Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs The University of Michigan Scott Wolchok J. Alex Halderman The University of Texas at Austin.

Published byClaud Higgins Modified over 9 years ago

Similar presentations

Presentation on theme: "Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs The University of Michigan Scott Wolchok J. Alex Halderman The University of Texas at Austin."— Presentation transcript:

1 Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs The University of Michigan Scott Wolchok J. Alex Halderman The University of Texas at Austin Owen S. Hofmann Christopher J. Rossbach Brent Waters Emmett Witchel Princeton University Nadia Heninger Edward W. Felten

2  Generally target reputation systems  The attacker creates a huge number of pseudonyms  Results in attacker controlling a huge percentage of “entities” aka nodes in the system  Synonymous with “pseudospoofing”  “Sybil attack” circa 2002, “pseudospoofing” pre-2002

3  Nodes and keys each have a 160-bit Identifier.  Each node stores keys which are “closest to it”  To join, a node does a lookup for its own ID, which eventually results in discovering the 20 peers closest to it in the DHT  When an existing node is contacted by a new peer that is within the 20 closest to itself, it identifies the keys which should be owned by that new node and immediately stores those keys to the new node  Nodes are forced to use nodeID = H(IP,Port)

4  Sybil Attacks are difficult and expensive to execute against the 1M+ Node Vuze DHT

5  An experimental private Vuze DHT was used to attempt a Sybil attack  In an 8K node DHT, 600 Sybils were not able to recover even 1 in 1000 experimental VDO’s  In the same 8K node DHT, 710 Sybils were able to recover 25% of nodes with N=150, T=70%  Calculated that 820 Sybils are required to crack 25% of VDO’s with N=50, T=90%  Concluded that ≥87,000 Sybils required to crack 25% VDO’s on the real Vuze DHT

6  Calculated that a single “small” Amazon EC2 instance could run 50 Sybils  Calculated that to run 87,000 simultaneous Sybils would cost $860K/year (in 2009)

7  If the analysis by the Vanish authors is correct, some people would be well assured they are safe  May lead to irresponsible data handling practices by vanish users

8 Image Credit: “Defeating Vanish” ; Wolchok et al. (2010) pp5

9  Uses the native Vuze DHT client with minor modifications  One DHT client joins the Vuze DHT for only 150 seconds  While it is joined, any store request between 16-51 bytes is archived to permanent storage  After 150 seconds, the client is restarted and “hops” to a new UPD port – Therefore obtaining a new Node ID

10  10x “small” amazon EC2 instances  Each instance can support 50 concurrent Vuze DHT clients (due to 1.7Gb memory constraint)

11  To recover 92% of key shares, it would cost $23,500 to operate UnVanish continuously for 1 year using Amazon EC2

12  A new (incomplete) Vuze DHT client  Written in 2036 lines of C  Responds to all PING and STORE commands  Responds selectively to FIND-NODE commands  Completely ignores all other DHT protocol commands  A single process manages “many” DHT clients  DHT clients are on the network for 3 minutes between hops

13  10x “small” Amazon EC2 instances  (320K effective Sybils)  A single EC2 instance can host “Thousands” of effective DHT clients

14  Tested the N=10 and T=70% “default” FireVanish configuration  320K Effective Sybils  99.4% of shares were found and archived

15  Tested N=10, T=70%  270K Effective Sybils  99.5% of shares were found and archived

16  Tested N=10, T=70  80K Effective Sybils  91.8% of shares found and archived  Similar to the 92% of shares recovered by UnVanish.

17 Image Credit: “Defeating Vanish” ; Wolchok et al. (2010) pp8

18  For N=10, T=70%  $1950/yr = 25% VDO Recovery  $3750/yr = 90% VDO Recovery  $5900/yr = 99% VDO Recovery  For N=10, T=90%  $3150 /yr = 25% VDO Recovery  $7350 /yr = 90% VDO Recovery  $11950/yr = 99% VDO Recovery  For N=50, T=90%  $4850/yr = 25% VDO Recovery  $6900/yr = 90% VDO Recovery  $9000/yr = 99% VDO Recovery  Storage Costs are not included, but the authors estimate storage costs would be about $80/year to store 510 GB of data that matches the fingerprint of a “share” for vanish.

19 Image Credit: “Defeating Vanish” ; Wolchok et al. (2010) pp9

20 #1 Reason:  The Vanish authors assumed that nodes must remain online constantly to carry out the Sybil attack, when actually they only needed about 3 minutes of up time in the 8-hour period.

21 #2 Reason  The Vanish authors extrapolated incorrectly Image Credit: “Vanish” ; Geambasu, Kohno, Levy, Levy (2009) pp14

22  The “Defeating Vanish” Authors show that the difference between 25% of VDO’s vs. 90% of VDO only takes a 53% increase in effective Sybils  This is because they use a probabilistic model instead of extrapolating experimental data

23  Raise the threshold  Bad Idea – 99/100 shares required would make VTO’s expire too early  Attacker could be more vigilant in scraping the DHT  Switch Vanish to a Private DHT  Node membership is closed – Bad Idea – Fewer maintainers make fewer hands to grease  Would essentially be a trusted 3 rd party  Solutions already exist that are easier to implement and faster

24  Add Client Puzzles  Would certainly raise the cost of Sybil attack from EC2  Botnets would still easily solve this problem  Restrict Node ID’s  Right now, a single IP can have 65535 simultaneous registered nodes.  Limiting nodes per IP would increase the number of IP addresses required to do the Sybil attack  Does not limit botnet attacks

25  Detect Attackers  Look for nodes that don’t act like other nodes and penalize them  Look for IP addresses with lots of nodes  Peruse – Can scan the entire Vuze network in less than 60 minutes  Found that the vast majority of IP addresses host a single node  Identified all of their test systems  Identified 10 systems at the University of Washington used for Vanish demonstrations

26  Social Networking  Require that nodes certify that they “know” other nodes  Social networks have shown people will claim to know other people when in fact they don’t  Could affect viability of DHT – Less participation with higher entry barrier

Download ppt "Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs The University of Michigan Scott Wolchok J. Alex Halderman The University of Texas at Austin."

Similar presentations

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Pastiche: Making Backup Cheap and Easy. Introduction Backup is cumbersome and expensive Backup is cumbersome and expensive ~$4/GB/Month (now $0.02/GB)

Pastiche: Making Backup Cheap and Easy. Introduction Backup is cumbersome and expensive Backup is cumbersome and expensive ~$4/GB/Month (now $0.02/GB)
Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.
Dynamo: Amazon's Highly Available Key-value Store Distributed Storage Systems CS 6464 2-12-09 presented by: Hussam Abu-Libdeh.

Dynamo: Amazon's Highly Available Key-value Store Distributed Storage Systems CS presented by: Hussam Abu-Libdeh.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward.

Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward.
Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.
S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.
Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.

Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.

March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.
Wide-area cooperative storage with CFS

Wide-area cooperative storage with CFS
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
CS 6401 Efficient Addressing Outline Addressing Subnetting Supernetting.

CS 6401 Efficient Addressing Outline Addressing Subnetting Supernetting.
Google Distributed System and Hadoop Lakshmi Thyagarajan.

Google Distributed System and Hadoop Lakshmi Thyagarajan.
Mobile Ad-hoc Pastry (MADPastry) Niloy Ganguly. Problem of normal DHT in MANET No co-relation between overlay logical hop and physical hop – Low bandwidth,

Mobile Ad-hoc Pastry (MADPastry) Niloy Ganguly. Problem of normal DHT in MANET No co-relation between overlay logical hop and physical hop – Low bandwidth,
1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

1 Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling - Proceedings.

Similar presentations

Ads by Google