Presentation is loading. Please wait.

Presentation is loading. Please wait.

CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE

Published byElaine Cameron Modified over 6 years ago

Similar presentations

Presentation on theme: "CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE"— Presentation transcript:

1 CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE
Alexander Mohr Mayank Mishra State University of New York at Stony Brook

2 Motivation Many P2P networks are not designed with attack-resistance in mind (Gnutella, Shareaza, eDonkey2k, Chord, CAN, Pastry, etc). Those that are attack-resistant generally are not as efficient (Freenet, RON, etc). Let’s try for both in a sloppy DHT!

3 Goals Guarantee that a resource in the network can be located (even if 90-95% peers are malicious). Make searches efficient with extensive caching. Empower users to have control over their searches.

4 Scenario Object of search Querying Node Malicious Node
Non Malicious Node

5 Threat Model Underlying network is well-behaved.
Nodes can be malicious or non-malicious. Malicious peers are Byzantine. Co-ordinate amongst themselves. May delay communication between non-malicious peers.

6 System Description Each node stores : When queried for a key, a node :
The keys that the node itself has inserted into the DHT (its "published keys"). A subset of alive peers (its "neighbors"). When queried for a key, a node : Consults its list of published keys, Responds with the associated value if it was present, Returns its list of neighbors. Searching the network is an iterative breadth-first search.

7 Claim If there exists any non-malicious path from a query originator to a peer publishing the search key, the search will eventually succeed!

8 Claim If there exists any non-malicious path from a query originator to a peer publishing the search key, the search will eventually succeed! But, we’ve said nothing about whether such a path is likely to exist!

9 Open Question Can we guarantee that a non-malicious path will exist?
Maybe: we’re not yet sure how feasible it is. Secure Routing [Castro et al., 2002] When choosing a new neighbor: Flood the network to obtain a list of all peers. Pick one at random.

10 Traffic Amplification Attacks
Iterative search prevents traffic amplification. More effort to search, but that might be good: Traffic Amplifier Networks like Gnutella Cascade Message

11 Man-in-the-Middle Attacks
There is no man in the middle. Don’t have to trust what others say on someone else’s behalf. Y X’ X Y’ X’ Liar Liar Y Z

12 State Exhaustion Attacks
All per-query state is located on the querying node itself. No per-query state is maintained by the network.

13 Caching and Performance
Goal #2: Efficient search. Add passive caching: Known-peers cache. Results cache. Query cache. Caches are hints and are not required for correct operation!!

14 Known Peers Cache Whenever you discover a peer, store:
Whom they were. When you saw them. Save this cache between program runs to bootstrap. With directed searches, get there faster.

15 Results Cache Store the results of your own searches:
What you found. Where it was. When you saw it. When a node asks you for a key that you previously found, tell it where and when!

16 Query Cache When someone else queries you for a key, remember:
What they queried for. Whom they were. When they queried you. Also: tell them if anyone else is looking for the same key and when they were looking! Like path-based replication, but passive!

17 Example NODE Query Cache Results Cache A - B C D D A B C
A queries for key x which is located at D. NODE Query Cache Results Cache A - B C D

18 Example NODE Query Cache Results Cache A - B C D D A B C
A queries for key x which is located at D. NODE Query Cache Results Cache A - B C D

19 Example NODE Query Cache Results Cache A - D B C D A B C
A queries for key x which is located at D. NODE Query Cache Results Cache A - D B C

20 Example E A B C D Now E searches for key x . NODE Query Cache
Results Cache A - D B C E

21 Example E D A B B C E follows B’s query cache hint to A. NODE
Results Cache A - D B A,E C E

22 Example E D A B B C E follows A’s result cache hint to D. NODE
Query Cache Results Cache A - D B A,E C E

23 Soft Structure It’s easy to add Chord-like structure!
Responsibility cache: Key-value pairs that are nearby in identifier space. Structured neighbor list: In addition to random neighbors, add structured neighbors.

24 Flexibility and Control
The user is in control of the search process!! Flexibility: The user may choose to trust a node and use its cached information (Fast Search). The user may NOT trust a peer’s cache and instead use a BFS (Reliable Search). Hybrids..

25 Conclusion In the best case, Chord-like structure and caches allow very efficient search. In the worst case, a node can search more if it really cares about search results! Dumb network, smart end-hosts!

26 Future Work Ensure that non-malicious paths are likely to exist.
Prevent other attacks on the system. What are they? Quantify benefits of our caching schemes.

Download ppt "CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE"

Similar presentations

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Data Currency in Replicated DHTs Reza Akbarinia, Esther Pacitti and Patrick Valduriez University of Nantes, France, INIRA ACM SIGMOD 2007 Presenter Jerry.

Data Currency in Replicated DHTs Reza Akbarinia, Esther Pacitti and Patrick Valduriez University of Nantes, France, INIRA ACM SIGMOD 2007 Presenter Jerry.
Evaluation of a Scalable P2P Lookup Protocol for Internet Applications

Evaluation of a Scalable P2P Lookup Protocol for Internet Applications
Scalable Content-Addressable Network Lintao Liu 2001.11.19.

Scalable Content-Addressable Network Lintao Liu
Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.
Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
An Overview of Peer-to-Peer Networking CPSC 441 (with thanks to Sami Rollins, UCSB)

An Overview of Peer-to-Peer Networking CPSC 441 (with thanks to Sami Rollins, UCSB)
Peer-to-Peer Networks João Guerreiro Truong Cong Thanh Department of Information Technology Uppsala University.

Peer-to-Peer Networks João Guerreiro Truong Cong Thanh Department of Information Technology Uppsala University.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.

Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Object Naming & Content based Object Search 2/3/2003.

Object Naming & Content based Object Search 2/3/2003.
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
1 Seminar: Information Management in the Web Gnutella, Freenet and more: an overview of file sharing architectures Thomas Zahn.

1 Seminar: Information Management in the Web Gnutella, Freenet and more: an overview of file sharing architectures Thomas Zahn.
Peer-to-Peer Networks Slides largely adopted from Ion Stoica’s lecture at UCB.

Peer-to-Peer Networks Slides largely adopted from Ion Stoica’s lecture at UCB.
1 Freenet  Addition goals to file location: -Provide publisher anonymity, security -Resistant to attacks – a third party shouldn’t be able to deny the.

1 Freenet  Addition goals to file location: -Provide publisher anonymity, security -Resistant to attacks – a third party shouldn’t be able to deny the.
1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

Similar presentations

Ads by Google