Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 640-2, Presenter: Yun Mao1 Security for Structured Peer- to-peer Overlay Networks By Miguel Castro et al. OSDI ’ 02 Presented by Yun Mao in CIS640.

Published byBeverley Wilson Modified over 9 years ago

Similar presentations

Presentation on theme: "CIS 640-2, Presenter: Yun Mao1 Security for Structured Peer- to-peer Overlay Networks By Miguel Castro et al. OSDI ’ 02 Presented by Yun Mao in CIS640."— Presentation transcript:

1 CIS 640-2, Presenter: Yun Mao1 Security for Structured Peer- to-peer Overlay Networks By Miguel Castro et al. OSDI ’ 02 Presented by Yun Mao in CIS640

2 CIS 640-2, Presenter: Yun Mao2 Outline Background & Model of P2P Network How to achieve Secure Routing How to use Secure Routing Conclusions

3 CIS 640-2, Presenter: Yun Mao3 What is the paper about and not about Not about traditional attacks SYN flood, IP Spoofing, Buffer overflow, DoS attacks on resource access Keep in mind these attacks still work About unique security problems in P2P Goal: Secured Routing Ensure that when a correct node sends a message to a key, the message reaches all correct replica roots for the key with very high probability.

4 CIS 640-2, Presenter: Yun Mao4 What ’ s new in P2P for security? Nodes are MUCH more powerful Assign nodeID themselves Act as a router: has routing table, forwarding messages.. Fully Decentralized no authorization and authentication You can trust nobody Dynamic & self-organizing

5 CIS 640-2, Presenter: Yun Mao5 Typical Routing Model Routing Given a key, locate the corresponding node with high probability Pastry, Tapestry Internet topology-aware in routing-table Chord, CAN Routing-table constrained Performance and security assumption: nodeID uniform random distribution

6 CIS 640-2, Presenter: Yun Mao6 Fault model Byzantine failure model N: number of total nodes f: (0<=f<=1) the fraction of nodes that may be faulty c: (1/N<=c<=f) bound size of independent coalitions

7 CIS 640-2, Presenter: Yun Mao7 Network model Assumption: no NAT, no DHCP Network level and Overlay level Adversary has complete control over network-level communication

8 CIS 640-2, Presenter: Yun Mao8 Possible Attacks On nodeID assignment On routing maintenance On using routing table to forward messages

9 CIS 640-2, Presenter: Yun Mao9 (1) NodeID Assignment Attack What if attacker can choose nodeID? Surround a victim node Partition a p2p network become the key holder (root) Self ID generation Random (freenet), bad hash IP (chord), bad(?)

10 CIS 640-2, Presenter: Yun Mao10 Solution: Certified NodeIDs Move ID generation to trusted CAs Centralized->points of failure, vulnerable to attacks, but survival under Sybil attack Multiple CAs working offline, open a connection when needed (PKCS#10) Include network address Prevent DoS (not DoS on key lookup): client puzzles or money

11 CIS 640-2, Presenter: Yun Mao11 Review CA solutions Not a new problem. Pros Weaker than those used to verify web sites. Don ’ t have to bind with real-world ID Cons Doesn ’ t work with small overlay network Doesn ’ t work with dynamic nodeID (CAN  )

12 CIS 640-2, Presenter: Yun Mao12 (2) Attack on maintaining routing table Fake the closest node Supply faulty routing update Faulty info propagate (1-f)*f+f*1>f Routing algorithm related Pastry VS Chord

13 CIS 640-2, Presenter: Yun Mao13 Solution: Strong, verifiable constraints on routing table entries Use two routing tables: Pastry+Chord First is efficient, second is for backup Modified Algorithm of maintaining routing table for constrained table Build routing table from bootstrap node “ a set of diverse bootstrap nodes ”, large enough How to set up?

14 CIS 640-2, Presenter: Yun Mao14 Review: constraints on routing tables Idea: trade complexity (2 routing tables) to both security and performance, but … Complexity implies low performance Maintain more routing tables Expensive when building constrained routing table if b>1 unless more complex Complexity implies insecurity How to guarantee bootstrap node secure? Unknown bugs? Faulty routing tables still diffuse: (1-f)*f+f*1>f

15 CIS 640-2, Presenter: Yun Mao15 (3) Attack on forwarding Simply ignore forwarding msgs Failed if ANY one in routing is faulty (1-f) h-1 No conspiring needed Root node for a key maybe faulty (1-f) h, h bounded to O(logN) E.g. f=10%, successful routing=65%

16 CIS 640-2, Presenter: Yun Mao16 Solution on forwarding The most important part of Secure Routing Basic Idea Apply failure test to determine if routing worked correctly. If no, use redundant and/or iterative routing. Goal – accomplish in reasonable time/expense

17 CIS 640-2, Presenter: Yun Mao17 Routing failure test Timeout to detect ignoring routing msgs How to select the threshold? Doesn ’ t work if some nodes pretend to be the root of key and the replica. Observation on average density of nodeID Comparing density of nodeIDs in the neighbor set of the sender VS the density of nodeIDs close to the replica roots of the destination key.

18 CIS 640-2, Presenter: Yun Mao18 Failure test in Pastry Density average numerical distance u between consecutive nodeIDs in the neighbor set. Normal density: D/N, colluding density: D/(c*N), D=2^128 Failure Test: u rr <u p * gamma Fail cases: False positive: alpha<=fun (y, k) False negative: beta<=fun (y, k, c) Independent of f, theoretically

19 CIS 640-2, Presenter: Yun Mao19 Accuracy of detection … Simulation Theory

20 CIS 640-2, Presenter: Yun Mao20 Exceptions Collect nodeID certificates that have left the overlay  increase the density Mix both faulty and good nodes. Have to contact all prospective replicas Tapestry  nodeID suppression attack Idea: make it hard to calculate on density Solution: +alpha, -beta (assume more failure!)

21 CIS 640-2, Presenter: Yun Mao21 Redundant routing Invoked when failure test is positive Route copies of the msgs over multiple routes toward each of the dest key ’ s replica roots. Expectation: at least one copy is correct CAN & Tapestry Ask the neighbors to forward the copies of the message to the replica keys. Pastry & Chord anycast

22 CIS 640-2, Presenter: Yun Mao22 Redundant Routing Simulation (30%, 0.999)

23 CIS 640-2, Presenter: Yun Mao23 Checked iterative routing Alternative to redundant routing Iterative VS Recursive R: cheap I: more secure Add hop tests to make iterative routing stronger Better for constraint routing table

24 CIS 640-2, Presenter: Yun Mao24 Review on the solution No perfect solution. Protocol specific, esp. Bad for Tapestry Tricky in failure test But subject to more tricky attacks! Performance is low No explicit timeout threshold Timeout+desity computation+redudant/iterate routing

25 CIS 640-2, Presenter: Yun Mao25 Now we have Secure Routing Ensure that when a correct node sends a message to a key, the message reaches all correct replica roots for the key with very high probability. Slow, expensive Use common routing as possible as we can

26 CIS 640-2, Presenter: Yun Mao26 When to use secure routing Joining Or point to all faulty nodes Inserting Or adversary arrange for all replicas Reading? No. use self-certifying data. Thanks god - no writing.

27 CIS 640-2, Presenter: Yun Mao27 Summary and Comparison PastryChord NodeID generation CACA?? Routing table maintenance Act like chordNothing changed Forwarding Failure test redundant routing Iterate routing Failure test Redundant routing Iterate routing

28 CIS 640-2, Presenter: Yun Mao28 Conclusions Keep it as simple as possible It is a hard problem – no perfect solution now Harder when conspiracy Have to trust something CAs, bootstrap nodes

29 CIS 640-2, Presenter: Yun Mao29 Discussion: beyond this paper Given a nodeID, how to actively detect whether it is malicious or not? How to block the faulty nodes? Why not trust more? by certification by “ credit history ” or feedback

Download ppt "CIS 640-2, Presenter: Yun Mao1 Security for Structured Peer- to-peer Overlay Networks By Miguel Castro et al. OSDI ’ 02 Presented by Yun Mao in CIS640."

Similar presentations

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK

Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK
Scalable Content-Addressable Network Lintao Liu 2001.11.19.

Scalable Content-Addressable Network Lintao Liu
Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.
Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.

Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.
Secure routing for structured peer-to-peer overlay networks M. Castro, P. Druschel, A. Ganesch, A. Rowstron, D.S. Wallach 5th Unix Symposium on Operating.

Secure routing for structured peer-to-peer overlay networks M. Castro, P. Druschel, A. Ganesch, A. Rowstron, D.S. Wallach 5th Unix Symposium on Operating.
Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.
Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Rowstron and Peter Druschel Proc. of the 18th IFIP/ACM.

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Rowstron and Peter Druschel Proc. of the 18th IFIP/ACM.
Secure routing for structured peer-to-peer overlay networks Miguel Castro, Ayalvadi Ganesh, Antony Rowstron Microsoft Research Ltd. Peter Druschel, Dan.

Secure routing for structured peer-to-peer overlay networks Miguel Castro, Ayalvadi Ganesh, Antony Rowstron Microsoft Research Ltd. Peter Druschel, Dan.
Spring 2003CS 4611 Peer-to-Peer Networks Outline Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter Druschel.

Spring 2003CS 4611 Peer-to-Peer Networks Outline Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter Druschel.
Distributed Lookup Systems

Distributed Lookup Systems
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
Topics in Reliable Distributed Systems 048961 Fall 2003-2004 Dr. Idit Keidar.

Topics in Reliable Distributed Systems Fall Dr. Idit Keidar.
Wide-area cooperative storage with CFS

Wide-area cooperative storage with CFS

Similar presentations

Ads by Google