Presentation is loading. Please wait.

Presentation is loading. Please wait.

ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.

Similar presentations


Presentation on theme: "ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues."— Presentation transcript:

1 ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues

2 SYN  SYN  P2P Security Basics  Introduction to ODISSEA  Security Issues in ODISSEA  Trust via Reputation  FIN

3 P2P Basics  All nodes are created equal. Not really!  Network classification based on network connectivity –Exponential Networks: Homogenous network, [average] node connectivity is equally distributed –Scale-free networks: Follows power-law for connectivity, that is there are some highly connected nodes and many not too highly connected nodes  Current P2P systems are scale-free networks

4 Network Maps  Partial map of Gnutella Network  Note the hierarchical structure of the network

5 Network Maps…  Gnutella Neighborhood Map

6 Failure vs. Attack  Failure: –Random failure of nodes and/or infrastructure elements  Attack: –Systematic failure of nodes and/or infrastructure elements  Scale-free networks are failure-tolerance  Exponential networks are attack-tolerance  Why?  Most P2P systems give priority for failure- tolerance over attack-tolerance

7 Possible Targets  Underlying protocol layers  P2P routing mechanism  Nodes themselves  Trust system  Homeostasis (of the system)  Applications/Application Protocols  Users More on that: “Security Issues in Peer-to-Peer Systems ” http://vip.poly.edu/kulesh/skunk/talks/ http://vip.poly.edu/kulesh/skunk/talks/

8 ODISSEA: A p2p Search Engine  A p2p search engine  Applications: –Search in p2p networks –Search in intranets –Web search –Middleware  How the search engine works?

9 ODISSEA: A p2p Search Engine

10 Security Issues  Three Categories: 1.P2P Search Engine Related 2.P2P Network Related 3.General Security Issues  Search Engine Related: –Content Poisoning: Crawler Parser Query Processor –Protocol Security Protection against MIMs Truthful Execution of Ranking Algorithms –Compartmentalization Search on a multi-level security network –Anonymity P2P networks are used for anonymity

11 Content Poisoning  Crawler: –Crawler associates wrong URL with some document –E.g.: Associates playboy.com/index.html with ODISSEA web site!  Suggested solutions: 1.Random Re-Crawling: At random re-crawl a URL Simple but has re-crawling overhead No verification from the source! 2.Signed Documents: Have the web server sign the document (Just another header) Parser verifies the signature prior to parsing No re-crawling overhead Requires PKI and web server needs to support signatures

12 Content Poisoning  Parser: –Malicious parser associates wrong keywords –E.g: Associates ODISSEA with porn!  Suggested Solutions: –TruthSayer for XML documents (Oakland ’01)  Query Processor: –Censorship by query processors!

13 Protocol Security  ODISSEA Search Protocol –Has no security primitives at all –MIM a good and easy possibility Queries, query results can be altered Postings and documents can be altered E.g. Integrity of copies  Ranking Algorithms –Users have the option to send their own algorithm –There is no way to assure proper algorithm is used – I say “PageRank” query processor uses “PigeonRank”

14 ODISSEA for Multilevel Security Architecture  Ideal Setting: NSA Information Processing Facility  Environment: –Large secure intranet (100,000 nodes) –Multi-level security (from Unclassified to Umbra) –Users/nodes move between levels  Design Goals: –Optimal use of resources across levels –Enforces multi-level security via compartmentalization –Allows for a fast, scalable search engine –Agile enough to allow users move back and forth –Withstand malicious users, nodes etc.  Simple, Stupid, Scheme: –Assign a key (bit string) to each level –XOR every token of a document with the corresponding key –Search for (keyword XOR key) –Trivial to break and not scalable

15 Trust

16  Local trust value (ebay):  Problems: Does not get a wide view about the peer’s reputation Or It aggregates the whole network and causes congestion  Solution Transitive trust, if I trust you, then I would trust the one you trust Local Trust

17 Aggregate Local Trust  Normalized local trust  Aggregate local trust values  If C = matrix [c ij ] : t i =C T c i  To get a wider view peer i would ask his friend’s friend: t i =(C T ) 2 c i....and so on …. t i =(C T ) n c i  For large n, the trust vector converges to same vector for every peer i

18 Distributed EigenTrust  Each node can calculate it’s eigen trust value by:  Were p is a distribution over pre-trusted peers –Pre-trusted peers are essential for breaking malicious collectives –For example the very first nodes in the network i.e. designers

19 Distributed EigenTrust Algorithm

20 Distributed EigenTrust Algorithem  Fast convergences

21 Secure Eigentrust  Calculate the trust value of each peer by more than one peer (score managers)  If there is difference of opinion then vote!  Use DHT to assign score managers, using different hash functions.  Upsides: –Anonymity (can’t tell who’s trust your computing) –Randomization (can’t make yourself your own score manager) –Redundancy (more than one score manager)

22 Load distribution  Deterministic algorithm –Chose the responding peer with highest trust value  Probabilistic Algorithm –Choose peer i with probability. With probability of 10% select a peer j with zero trust value. –Why 10%? A balance between allowing new users to gather trust, at the same time not granting malicious users a high chance of providing inauthentic files

23

24

25

26

27

28

29

30 FIN Questions, comments, concerns?


Download ppt "ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues."

Similar presentations


Ads by Google