Michael Sirivianos Xiaowei Yang Stanislaw Jarecki Presented by Vidya Nalan Chakravarthy.

Slides:

Advertisements

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Incentives Build Robustness in BitTorrent Bram Cohen.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Cryptography and Network Security

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 Communication Networks Kolja Eger, Prof. Dr. U. Killat 1 From Packet-level to Flow-level Simulations of P2P Networks Kolja Eger, Ulrich Killat Hamburg.

CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang

Towards Efficient Simulation of Large Scale P2P Networks

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Cryptography and Network Security Chapter 17

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services Matt Welsh, David Culler, and Eric Brewer Computer Science Division University of.

Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Cryptography Basic (cont)

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

High Performance Cooperative Data Distribution [J. Rick Ramstetter, Stephen Jenks] [A scalable, parallel file distribution model conceptually based on.

Concurrency Control & Caching Consistency Issues and Survey Dingshan He November 18, 2002.

Chapter 8 Web Security.

Team CMD Distributed Systems Team Report 2 1/17/07 C:\>members Corey Andalora Mike Adams Darren Stanley.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

SSH Secure Login Connections over the Internet

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Proceeding the Second Exercises on Computer and Systems Engineering Professor OKAMURA Laboratory. Othman Othman M.M.

Christina Aperjis, Michael J. Freedman and Ramesh Johari Presented By Vidya Nalan Chakravarthy.

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services

Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems Himanshu Khurana NCSA, University of Illinois.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

Gil EinzigerRoy Friedman Computer Science Department Technion.

Do incentives build robustness in BitTorrent? Michael Piatek, Tomas Isdal, Thomas Anderson, Arvind Krishnamurthy, Arun Venkataramani.

Cryptography, Authentication and Digital Signatures

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Swapping to Remote Memory over InfiniBand: An Approach using a High Performance Network Block Device Shuang LiangRanjit NoronhaDhabaleswar K. Panda IEEE.

Chapter 4 Using Encryption in Cryptographic Protocols & Practices.

Robustness in the Salus scalable block store Yang Wang, Manos Kapritsos, Zuocheng Ren, Prince Mahajan, Jeevitha Kirubanandam, Lorenzo Alvisi, and Mike.

P2P Streaming Protocol (PPSP) Requirements draft-zong-ppsp-reqs-03.

A Low-bandwidth Network File System Athicha Muthitacharoen et al. Presented by Matt Miller September 12, 2002.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

A P2P-Based Architecture for Secure Software Delivery Using Volunteer Assistance Purvi Shah, Jehan-François Pâris, Jeffrey Morgan and John Schettino IEEE.

Martin Kruliš by Martin Kruliš (v1.1)1.

Peer-to-Peer Systems: An Overview Hongyu Li. Outline  Introduction  Characteristics of P2P  Algorithms  P2P Applications  Conclusion.

1 Reforming Software Delivery Using P2P Technology Purvi Shah Advisor: Jehan-François Pâris Department of Computer Science University of Houston Jeffrey.

09/13/04 CDA 6506 Network Architecture and Client/Server Computing Peer-to-Peer Computing and Content Distribution Networks by Zornitza Genova Prodanoff.

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

Robustness in the Salus scalable block store Yang Wang, Manos Kapritsos, Zuocheng Ren, Prince Mahajan, Jeevitha Kirubanandam, Lorenzo Alvisi, and Mike.

Efficient Opportunistic Sensing using Mobile Collaborative Platform MOSDEN.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Threads vs. Events SEDA – An Event Model 5204 – Operating Systems.

Cryptography and Network Security

PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471

Secure Sockets Layer (SSL)

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Cryptography and Network Security

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

The Secure Sockets Layer (SSL) Protocol

Multithreaded Programming

ONLINE SECURE DATA SERVICE

Cryptography and Network Security

Presentation transcript:

Michael Sirivianos Xiaowei Yang Stanislaw Jarecki Presented by Vidya Nalan Chakravarthy

Contents Introduction Design Overview Robust incentives Credit management Unauthorized content distribution Preliminary evaluation Implementation Experimental results Conclusions

Motivation Cost efficient solution to handle demand peaks Robust incentives for client co-operation Discourage unauthorized content exchange

Online Content Distribution Issue Cost effective solution to handle peak usage Over-provisioning Solutions Content Distribution networks Free CDNs Dandelion

Online Content Distribution – Solutions Content distribution networks Example: Akamai Services are costly Free CDNs Examples: Coral, CoDeen and Cob-Web Lack viable model to scale

Online Content Distribution – Solutions Dandelion Cost effective solution to handle flash crowds Utilizes clients’ bandwidth Redirects requests to other clients with the content

Online Content Distribution – Solutions Flash crowd scenario Dandelion Server Server Peer-serving mode

BitTorrent Vs Dandelion `BitTorrent uses rate based tit for tat Susceptible to manipulation No motivation to upload after completion of download No incentives for uploading in BitTorrent

Design Overview Robust Incentives Credit Management Discouraging unauthorized content distribution

Dandelion server Distributes small and large static files Responds to client requests with content Enters peer-serving mode when overloaded Redirects requests to other clients with the content Maintains virtual economy Robust incentives Credits used for future downloads

Data Distribution (I) Server splits data into chunks Chunks are disseminated independently Allows clients to upload on receipt of a chunk Increases efficiency of distribution pipeline Incentivizes clients to upload chunks to earn credits for downloading other missing chunks Chunk1Chunk 2Chunk3

Data Distribution (II) Dandelion Server Chunk 1 Chunk 2 Chunk 1 Chunk 2 Chunk 3

Key challenges Prevent client cheating Client does not upload any data Client uploads garbage and claims credit Maintain low processing and bandwidth costs

Solution Cryptographic fair exchange mechanism Dandelion server mediates exchanges Non – repudiable complaint mechanism

Peer serving protocol Clients have password protected accounts with server establish a secure channel to obtain shared session keys Message exchange during a flash crowd event is as shown:

Peer serving protocol Step 1: 1

Peer serving protocol Step2: 1 2

Peer serving protocol Step 3: 1 2 3

Peer serving protocol Step 4:

Peer serving protocol Step 5: 1 2 3,5 4

Peer serving protocol Step 6: 1 2 3,5 4,6

Peer serving protocol Step 7: 1,7 2 3,5 4,6

Peer serving protocol Step 8: 1,7 2,8 3,5 4,6

Peer serving protocol A’s commitment does not verify due to Transmission error or A misbehaving or B misbehaving Server warns B and does not return encryption key k It does not update A’s or B’s credit B re-requests the chunk from A or another client

Peer serving protocol If B receives repeated invalid commitments from A, it should disconnect from A and blacklist it If server receives repeated decryption requests from B with invalid commitments from A, B is blacklisted

Peer serving protocol

Complaint Mechanism If decrypted file is invalid, B complains to the server Complaint message contains A’s commitment Digest of the encrypted chunk Encryption of key k A cannot repudiate it

Complaint Mechanism If commitment verifies Server checks if commitment is computed over a valid chunk If it does not verify, A is misbehaving If commitment does not verify B is misbehaving

Credit Management Clients spend Δ c > 0 Clients earn Δ r > 0 To prevent colluders from increasing sum of their credit, Δ c = Δ r

Credit Management Users with paid accounts User purchases initial credit Content provider redeems credit for monetary rewards Motivates client to upload to earn credit Accounts without monetary transactions New clients are given a portion of credit Accumulates credits for uploading

Multiple registration Boosting credit by registering multiple times Not an issue with paid accounts User purchases initial credit Issue in free content distribution Sybil attacks similar to Farsite and Pastiche Requires a registration process

Unauthorized content distribution Uploading to unauthorized users No strong incentives Server can refrain giving credit to unauthorized users Verify legitimacy of requests Avoid wasting bandwidth on unauthorized users Clients are held responsible for uploading to unauthorized users

Preliminary Evaluation Prototype Implementation Experimental Results

Prototype Implementation Cryptographic operations Openssl C library Credit management system Database engine of Sqlite library Architecture - combination of Asymmetric Multi Process Event Driven Architecture Staged Event Driven Architecture

Database Operations Main thread reads request from network sends requests to disk access or database access helper threads Helper thread finishes and sends requests to another thread pool Use zero-copy sendfile() for chunk transmission

Network Operations use TCP are asynchronous are executed by thread processing the last stage of the request

Design features: Exploits parallelism Good performance with both small and large files number of concurrent connections/pending requests are kept separate from number of threads that can be handled by the OS

Experimental results Server tasks in a flash crowd event 1. Process key decryption requests One HMAC operation and block cipher decryption One query and two updates on credit database Transmits decryption key 2. Send short responses Types of client requests Request for decryption keys Requests for file chunks directly from server

Server Operations Cryptographic operations are highly efficient Symmetric encryption is cheap Bottleneck – download link

Client Operations Client’s processing overhead does not affect its upload or download throughput

Peer serving mode

Results Smaller chunk size reduces performance gain more load on the server due to decryption key requests Cost of complaining is higher Involves reading chunk, encrypting, hashing Cost is not incurred repeatedly Misbehavers are blacklisted

Conclusions Contributions: Robust incentives Discouraging unauthorized peers Can be used for copyright-protected digital goods Drawbacks of Dandelion Less efficient than BitTorrent tracker Less scalable than BitTorrent Distribute dandelion server and credit banks over multiple trusted nodes to improve scalability