ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.

Slides:

Advertisements

Similar presentations

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Advertisements

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.

Digital Signatures and Hash Functions. Digital Signatures.

Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

Experience with an Object Reputation System for Peer-to-Peer File Sharing NSDI’06(3th USENIX Symposium on Networked Systems Design & Implementation) Kevin.

Open Problems in Data- Sharing Peer-to-Peer Systems Neil Daswani, Hector Garcia-Molina, Beverly Yang.

Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Presented by Li-Tal Mashiach Learning to Rank: A Machine Learning Approach to Static Ranking Algorithms for Large Data Sets Student Symposium.

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

ODISSEA: a Peer-to-Peer Architecture for Scalable Web Search and IR Torsten Suel with C. Mathur, J. Wu, J. Zhang, A. Delis, M. Kharrazi, X. Long, K. Shanmugasunderam.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

presented by Hasan SÖZER1 Scalable P2P Search Daniel A. Menascé George Mason University.

Object Naming & Content based Object Search 2/3/2003.

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Microsoft ® Official Course Interacting with the Search Service Microsoft SharePoint 2013 SharePoint Practice.

Overview of Search Engines

Introduction to Peer-to-Peer Networks. What is a P2P network Uses the vast resource of the machines at the edge of the Internet to build a network that.

INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.

Trusted Computing, Peer-To-Peer Distribution, and the Economics of Pirated Entertainment Peter Scott Based on paper by S. E. Schechter, R. A. Greenstadt,

1 Anonshare 2.0 P2P Anonymous Browsing History Share Frank Chiang Terry Go Rui Ma Anita Mathew.

1 GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks Runfang Zhou, Kai Hwang, and Min Cai University of Southern California IEEE Transaction.

Distributed Systems Concepts and Design Chapter 10: Peer-to-Peer Systems Bruce Hammer, Steve Wallis, Raymond Ho.

Introduction to Peer-to-Peer Networks. What is a P2P network A P2P network is a large distributed system. It uses the vast resource of PCs distributed.

Peer-to-Peer Networking. Presentation Introduction Characteristics and Challenges of Peer-to-Peer Peer-to-Peer Applications Classification of Peer-to-Peer.

Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

Parallel and Distributed IR. 2 Papers on Parallel and Distributed IR Introduction Paper A: Inverted file partitioning schemes in Multiple Disk Systems.

Data Structures & Algorithms and The Internet: A different way of thinking.

The EigenTrust Algorithm for Reputation Management in P2P Networks

Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,

Network Computing Laboratory Scalable File Sharing System Using Distributed Hash Table Idea Proposal April 14, 2005 Presentation by Jaesun Han.

윤언근 DataMining lab.  The Web has grown exponentially in size but this growth has not been isolated to good-quality pages.  spamming and.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

PSI Peer Search Infrastructure. Introduction What are P2P Networks? The term "peer-to-peer" refers to a class of systems and applications that employ.

Super-peer Network. Motivation: Search in P2P Centralised (Napster) Flooding (Gnutella)  Essentially a breadth-first search using TTLs Distributed Hash.

ODISSEA open distributed search engine architecture A Peer-to-Peer Architecture for Scalable Web Search and Information Retrieval Torsten Suel, Chandan.

CS 347Notes101 CS 347 Parallel and Distributed Data Processing Distributed Information Retrieval Hector Garcia-Molina Zoltan Gyongyi.

The new protocol of freenet Taken from Ian Clarke and Oskar Sandberg (The Freenet Project)

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

ICS362 – Distributed Systems Dr. Ken Cosh Week 2.

The EigenTrust Algorithm for Reputation Management in P2P Networks

A Simulation Study of P2P File Pollution Prevention Mechanisms Chia-Li Huang, Polly Huang Network & Systems Laboratory Department of Electrical Engineering.

Concept-based P2P Search How to find more relevant documents Ingmar Weber Max-Planck-Institute for Computer Science Joint work with Holger Bast Torino,

A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks E. Damiani S. De Capitani di Vimercati S. Paraboschi P. Samarati F.

A search engine is a web site that collects and organizes content from all over the internet Search engines look through their own databases of.

CS Spring 2014 CS 414 – Multimedia Systems Design Lecture 37 – Introduction to P2P (Part 1) Klara Nahrstedt.

The EigenTrust Algorithm for Reputation Management in P2P Networks Sepandar D.Kamvar Mario T.Schlosser Hector Garcia-Molina.

CS 347Notes081 CS 347: Parallel and Distributed Data Management Notes 08: P2P Systems.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

P2P Networking: Freenet Adriane Lau November 9, 2004 MIE456F.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks Thomas Repantis Vana Kalogeraki Department of Computer Science & Engineering University.

The Anatomy of a Large-Scale Hypertextual Web Search Engine S. Brin and L. Page, Computer Networks and ISDN Systems, Vol. 30, No. 1-7, pages , April.

Project JXTA Kaarthik Sivashanmugam. JXTA..? JXTA is a set of open, generalized peer-to-peer (P2P) protocols that allow any connected device on the network.

Indexing The World Wide Web: The Journey So Far Abhishek Das, Ankit Jain 2011 Paper Presentation : Abhishek Rangnekar 1.

CS Spring 2010 CS 414 – Multimedia Systems Design Lecture 24 – Introduction to Peer-to-Peer (P2P) Systems Klara Nahrstedt (presented by Long Vu)

OceanStore : An Architecture for Global-Scale Persistent Storage Jaewoo Kim, Youngho Yi, Minsik Cho.

Presented by Edith Ngai MPhil Term 3 Presentation

High Performance Computing Lab.

CHAPTER 3 Architectures for Distributed Systems

Building Peer-to-Peer Systems with Chord, a Distributed Lookup Service

Distributed Hash Tables

Presentation transcript:

ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues

SYN  SYN  P2P Security Basics  Introduction to ODISSEA  Security Issues in ODISSEA  Trust via Reputation  FIN

P2P Basics  All nodes are created equal. Not really!  Network classification based on network connectivity –Exponential Networks: Homogenous network, [average] node connectivity is equally distributed –Scale-free networks: Follows power-law for connectivity, that is there are some highly connected nodes and many not too highly connected nodes  Current P2P systems are scale-free networks

Network Maps  Partial map of Gnutella Network  Note the hierarchical structure of the network

Network Maps…  Gnutella Neighborhood Map

Failure vs. Attack  Failure: –Random failure of nodes and/or infrastructure elements  Attack: –Systematic failure of nodes and/or infrastructure elements  Scale-free networks are failure-tolerance  Exponential networks are attack-tolerance  Why?  Most P2P systems give priority for failure- tolerance over attack-tolerance

Possible Targets  Underlying protocol layers  P2P routing mechanism  Nodes themselves  Trust system  Homeostasis (of the system)  Applications/Application Protocols  Users More on that: “Security Issues in Peer-to-Peer Systems ”

ODISSEA: A p2p Search Engine  A p2p search engine  Applications: –Search in p2p networks –Search in intranets –Web search –Middleware  How the search engine works?

ODISSEA: A p2p Search Engine

Security Issues  Three Categories: 1.P2P Search Engine Related 2.P2P Network Related 3.General Security Issues  Search Engine Related: –Content Poisoning: Crawler Parser Query Processor –Protocol Security Protection against MIMs Truthful Execution of Ranking Algorithms –Compartmentalization Search on a multi-level security network –Anonymity P2P networks are used for anonymity

Content Poisoning  Crawler: –Crawler associates wrong URL with some document –E.g.: Associates playboy.com/index.html with ODISSEA web site!  Suggested solutions: 1.Random Re-Crawling: At random re-crawl a URL Simple but has re-crawling overhead No verification from the source! 2.Signed Documents: Have the web server sign the document (Just another header) Parser verifies the signature prior to parsing No re-crawling overhead Requires PKI and web server needs to support signatures

Content Poisoning  Parser: –Malicious parser associates wrong keywords –E.g: Associates ODISSEA with porn!  Suggested Solutions: –TruthSayer for XML documents (Oakland ’01)  Query Processor: –Censorship by query processors!

Protocol Security  ODISSEA Search Protocol –Has no security primitives at all –MIM a good and easy possibility Queries, query results can be altered Postings and documents can be altered E.g. Integrity of copies  Ranking Algorithms –Users have the option to send their own algorithm –There is no way to assure proper algorithm is used – I say “PageRank” query processor uses “PigeonRank”

ODISSEA for Multilevel Security Architecture  Ideal Setting: NSA Information Processing Facility  Environment: –Large secure intranet (100,000 nodes) –Multi-level security (from Unclassified to Umbra) –Users/nodes move between levels  Design Goals: –Optimal use of resources across levels –Enforces multi-level security via compartmentalization –Allows for a fast, scalable search engine –Agile enough to allow users move back and forth –Withstand malicious users, nodes etc.  Simple, Stupid, Scheme: –Assign a key (bit string) to each level –XOR every token of a document with the corresponding key –Search for (keyword XOR key) –Trivial to break and not scalable

Trust

 Local trust value (ebay):  Problems: Does not get a wide view about the peer’s reputation Or It aggregates the whole network and causes congestion  Solution Transitive trust, if I trust you, then I would trust the one you trust Local Trust

Aggregate Local Trust  Normalized local trust  Aggregate local trust values  If C = matrix [c ij ] : t i =C T c i  To get a wider view peer i would ask his friend’s friend: t i =(C T ) 2 c i....and so on …. t i =(C T ) n c i  For large n, the trust vector converges to same vector for every peer i

Distributed EigenTrust  Each node can calculate it’s eigen trust value by:  Were p is a distribution over pre-trusted peers –Pre-trusted peers are essential for breaking malicious collectives –For example the very first nodes in the network i.e. designers

Distributed EigenTrust Algorithm

Distributed EigenTrust Algorithem  Fast convergences

Secure Eigentrust  Calculate the trust value of each peer by more than one peer (score managers)  If there is difference of opinion then vote!  Use DHT to assign score managers, using different hash functions.  Upsides: –Anonymity (can’t tell who’s trust your computing) –Randomization (can’t make yourself your own score manager) –Redundancy (more than one score manager)

Load distribution  Deterministic algorithm –Chose the responding peer with highest trust value  Probabilistic Algorithm –Choose peer i with probability. With probability of 10% select a peer j with zero trust value. –Why 10%? A balance between allowing new users to gather trust, at the same time not granting malicious users a high chance of providing inauthentic files

FIN Questions, comments, concerns?