Disrupting Peer-to-Peer Networks Sybil & Eclipse Attacks Lee Brintle University of Iowa.

Slides:



Advertisements
Similar presentations
Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,
Advertisements

Chris Karlof and David Wagner
Data and Computer Communications
The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Incentives-Compatible Peer-to-Peer Multicast Tsuen-Wan “Johnny” Ngan with Dan Wallach and Peter Druschel Rice University.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Haifeng Yu National University of Singapore
Secure routing for structured peer-to-peer overlay networks M. Castro, P. Druschel, A. Ganesch, A. Rowstron, D.S. Wallach 5th Unix Symposium on Operating.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.
The Sybil Attack in Sensor Networks: Analysis & Defenses James Newsome, Elaine Shi, Dawn Song, Adrian Perrig Presenter: Yi Xian.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
Trust Management in Mobile Ad Hoc Networks Using a Scalable Maturity-Based Model Authors: Pedro B. Velloso, Rafael P. Laufer, Daniel de O. Cunha, Otto.
Free-riding and incentives in P2P systems name:Michel Meulpolder date:September 8, 2008 event:Tutorial IEEE P2P 2008.
Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.
Impact of Neighbor Selection on Performance and Resilience of Structured P2P Networks IPTPS Feb. 25, 2005 Byung-Gon Chun, Ben Y. Zhao, and John Kubiatowicz.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.
1 Security and Trust in P2P systems. 2 Trust and Security Peer-to-Peer systems require different entities to decide how to interact or whether to interact.
1 Security and Trust in P2P systems. 2 What is trust When thinking about security in a system, various entities need to “trust” others to varying degrees.
The EigenTrust Algorithm for Reputation Management in P2P Networks
1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)
Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,
Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.
The Sybil Attack in Sensor Networks: Analysis & Defenses
CSCI 465 D ata Communications and Networks Lecture 15 Martin van Bommel CSCI 465 Data Communications & Networks 1.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
Paper Survey of DHT Distributed Hash Table. Usages Directory service  Very little amount of information, such as URI, metadata, … Storage  Data, such.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
The Sybil Attack, J. R. Douceur, IPTPS Clifton Forlines CSC2231 Online Social Networks 11/1/2007.
Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.
Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.
By Jonathan Drake.  The Gnutella protocol is simply not scalable  This is due to the flooding approach it currently utilizes  As the nodes increase.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.
SybilGuard: Defending Against Sybil Attacks via Social Networks.
The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.
INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
Computer threats, Attacks and Assets upasana pandit T.E comp.
CS 347Notes081 CS 347: Parallel and Distributed Data Management Notes 08: P2P Systems.
Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.
Incentives-Compatible P2P Multicast Tsuen-Wan “Jonny” Ngan, Dan S.Wallach, Peter Druschel Presenter: Jianming Zhou.
Christian Scheideler Dept. of Computer Science
Packet Leashes: Defense Against Wormhole Attacks
Impact of Neighbor Selection on Performance and Resilience of Structured P2P Networks Sushma Maramreddy.
Presentation by Theodore Mao CS294-4: Peer-to-peer Systems
COS 461: Computer Networks
Presentation transcript:

Disrupting Peer-to-Peer Networks Sybil & Eclipse Attacks Lee Brintle University of Iowa

Sybil & Eclipse Attacks Many organizations may wish to disrupt some part of a P2P network Motivations Intellectual Property Owners Both piracy and legitimate content Governments Banned content, censorship Corporations Advertising, reputation, public relations

Sybil & Eclipse Attacks More subtle actions than just shutting it down Disruptions Missing Results Only censor some items Degraded Results Intentionally provide damaged or slow results Delayed Actions Function normally until a point in the future

Sybil & Eclipse Attacks Single entity posing as multiple entities Sybil Attack One attacker with many identities Named after character with MPD Many real-world examples John R. Douceur, Microsoft Research

Sybil & Eclipse Attacks How does a peer know about the trustworthiness of other peers? Three Sources of Information Itself Results of protocol interactions Other peers Trust in a large number of strangers External agencies Direct or indirect vouching for uniqueness of peers

Sybil & Eclipse Attacks Weed out duplicates by asking all to performing a task that a single entity cannot Direct Entity Validation Tests Ask all to perform task that one cannot do Make the attacker “too busy” to simulate all of them Simultaneously validate peers The attacker should not be allowed to focus on one Limit number of Sybil identities Ratio of resources – attacker / weakest legitimate user

Sybil & Eclipse Attacks Ways to see if a number of peers are sharing resources Sample Validation Tests Storage Require each to prove they can store Y GB Computation Require each to solve a “hard” puzzle Communication Require each to prove they have X Mb/s bandwidth

Sybil & Eclipse Attacks Trust a new entity based on the word of an already-verified entity Vouched-For Entities Verified Users May Vouch for Sybils Once they gain your trust, invite in other Sybils Faulty Verifications are Amplified One Sybil Vouches for them All Pushes the problem around

Sybil & Eclipse Attacks Attacking entity has more resources than the average user of the network Attackers Have Resources Lots of Bandwidth Lots of Disk Space Lots of CPU Lots of Identities

Sybil & Eclipse Attacks Knowing information about a peer beyond the peering protocol Direct Physical Knowledge Explicit Signing authorities, well-known users, software authors Implicit IP address allocation, network locale Irrelevant Ignore bad results, accept performance loss

Sybil & Eclipse Attacks Attackers gain disproportionate influence compared to legitimate users Eclipse Attack Fewer attackers Disproportionate level of influence Attackers eclipse legitimate users Singh, Ngan, Druschel, Wallach

Sybil & Eclipse Attacks Constrained routing table networks are difficult to attack – but perform poorly Structured Networks Topology is “fixed” – nodes have constant influence The routing is hard-wired based on address No flexibility in neighbor selection Cannot take advantage of proximity Some resistance to Eclipse attacks The more structure, the less susceptible

Sybil & Eclipse Attacks Eclipse attacks target the neighbor peering decision Unstructured Neighbor Selection Neighbors are selected, not assigned Each node picks “good” neighbors Nodes that look “good” have influence If a node is selected more often, gains more influence Potentially vulnerable to Eclipse attacks Attacking nodes become more influential

Sybil & Eclipse Attacks Mitigate Eclipse attacks by additional network structure, proximity, or degree bounds Eclipse Defenses Enforce strong structural routing Routes are dictated randomly, but performance suffers Select neighbors based on proximity But... most non-LAN nodes have roughly same delay Place a limit on number of degrees Degree bounds prevent nodes from being too influential

Sybil & Eclipse Attacks Detect hostile nodes, so they can be avoided in neighbor selection Profile of a Hostile Node High in-degree Must have higher influence than average High out-degree Tries to consume resources of average nodes Extremely effective 20% of nodes eventually have almost complete control

Sybil & Eclipse Attacks Avoid peers with large numbers of in-degree links Enforce In-Degree Bounds Refuse to peer with overloaded nodes Force each node to have “typical” influence Bound based on expected average degree Lower bounds more defense, worse performance Performance hit is 25% at average degree Degree bounds mean that less-optimal nodes are selected

Sybil & Eclipse Attacks Anonymously verify link set contains known nodes Catch a Lying Node: Audit Links Ask each peer for list of in-nodes For now, assume peer tells truth Drop peer if list is too long Do not allow a peer to gain too much influence Drop peer if list does not contain us If peer returns sub-set of true list, drop peer

Sybil & Eclipse Attacks Ask someone else to verify the node list Catch Lying Nodes: Distributed Audit Random node among the l closest to H(x) (chart from paper) Use random seed point Select multiple nodes Audits are aggregated

Sybil & Eclipse Attacks The auditor may be lying too... Distributed Audit Results Pass Fail Auditor legit, Target legit Auditor hostile, Target hostile Auditor legit, Target lucky hostile Audit legit, Target hostile Audit hostile, Target legit

Sybil & Eclipse Attacks Parameters which impact detection and performance Distributed Audit Tuning f: fraction of hostile nodes (.2) n: number of audits (24) (.2% false ID) k: number of successful audits (n/2) r: overload ratio on hostile nodes (1.2) t: permitted overload ratio (1) audit period (2 minutes) churn rate (0%, 5%, 10%, 15%)

Sybil & Eclipse Attacks Profile before auditing starts Distributed Audit Results Without prevention, malicious nodes have great influence (chart from paper)

Sybil & Eclipse Attacks Profile during auditing Distributed Audit Results f/(1-f) Auditing is effective in mitigating Eclipse attacks (chart from paper)

Sybil & Eclipse Attacks Optimized neighbors with auditing is still faster than non-optimized neighbors Performance Gain At t=.2, auditing rate=2 min, churn = 5 min: 4.75 msg/node/min messaging overhead

Sybil & Eclipse Attacks Yeah, but.... Caveats “The idea of churn as shelter from route poisoning attacks...” Unstructured networks need structured auditing BitTorrent can use a distributed tracker, for example Does not help super-node networks (KaZaAa) Asymmetry is part of performance gain Still weak against localized attacks Can target users on same network

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.