Making Contribution-Aware P2P Systems Robust to Collusion Attacks Using Bandwidth Puzzles Vyas Sekar, Carnegie Mellon University Joint work with Michael.

Slides:



Advertisements
Similar presentations
A Survey of Key Management for Secure Group Communications Celia Li.
Advertisements

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Evaluating scalability Peer-to-Peer File Sharing Networks of Sayantan Mitra Vibhor Goyal.
NUS.SOC.CS Roger Zimmermann (based in part on slides by Ooi Wei Tsang) Peer-to-Peer Streaming.
The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.
Incentives Build Robustness in BitTorrent Bram Cohen.
X stream Project proposal. Project goals: Students Students: Academic Supervisor Academic Supervisor: Advisors: Developing and Implementing a large scale.
Playback delay in p2p streaming systems with random packet forwarding Viktoria Fodor and Ilias Chatzidrossos Laboratory for Communication Networks School.
The Role of Prices in Peer-Assisted Content Distribution Christina Aperijis Michael J. Freedman Ramesh Johari Presented by: Kyle Chauvin and Henry Xie.
MMCN 19 Jan 2005 Ooi Wei Tsang Peer-to-Peer Streaming.
Analyzing and Improving BitTorrent Ashwin R. Bharambe ( Carnegie Mellon University ) Cormac Herley ( Microsoft Research, Redmond ) Venkat Padmanabhan (
CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang
Gnutella 2 GNUTELLA A Summary Of The Protocol and it’s Purpose By
An Overview of Peer-to-Peer Networking CPSC 441 (with thanks to Sami Rollins, UCSB)
IPlane: An Information Plane for Distributed Services Offence by: Anup Goyal Sagar Vemuri.
Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.
Service Differentiated Peer Selection An Incentive Mechanism for Peer-to-Peer Media Streaming Ahsan Habib, Member, IEEE, and John Chuang, Member, IEEE.
Peer-to-Peer Based Multimedia Distribution Service Zhe Xiang, Qian Zhang, Wenwu Zhu, Zhensheng Zhang IEEE Transactions on Multimedia, Vol. 6, No. 2, April.
A Trust Based Assess Control Framework for P2P File-Sharing System Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
On-The-Fly Verification of Rateless Erasure Codes Max Krohn (MIT CSAIL) Michael Freedman and David Mazières (NYU)
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Can Internet Video-on-Demand Be Profitable? SIGCOMM 2007 Cheng Huang (Microsoft Research), Jin Li (Microsoft Research), Keith W. Ross (Polytechnic University)
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Can Network Coding Help in P2P Networks? Dah Ming Chiu, Raymond W Yeung, Jiaqing Huang and Bin Fan Chinese University of Hong Kong Presented by Arjumand.
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Organization  Introduction to Network Coding  Practical Network Coding  Secure Network Coding  Structured File Sharing  Conclusion.
Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.
Exploring VoD in P2P Swarming Systems By Siddhartha Annapureddy, Saikat Guha, Christos Gkantsidis, Dinan Gunawardena, Pablo Rodriguez Presented by Svetlana.
Michael Sirivianos Xiaowei Yang Stanislaw Jarecki Presented by Vidya Nalan Chakravarthy.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.
SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.
1 BitHoc: BitTorrent for wireless ad hoc networks Jointly with: Chadi Barakat Jayeoung Choi Anwar Al Hamra Thierry Turletti EPI PLANETE 28/02/2008 MAESTRO/PLANETE.
Do incentives build robustness in BitTorrent? Michael Piatek, Tomas Isdal, Thomas Anderson, Arvind Krishnamurthy, Arun Venkataramani.
1 Wenguang WangRichard B. Bunt Department of Computer Science University of Saskatchewan November 14, 2000 Simulating DB2 Buffer Pool Management.
Ivan Osipkov Fighting Freeloaders in Decentralized P2P File Sharing Systems.
HUAWEI TECHNOLOGIES CO., LTD. Page 1 Survey of P2P Streaming HUAWEI TECHNOLOGIES CO., LTD. Ning Zong, Johnson Jiang.
Mitigating DoS Attack Through Selective Bin Verification Micah Sherr a, Michael Greenwald b, Carl A. Gunter c, Sanjeev Khanna a, and Santosh S. Venkatesh.
Fair Layered Coding Streaming Jaime García-Reinoso  Iván Vidal  Francisco Valera University Carlos III of Madrid Alex Bikfalvi IMDEA Networks.
1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.
SIGCOMM 2001 Lecture slides by Dr. Yingwu Zhu Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.
Peer-Assisted Content Distribution Pablo Rodriguez Christos Gkantsidis.
Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
The new protocol of freenet Taken from Ian Clarke and Oskar Sandberg (The Freenet Project)
Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.
New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Ari Juels, J. Alex Halderman and Edward W. Felten.
Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.
6° of Darkness or Using Webs of Trust to Solve the Problem of Global Indexes.
When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.
ADVANCED COMPUTER NETWORKS Peer-Peer (P2P) Networks 1.
Bloom Cookies: Web Search Personalization without User Tracking Authors: Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz Presented by Ben Summers.
Security for Broadcast Network
Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,
Algorithms and Techniques in Structured Scalable Peer-to-Peer Networks
Analyzing and Improving BitTorrent Ashwin R. Bharambe ( Carnegie Mellon University ) Cormac Herley ( Microsoft Research, Redmond ) Venkat Padmanabhan (
Two Peer-to-Peer Networking Approaches Ken Calvert Net Seminar, 23 October 2001 Note: Many slides “borrowed” from S. Ratnasamy’s Qualifying Exam talk.
Towards a Scalable and Robust DHT Baruch Awerbuch Johns Hopkins University Christian Scheideler Technical University of Munich.
9/29/04 GGF Random Thoughts on Application Performance and Network Characteristics Distributed Systems Department Lawrence Berkeley National Laboratory.
Peer-to-Peer Networks 10 Fast Download Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg.
OneSwarm: Privacy Preserving P2P
Distributed Peer-to-peer Name Resolution
An Overview of Peer-to-Peer
The BitTorrent Protocol
Presentation transcript:

Making Contribution-Aware P2P Systems Robust to Collusion Attacks Using Bandwidth Puzzles Vyas Sekar, Carnegie Mellon University Joint work with Michael Reiter, Chad Spensky, UNC Chapel-Hill Zhenghao Zhang, Florida State 1

Peer-Assisted Content Distribution Peers upload data to other peers Reduces cost of server deployment Increases scalability Incentives for users to contribute upload capacity ? 2

Contribution Awareness for P2P Alice earns “credits” from Bob for uploading Alice earns “credits” from Bob for uploading Premium content Server-assist Downloads Priority service Freq. flyer discounts Alice exchanges “credits” for rewards Alice exchanges “credits” for rewards Do you see an obvious problem here ? 3

Collusion Attack ✕ Premium content Server-assist Downloads Priority service Freq. flyer discounts Defeats the purpose of contribution-awareness Not just hypothetical  Observed in real deployments! e.g., Lian et al, ICDCS 07 How can we mitigate such collusion attacks? Bandwidth Puzzles 4

Outline Collusion in Contribution-Aware P2P High-Level Idea Design and Analysis Implementation and Evaluation 5

Key Idea 1: Proof of Content Transfer 1. Bob wants to credit Alice 2.Prove that you really have the file! 3. Approve transaction 3. Credit Alice Logically centralized verifier with access to content e.g., Content Owner, CDN node in P2P-CDN Streaming Server Logically centralized verifier with access to content e.g., Content Owner, CDN node in P2P-CDN Streaming Server Puzzle tied to content. Easy, if you have it Difficult, if you dont Puzzle tied to content. Easy, if you have it Difficult, if you dont 6

One obvious problem with this idea.. 1. Bob wants to credit Alice 2.Prove that you really have the file! 3. Approve transaction 3. Credit Alice Bob doesn’t have the file Forwards puzzle to Alice; Alice solves puzzle for Bob! 7

Key idea 2: Simultaneous Puzzles Prove that you really have the file! Prove that you really have the file! Bob doesn’t have the file Forwards puzzle to Alice; Alice solves puzzle for Bob! ✕ Alice has limited compute resources 8

Outline Collusion in Contribution-Aware P2P High-Level Idea Design and Analysis Implementation and Evaluation 9

Puzzle Requirements Prove that you really have the file! Prove that you really have the file! 10 Doesn’t have file Has the file Low generation cost Low verification cost Tunable puzzle difficulty Low communication cost Difficult for Bob Relatively easy for Alice “Personalized”: Puzzles don’t Help each other

11 Basic Puzzle Construction …. content, filesize = n bits Security parameters: L, k Generate L index sets, |L|=k IndexSet  {i | i  rand(n)} Pick l*  rand(L) h*  Hash( content[IndexSet l* ]) Send h*, IndexSets to Bob Bob needs to return Within time T Generate IndexSets = O(kL) Overhead to send = O( kL log n) Overhead to send = O( kL log n)

12 Efficient Puzzle Construction …. content, filesize = n bits Security parameters: L, k, κ Generate L index sets, |L|=k IndexSet  {i | i  rand(n)} Pick l*  rand(L) h*  Hash( content[IndexSet l* ]) Send h*, IndexSets to Bob Bob needs to return Within time T PRFs: f 1 :{1..L}  {0,1} κ f 2 :{1..k}  {1..n} K1  Rand( {0,1} κ ) Pick l*  rand(L) K2  f 1 K1 (l*) str*  content[f 2 K2 (1)]|| … ||content[f 2 K2 (k)] Compute h*  Hash(str* ) Send K1, h* to Bob Generation time independent of L Communication costs independent of L,k

Security Analysis 13 Content Oracle Content Oracle Hash Oracle Hash Oracle Verifier sends P puzzles to a set of A adversaries Need to answer puzzles within T seconds Can make “A q hash “ queries Each makes “q post “ more queries Make “A q pre “ queries Models how many bits need to be transferred Captures compute constraints Bound the expected number of puzzles that these “A” adversaries can solve, given: n (filesize), P (#puzzles), q hash (#hash queries), q pre (#file bits before), q post (#file bits after) Equivalently, what is the minimum q post required to solve P puzzles. Key Implication: Can set parameters to ensure that q post = Ω(n)

An Example of the Theorem 14

Outline Collusion in Contribution-Aware P2P High-Level Idea Design and Analysis Implementation and Evaluation 15

Implementing Bandwidth Puzzles Media streaming using RTP – Jave, jlibrtip implementation AES for PRF, SHA-256 for Hash What we evaluate … – Client heterogeneity – Impact on application performance – Verifier Scaling – Effect of packet loss 16

Simple Verifier handles > clients 17 Take Away: 75 %ile CPU is largely invariant as #clients increases

Impact on application performance 18 Take Away: App performance is unaffected by puzzles

Simulating a P2P streaming system Streaming model similar to Splitstream – Stream divided into stripes – More stripes  greater quality Contribution-awareness (Maze, [ICDCS 07]) – Peer requests prioritized by “points” earned – 1.5 points for 1MB upload, -1 point for download Attack Model: Sybil-like – Fake identities generate fake transactions – Boosts score  improves attacker performance 19

Benefits of puzzles via simulation 20 Take Aways: Honest clients unaffected; Attackers don’t gain!

Some caveats.. Assumes files are incompressible – Not that big a deal; e.g., MPEG, DivX already pretty compressed Cannot exactly pinpoint who has file/doesn’t “Invisible” colluders – Get file, “leave” system – Not a problem in streaming system.. Setting puzzle threshold.. – 7x worst case allowed; can try memory bound? 21

Summary P2P  Incentives  Contribution-Awareness  Collusion – Strategic attackers can game system and deny service to honest users Mitigate collusion via Bandwidth Puzzles – Puzzle solution tied to content – Simultaneity to prevent shared solving – Forces bandwidth misbehaving nodes Easy and practical – Unoptimized implementation handles > clients – Doesn’t affect application Immediate performance benefits – Insulates honest clients from strategic attackers – Deters attackers by limiting scope for gaming the system 22