A DoS-Resilient Information System for Dynamic Data Management Stefan Schmid & Christian Scheideler Dept. of Computer Science University of Paderborn Matthias.

Slides:

Advertisements

Similar presentations

Stefan Schmid & Christian Scheideler Dept. of Computer Science

Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Evaluation of a Scalable P2P Lookup Protocol for Internet Applications

Scalable Content-Addressable Network Lintao Liu

Peer-to-Peer (P2P) Distributed Storage 1Dennis Kafura – CS5204 – Operating Systems.

CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.

Technische Universität Yimei Liao Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei.

Technische Universität Chemnitz Kurt Tutschku Vertretung - Professur Rechner- netze und verteilte Systeme Chord - A Distributed Hash Table Yimei Liao.

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

Chord A Scalable Peer-to-peer Lookup Service for Internet Applications

A Distributed and Oblivious Heap Christian Scheideler and Stefan Schmid Dept. of Computer Science University of Paderborn.

Search and Replication in Unstructured Peer-to-Peer Networks Pei Cao, Christine Lv., Edith Cohen, Kai Li and Scott Shenker ICS 2002.

1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.

Small-world Overlay P2P Network

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

A DoS-Resilient Information System for Dynamic Data Management by Baumgart, M. and Scheideler, C. and Schmid, S. In SPAA 2009 Mahdi Asadpour

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Robust Mixing for Structured Overlay Networks Christian Scheideler Institut für Informatik Technische Universität München.

Distributed Computing Group A Self-Repairing Peer-to-Peer System Resilient to Dynamic Adversarial Churn Fabian Kuhn Stefan Schmid Roger Wattenhofer IPTPS.

Dynamic Hypercube Topology Stefan Schmid URAW 2005 Upper Rhine Algorithms Workshop University of Tübingen, Germany.

SCALLOP A Scalable and Load-Balanced Peer- to-Peer Lookup Protocol for High- Performance Distributed System Jerry Chou, Tai-Yi Huang & Kuang-Li Huang Embedded.

Object Naming & Content based Object Search 2/3/2003.

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Wide-area cooperative storage with CFS

Or, Providing Scalable, Decentralized Location and Routing Network Services Tapestry: Fault-tolerant Wide-area Application Infrastructure Motivation and.

What Can Databases Do for Peer-to-Peer Steven Gribble, Alon Halevy, Zachary Ives, Maya Rodrig, Dan Suciu Presented by: Ryan Huebsch CS294-4 P2P Systems.

Tapestry: Finding Nearby Objects in Peer-to-Peer Networks Joint with: Ling Huang Anthony Joseph Robert Krauthgamer John Kubiatowicz Satish Rao Sean Rhea.

1 Koorde: A Simple Degree Optimal DHT Frans Kaashoek, David Karger MIT Brought to you by the IRIS project.

Roger ZimmermannCOMPSAC 2004, September 30 Spatial Data Query Support in Peer-to-Peer Systems Roger Zimmermann, Wei-Shinn Ku, and Haojun Wang Computer.

Towards Scalable and Robust Distributed Systems Christian Scheideler Institut für Informatik Technische Universität München.

Consistent Hashing: Load Balancing in a Changing World

Towards Scalable and Robust Overlay Networks Christian Scheideler Institut für Informatik Technische Universität München Baruch Awerbuch Dept. of Computer.

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Jonathan Walpole CSE515 - Distributed Computing Systems 1 Teaching Assistant for CSE515 Rahul Dubey.

Using the Small-World Model to Improve Freenet Performance Hui Zhang Ashish Goel Ramesh Govindan USC.

Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Xiaozhou Li COS 461: Computer Networks (precept 04/06/12) Princeton University.

Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,

Network Computing Laboratory Scalable File Sharing System Using Distributed Hash Table Idea Proposal April 14, 2005 Presentation by Jaesun Han.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.

Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.

Paper Survey of DHT Distributed Hash Table. Usages Directory service  Very little amount of information, such as URI, metadata, … Storage  Data, such.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Chord Advanced issues. Analysis Theorem. Search takes O (log N) time (Note that in general, 2 m may be much larger than N) Proof. After log N forwarding.

Facility Location in Dynamic Geometric Data Streams Christiane Lammersen Christian Sohler.

Chord Advanced issues. Analysis Search takes O(log(N)) time –Proof 1 (intuition): At each step, distance between query and peer hosting the object reduces.

A Denial-of-Service Resistant DHT Christian Scheideler Technische Universität München Joint work with Baruch Awerbuch, JHU.

LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.

Towards a Scalable and Robust DHT Baruch Awerbuch Johns Hopkins University Christian Scheideler Technical University of Munich.

INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.

CS 347Notes081 CS 347: Parallel and Distributed Data Management Notes 08: P2P Systems.

P2P Search COP6731 Advanced Database Systems. P2P Computing  Powerful personal computer Share computing resources P2P Computing  Advantages: Shared.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

Peer-to-Peer Data Structures Christian Scheideler Dept. of Computer Science Johns Hopkins University.

1 Plaxton Routing. 2 History Greg Plaxton, Rajmohan Rajaraman, Andrea Richa. Accessing nearby copies of replicated objects, SPAA 1997 Used in several.

Robust Random Number Generation for Peer-to-Peer Systems Baruch Awerbuch Johns Hopkins University Christian Scheideler Technical University of Munich.

Incrementally Improving Lookup Latency in Distributed Hash Table Systems Hui Zhang 1, Ashish Goel 2, Ramesh Govindan 1 1 University of Southern California.

Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,

Christian Scheideler Dept. of Computer Science

Data Management on Opportunistic Grids

(slides by Nick Feamster)

Accessing nearby copies of replicated objects

Chord Advanced issues.

Chord Advanced issues.

Chord Advanced issues.

MIT LCS Proceedings of the 2001 ACM SIGCOMM Conference

Consistent Hashing and Distributed Hash Table

Presentation transcript:

A DoS-Resilient Information System for Dynamic Data Management Stefan Schmid & Christian Scheideler Dept. of Computer Science University of Paderborn Matthias Baumgart Dept. of Computer Science Technische Universität München

Motivation In 2007, a major DoS attack was launched against the root servers of the DNS system Internet d d d d d d

DoS-resistant Information System Problem: DNS-approach of full replication not feasible in large information systems Internet off-the-shelf servers

DoS-resistant Information System Scalable information system: storage overhead limited to logarithmic factor Internet d d d

DoS-resistant Information System storage overhead limited to log factor: scalable put und get operations possible Internet d d d

DoS-resistant Information System storage overhead limited to log factor: but how to be robust against DoS attacks? Internet d d d

Fundamental Dilemma Scalability: minimize replication of information Robustness: maximize resources needed by attacker Internet d d d

Fundamental Dilemma Limitation to „legal“ attacks / information hiding Information hiding difficult under insider attacks Internet d d d

DoS-resistant Information System Past-Insider-Attack: Attacker knows everything about system till (unknown) time t 0 Goal: scalable information system so that everything that was inserted after t 0 is safe (w.h.p.) against any past-insider DoS attack that can shut down any  -fraction of the servers, for some  >0, and create any legal set of put and get requests You are fired!

Formal Model We are given a static set of n reliable servers.  -bounded attacker: knows entire system till time t 0 (unknown to system) can block any  -fraction of servers can generate any set of put/get requests, one per server Goals: Scalability: every server spends at most polylog time and work on put and get requests Robustness: every get request to a data item inserted or updated after t 0 is served correctly Correctness: every get request to a data item is served correctly if the system is not under DoS-attack

DoS-resilient Information System Dilemma: just polylog copies allowed per data item to be scalable deterministic placement ??? randomized placement

DoS-resilient Information System Basic strategy: choose suitable hash functions h 1,..,h c :D  V (D: name space of data, V: set of servers) Store copy of item d for every i and j randomly in a set of servers of size 2 j that contains h i (d) h i (d) easy to block difficult to block easy to find difficult to find

DoS-resilient Information System „Tie“ sufficient for get requests [DISC 07]: Most get requests can access close-by copies, only a few get requests have to find distant copies Work for each server altogether just polylog(n) for any set of n get requests, one per server h i (d)

DoS-resilient Information System „Tie“ sufficient for get requests [DISC 07]: BUT for get requests to work, all areas must have up-to-date copies, so put requests may fail under DoS attack h i (d)

DoS-resilient Information System Chameleon system: Permanent distributed hash table (p-store) h 1,..,h c fixed, must satisfy expansion properties (that hold w.h.p. for random hash functions) Temporary distributed hash table (t-store) hash function h continuously changes p-store t-store

DoS-resilient Information System Phase of Chameleon system: 1.Adversary blocks servers and initiates put & get requests 2.build new t-store, transfer data from old to new t-store 3.process all put requests in t-store 4.process all get requests in t-store and p-store 5.try to transfer data items from t-store to p-store p-store t-store Internet

Stage 2: Build new t-store t-store: distributed hash table (DHT) (de Bruijn network + consistent hashing) New t-store: Join protocol: Every node chooses new random location in de Bruijn network, searches for neighbors in p-store Insert protocol: Data items in old t-store are stored in new t-store (just O(n) items w.h.p.) O(log n) time and congestion w.h.p. p-store

Stage 3: Process puts in t-store t-put protocol: de-Bruijn routing with combining to store data in new t-store O(log n) time and O(log 2 n) congestion

Stage 4: Process get Requests t-get protocol: de Bruijn routing with combining to lookup data in t-store (O(log n) time and O(log 2 n) congestion) p-get protocol (related to [DISC 07]): –Preprocessing stage: determine blocked areas in p-store via sampling (O(1) time and O(log 2 n) congestion) –Contraction stage: try to get as close as possible to hash- based positions (O(log n) time and O(log 3 n) congestion) –Expansion stage: look for copies at successively wider areas (O(log 2 n) time and O(log 3 n) congestion)

Contraction Stage 01 h i (x) log n

Expansion Stage 01 h i (x) log n inactive

Stage 5: data from t-store to p-store p-put protocol: –Preprocessing stage: determine blocked areas and average load in p-store via sampling (O(1) time and O(log 2 n) congestion) –Contraction stage: try to get to sufficiently many hash-based positions in p-store (O(log n) time and O(log 3 n) congestion) –Permanent storage stage: for each successful data item, store new copies and delete as many old ones as possible (O(log n) time and O(log 2 n) congestion)

DoS-resistant Information System Theorem: Under any  -bounded past-insider attack (for some constant  >0), the Chameleon system can serve any set of requests (one per server) in O(log 2 n) time s.t. every get request to a data item inserted or updated after t 0 is served correctly, w.h.p. No degradation over time: O(log 2 n) copies per data item fair distribution of data among servers

Related Work Many scalable information systems: Chord, CAN, Pastry, Tapestry,… But many of these designs not even robust against flash crowds

Related Work Caching strategies against flash crowds: CoopNet, Backlash, PROOFS,… Naor&Wieder 03 But not robust against adaptive lookup attacks a b c d

Related Work Systems robust against DoS-attacks: SOS, WebSOS, Mayday, III,… Basic strategy: indirection infrastructure to hide original location of data Does not work against past insiders

Related Work Awerbuch & Sch. (DISC 07): DoS-resistent information system that can only handle get requests under DoS attack

Conclusion Applications: DoS-resistant platform for e- commerce or critical information services Open problems: More light-weight solution DoS-resistant system with bounded degree

Any Questions?