Secure Routing for Structured Peer-to-Peer Overlay Networks M. Castro, P. Druschel, A. Ganesh, A. Rowstron and D. S. Wallach Proc. Of the 5 th Usenix Symposium.

Slides:

Advertisements

Similar presentations

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Advertisements

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK

Scalable Content-Addressable Network Lintao Liu

Storage management and caching in PAST Antony Rowstron and Peter Druschel Presented to cs294-4 by Owen Cooper.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

A Survey of Secure Wireless Ad Hoc Routing

Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, Scott Schenker Presented by Greg Nims.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

1 PASTRY Partially borrowed from Gabi Kliot ’ s presentation.

1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.

Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Bowstron & Peter Druschel Presented by: Long Zhang.

Secure routing for structured peer-to-peer overlay networks M. Castro, P. Druschel, A. Ganesch, A. Rowstron, D.S. Wallach 5th Unix Symposium on Operating.

Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony L. T.

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Rowstron and Peter Druschel Proc. of the 18th IFIP/ACM.

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Secure routing for structured peer-to-peer overlay networks Miguel Castro, Ayalvadi Ganesh, Antony Rowstron Microsoft Research Ltd. Peter Druschel, Dan.

Pastry Partially borrowed for Gabi Kliot. Pastry Scalable, decentralized object location and routing for large-scale peer-to-peer systems  Antony Rowstron.

Spring 2003CS 4611 Peer-to-Peer Networks Outline Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter Druschel.

IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Weaving a Tapestry Distributed Algorithms for Secure Node Integration, Routing and Fault Handling Ben Y. Zhao (John Kubiatowicz, Anthony Joseph) Fault-tolerant.

Decentralized Location Services CS273 Guest Lecture April 24, 2001 Ben Y. Zhao.

Wide-area cooperative storage with CFS

An Evaluation of Scalable Application-level Multicast Using Peer-to-peer Overlays Miguel Castro, Michael B. Jones, Anne-Marie Kermarrec, Antony Rowstron,

1 Peer-to-Peer Networks Outline Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter Druschel.

P2P Course, Structured systems 1 Introduction (26/10/05)

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems (Antony Rowstron and Peter Druschel) Shariq Rizvi First.

Multicast Communication Multicast is the delivery of a message to a group of receivers simultaneously in a single transmission from the source – The source.

Mobile Ad-hoc Pastry (MADPastry) Niloy Ganguly. Problem of normal DHT in MANET No co-relation between overlay logical hop and physical hop – Low bandwidth,

Tapestry GTK Devaroy (07CS1012) Kintali Bala Kishan (07CS1024) G Rahul (07CS3009)

1 PASTRY. 2 Pastry paper “ Pastry: Scalable, decentralized object location and routing for large- scale peer-to-peer systems ” by Antony Rowstron (Microsoft.

PIC: Practical Internet Coordinates for Distance Estimation Manuel Costa joint work with Miguel Castro, Ant Rowstron, Peter Key Microsoft Research Cambridge.

Security Considerations for Structured p2p Peng Wang 6/04/2003.

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.

1 Security and Trust in P2P systems. 2 Trust and Security Peer-to-Peer systems require different entities to decide how to interact or whether to interact.

1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)

Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,

A Scalable Content-Addressable Network (CAN) Seminar “Peer-to-peer Information Systems” Speaker Vladimir Eske Advisor Dr. Ralf Schenkel November 2003.

CIS 640-2, Presenter: Yun Mao1 Security for Structured Peer- to-peer Overlay Networks By Miguel Castro et al. OSDI ’ 02 Presented by Yun Mao in CIS640.

An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.

1 More on Plaxton routing There are n nodes, and log B n digits in the id, where B = 2 b The neighbor table of each node consists of - primary neighbors.

CMPT 401 Summer 2007 Dr. Alexandra Fedorova Lecture XIV: P2P.

Peer to Peer A Survey and comparison of peer-to-peer overlay network schemes And so on… Chulhyun Park

Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Rowstron and Peter Druschel, Middleware 2001.

1 Distributed Hash Table CS780-3 Lecture Notes In courtesy of Heng Yin.

Pastry Antony Rowstron and Peter Druschel Presented By David Deschenes.

Peer to Peer Network Design Discovery and Routing algorithms

LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.

Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony I.T.

RIP Routing Protocol. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.

1 Plaxton Routing. 2 History Greg Plaxton, Rajmohan Rajaraman, Andrea Richa. Accessing nearby copies of replicated objects, SPAA 1997 Used in several.

Incrementally Improving Lookup Latency in Distributed Hash Table Systems Hui Zhang 1, Ashish Goel 2, Ramesh Govindan 1 1 University of Southern California.

Fabián E. Bustamante, Fall 2005 A brief introduction to Pastry Based on: A. Rowstron and P. Druschel, Pastry: Scalable, decentralized object location and.

Christian Scheideler Dept. of Computer Science

Pastry Scalable, decentralized object locations and routing for large p2p systems.

Packet Leashes: Defense Against Wormhole Attacks

Controlling the Cost of Reliability in Peer-to-Peer Overlays

Accessing nearby copies of replicated objects

Secure Routing for Structured Peer-to-Peer Overlay Networks

Presentation transcript:

Secure Routing for Structured Peer-to-Peer Overlay Networks M. Castro, P. Druschel, A. Ganesh, A. Rowstron and D. S. Wallach Proc. Of the 5 th Usenix Symposium on Operating Systems Design and Implementation, Boston, MA, Dec. 2002

Contents Background of P2P overlay network System model & Secure routing Secure nodeId assignment Secure Routing table maintenance Secure message forwarding Conclusion

Background of P2P Provide a powerful platform for decentralized services: network storage, content distribution, and application-level multicast. Example P2P overlay networks: CAN, Chord, Pastry and Tapestry An abstract model of P2P overlay network. Replica roots Key’s Root NodeId

Pastry A node’s route table has 128/2 b rows and 2 b columns. Each node maintains a neighbor set (“leaf set”) –Includes a set of l nodes with nodeIds that are numerically closes to the present node’s nodeId –l/2 larger than the current nodeId –l/2 smaller than the current nodeId –l is constant for all nodes –A typical value is 8*log 2 b N 1x1x 2x2x 3x3x 4x4x 5x5x 7x7x 8x8x 9x9x axax bxbx cxcx dxdx exex fxfx 60x60x 61x61x 62x62x 63x63x 64x64x 66x66x 67x67x 68x68x 69x69x 6ax6ax 6bx6bx 6cx6cx 6dx6dx 6ex6ex 6fx6fx 650x650x 651x651x 652x652x 653x653x 654x654x 655x655x 656x656x 657x657x 658x658x 659x659x 65bx65bx 65cx65cx 65dx65dx 65ex65ex 65fx65fx 65a0x65a0x 65a2x65a2x 65a3x65a3x 65a4x65a4x 65a5x65a5x 65a6x65a6x 65a7x65a7x 65a8x65a8x 65a9x65a9x 65aax65aax 65abx65abx 65acx65acx 65adx65adx 65aex65aex 65afx65afx 0x0x Routing table of a Pastry node with nodeId 65a1x, b=4. Digits are in base 16, x represents an arbitrary suffix

Message routing in Pastry Routing a message from node 65a1 f c with key d46a1c. The dots depict live nodes in Pastry’s circular namespace. 1x1x 2x2x 3x3x 4x4x 5x5x 7x7x 8x8x 9x9x axax bxbx cxcx dxdx exex fxfx 60x60x 61x61x 62x62x 63x63x 64x64x 66x66x 67x67x 68x68x 69x69x 6ax6ax 6bx6bx 6cx6cx 6dx6dx 6ex6ex 6fx6fx 650x650x 651x651x 652x652x 653x653x 654x654x 655x655x 656x656x 657x657x 658x658x 659x659x 65bx65bx 65cx65cx 65dx65dx 65ex65ex 65fx65fx 65a0x65a0x 65a2x65a2x 65a3x65a3x 65a4x65a4x 65a5x65a5x 65a6x65a6x 65a7x65a7x 65a8x65a8x 65a9x65a9x 65aax65aax 65abx65abx 65acx65acx 65adx65adx 65aex65aex 65afx65afx 0x0x

System model & Secure Routing System model –N: size of the overlay network –f : 0<= f < 1, fraction of faulty nodes –c: 1/N <= c <= f, size of collude nodes. (c=f) –Each node has a static IP address Secure Routing –Secure routing primitive: ensures that when a non-faulty node sends a message to a key k, the message reaches all non-faulty member in the set of replica roots R k with very high probability. –Securely assigning nodeIds to nodes –Securely maintain the routing tables –Securely forwarding messages

Secure nodeId assignment Goal –ensure that an attacker cannot choose the value of nodeId assigned to the nodes that the attacker controls. Attacks –By carefully choosing nodeIds, attack a victim node’s routing table –Control access to target objects by choosing closest nodeIds to all replica key. –Obtain a large number of legitimate nodeIds. Solutions –Centralized - Certified nodeId A set of trusted certification authorities (CAs) to assign nodeIds and to assign nodeId certificates. The nodeId certificate binds a random nodeId to the public key Nodes with valid certificates can join the overlay network CAs are not involved in the overlay network

–Decentralized Require prospective node to solve cryto puzzle to gain a nodeId. –The cost to solving a crypto puzzle must be acceptable to legitimate node but hard enough to slow down attackers --- conflict Simple approach using crypto puzzle –Each node generates a key pair: public key and private key –SHA-1(I, K) has the first p bits zero –I—initialization vector or MD5 –K – public key –The expected number of operations required to generate such a key pair is 2^p. –NodeId = SHA-1(I, K) Periodically invalidate nodeIds

Secure routing table maintenance Goal –Ensure that the fraction of faulty nodes that appears in the routing tables of correct nodes does not exceed f. Attacks –Attackers fake proximity to increate the fraction of bad routing table entries A correct node p sends a probe to estimate delay to a faulty node. An attacker intercepts the probe and have the faulty node closest to p reply to the probe. –Supply incorrect routing updates while nodes join the overlay network.

Secure routing table maintenance (con’t) Solutions – constrained routing table –One routing table that maintains network proximity information for efficient routing (as in Pastry and Tapestry) –The other routing table constraints routing entries (as in Chord).

Secure routing table maintenance (con’t) Constraint routing table of a Pastry node with nodeId 65a1x, b=4. Digits are in base 16, x represents an arbitrary suffix 1x1x 2x2x 3x3x 4x4x 5x5x 7x7x 8x8x 9x9x axax bxbx cxcx dxdx exex fxfx 60x60x 61x61x 62x62x 63x63x 64x64x 66x66x 67x67x 68x68x 69x69x 6ax6ax 6bx6bx 6cx6cx 6dx6dx 6ex6ex 6fx6fx 650x650x 651x651x 652x652x 653x653x 654x654x 655x655x 656x656x 657x657x 658x658x 659x659x 65bx65bx 65cx65cx 65dx65dx 65ex65ex 65fx65fx 65a0x65a0x 65a2x65a2x 65a3x65a3x 65a4x65a4x 65a5x65a5x 65a6x65a6x 65a7x65a7x 65a8x65a8x 65a9x65a9x 65aax65aax 65abx65abx 65acx65acx 65adx65adx 65aex65aex 65afx65afx 0x0x 64a1x64a1x 6501x6501x

Secure routing table maintenance (con’t) Initialize neighbor set –A newly joining node, n, picks a set of bootstrap nodes –Each bootstrap node obtain neighbor set to n –n picks the “closest” live nodeIds Initialize routing table –Initialize locality-aware routing table –Initialize constraint routing table Use secure forwarding to get live nodeId for each entry p for n’s constraint routing table – too expensive n request its neighbor set’s constraint routing table

Secure message forwarding(1) Goal: –Ensures that at lease one copy of a message sent to a key reaches each correct replica root for the key with high probability. Attacks: –Faulty nodes can drop message –route message to the wrong place –Pretend to be the key’s root. –The root node itself may be faulty –The probably of routing successfully to a correct replica node is (1-f)h (h is the average routing hops) b = 4

Secure message forwarding(2) Solution –Detect faults and redundant routes Routes a message to the key’s root using locality-aware routing table Collect the prospective set of replica roots from the prospective root node Apply failure test to the set of replica roots. If the test is negative, accept the prospective replica roots as the correct ones. Otherwise, message copies are sent over diverse routes toward the various replica roots

Secure message forwarding(3) U rn < U p *γ Routing failure test (Based on the observation: the average density of nodeIds per unit of “volume” in the id space is greater than the average density of faulty nodeIds). –Input: a key x and a set of prospective replica roots for the key x: rn = id0,…, idl+1 –Output: negative or positive –p calculate the average numerical distance U p between consecutive nodesIds in its neighbor set. –P checks All nodeIds in rn have a valid nodeId certificate, the closes nodeId to the key is the middle one, and the nodeIds satisfy the definition of a neighbor set. The average numerical distance U rn in rn satisfies U rn < U p *γ

Secure message forwarding(4) Other attacks –Collect old nodeId certificates –Include both nodeIds of nodes it controls and nodeId of correct nodes in a prospective root neighbor set. –nodeId suppression attack Suppress nodeId close to sender, increase β(false negative) Suppress nodeId in root neighbor set, which increaseα(false positive)

Redundant Routing While failure test is positive, send message to each replica root via multiple routes. In Pastry, they send message from the source node to all of its neighbors in the p2p overlay. Because nodeIds are random, the neighbors should represent a random, geographically diverse, sampling of the nodes in the p2p overlay. From there, each neighbor node forwards the message toward the target node. If at least one of the neighbors can achieve a successful route, then the message is considered successfully delivered.

Redundant route Neighbor set anycast: 1) p sends r messages to the destination key x with a nonce. 2) Any correct node that receives the message and has x’s root in its neighbor set returns its nodeId certificate and the nonce, signed by its private key. 3) p collects in a set N the l/2+1 nodeId certificates closet to x on the left and l/2+1 nodeId certificates closet to x on the right, marked pending. 4) After timeout or r replies are received, p sends a list of nodeIds in N to each node in N. and mark as done. 5) Any correct node that receives the list forwards p’s original message to the nodes in its neighbor set that are not in the list or returns a confirmation if no such nodes exist. 6) P receives r confirmation or step 4 was executed three times. it computes the set of replica rots for x from N.

Simulation results Model and simulation results for the probability of reaching all correct replica roots using redundant routing with neighbor set anycast.

Conclusion Presented the design and analysis of techniques for secure node joining, routing table maintenance and message forwarding in p2p overlay Based on modeling and corroborated with simulations, they have measured that this operation can be successful with a 99.9% probability, as long as f<= 30%.