – contd. Claims are fixed sized blocks –Formed from consecutive hash values –To construct 512 bytes long claims - First claim C 0 = first 25 hashes + 12 bytes of 26 th hash, then encrypting it with K Claim C i = {h j, h j+1,……h j+24, h j+25 [0],….h j+25 [11]}K Where j = i * 26

14 Querying Nodes Nodes need to monitor their remote storage –Need to check if the other nodes are keeping their part of the promise Need not be answered immediately –Querying node needs to be patient because – The other node might be bogged down with some resource intensive process The other node might be facing bandwidth shortage Need not be very frequent –More queries means more network cost for both the nodes –Querying every few hours or even once a day is enough

15 Querying Nodes – contd. Method of querying - –No need to return entire data object to prove data being held –Querying node – sends a unique value, h 0, along with list of n objects to be verified –Responding node – Appends h 0 to first object in the list and computes SHA1 of this concatenation. This gives hash h 1 Appends h 1 to second object in the list and computes SHA1 of this concatenation to get h 2 and so on After n th object h n is returned to the querying node –Querying node checks h n to verify if that all objects are stored a1a1 h0h0 a2a2 h1h1 a3a3 h2h2 hnhn … SH A1

16 Transient failure Cheating or transient failure –Need to distinguish between cheating nodes and nodes suffering from transient failure –No sure way of knowing between the two –Any node should not loose data for transient failure –Dishonest nodes need to be punished –Grace period is an option but could be too harsh on the failed nodes. Could be misused also

17 Transient failure – contd. Gradated grace period –A node gets sufficient grace period to respond –All the data is not lost after the grace period –Punishment gets more severe after every elapsing grace period Probabilistic punishment –For every failed query, a small part of responder’s data is deleted by the querying node –The part of data object to be deleted is chosen probabilistically –Lost data could be reconstructed from the replica nodes –Probability of permanently loosing part of data gets higher with every failed query –Cheating nodes will loose all the data eventually

18 Transient failure – contd. Chances of misuse –A cheating node could have too many replicas or could create brand new set of replicas –Will have to do this very frequently –Network cost more than storage cost –For large amount of data it not economical to cheat –Smaller the amount of data, higher the success rate of cheating

19 Implementation A prototype has been created Implementation consists of three layers –Messaging layer Responsible for sending & receiving all network & local messages Messages are store, retrieve, query and callback –Replica manager Responsible for authentication and maintaining replica locations –Storage layer Responsible for keeping track of stored data and their ownerships Handles claims generation Performance comparable to scp (secure copy) program

20 Advantages & disadvantages Advantages –Tackles the issue of unchecked consumption –Provides flexibility in form of claim forwarding –Doesn’t need centralized administration –Tries not to punish the nodes experiencing transient failure while punishing the dishonest users –Ensures compliance with minimum network load Disadvantages –A chain of forwarded claims can fail because of one bad node

21 Evaluation Strengths –With simple modifications, the ideas presented in the paper could be applied to some other P2P systems also Weaknesses –Paper isn’t very clear about the process of storing data in place of its claim –Paper isn’t very clear about the nodes with relatively small data size, both in relation to – How to deal with cheating How not to punish too severely in case of transient failure –Paper says that circular claims is more reliable but doesn’t provide any way of encouraging it

22 Questions What are the main aims of Samsara? What are storage claims? What should be the considerations while querying a node storing a claim? How is the failure punishment model different from other symmetric storage systems? Why shouldn’t claim forwarding be used frequently?