1 / 19

The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses

The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses. Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena. Polytechnic University. The Pollution Attack. Attacker joins an ongoing video channel Attacker advertises it has a large number of chunks

carter
Download Presentation

The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic University

  2. The Pollution Attack • Attacker joins an ongoing video channel • Attacker advertises it has a large number of chunks • When neighbors request chunks, attacker sends bogus chunks • Receiver plays back bogus chunks • Each receiver may further forward the polluted chunks

  3. Peer Peer request request Peer Polluter Peer Peer request Peer Peer 3

  4. Contributions • Identified the pollution attack in P2P live video streaming applications • Verify via experimental results (in PPLive) that pollution attack can be devastating • Survey possible defenses against the attack

  5. Pollution Experiment Figure: PPLive pollution experiment setup

  6. Measurement Results (1) Figure: Number of peers viewing channel over experiment periods 6

  7. Brooklyn Peer Figure: Clean and polluted chunks to/from Brooklyn peer

  8. Hong Kong Peer Figure: Clean and polluted chunks to/from Hong Kong peer

  9. Pollution Defense Mechanisms • Blacklisting • Traffic Encryption • Chunk Signing • Sign-All Approach • Signature-Amortization Approaches • Star Chaining • Merkle Tree • Sign-and-Correct Approach

  10. Chunk Signing • Use PKI • Every video source has public-private key pair • Source uses private key to sign the chunks • Receiver uses public key of source to verify integrity of chunk

  11. “Sign-All” (1) • Source • Source signs each chunk • Sends signature (“authentication information”) with corresponding chunk • Receiver • Verifies each chunk individually using authentication information and public key of source

  12. “Sign-All” (2)  Chunk processing independence  Bandwidth overhead • For a stream of m chunks, m signatures For 372 kbps channel with chunk size of 4000 bytes, around 3%  Computation overhead - 1 (expensive) signature operation per chunk

  13. “Block Signing” Chunks organized into blocks Each block contains n chunks After generating n chunks, hash concatenation of all hashes, and sign result Reduces computation But can’t verify individual chunks 13

  14. “Star Chaining” • Chunks organized into blocks • Each block contains n chunks • After generating n chunks, calculate authentication information for each chunk • Signed hash of concatenation of all chunk hashes • Along with, all hashes of other n-1 chunks • Receiver, chunk by chunk: • Applies public key to get hash of hashes • Verifies by concatenating hash of current chunk with those of the n-1 chunks, and taking hash

  15. “Star Chaining”  Computation overhead –> 1 signature per block  Loss–> If some chunks are lost in block, can still decode rest  Bandwidth overhead -> for block of n chunks, n-1 hashes + n signatures For channel of bitrate 372 kbps and chunk size of 4000 bytes, n = 32, about 16%

  16. “Merkle Tree”  Computation overhead –> 1 signature per block  Loss–> If some chunks are lost in block, can still decode rest  Bandwidth overhead -> nlog2n hashes + n signatures (about 5%)

  17. Conclusion • The pollution attack can be devastating • Defenses: • Signature Amortization (Merkle Tree) – less computational overhead and delay at receiver but more bandwidth overhead • Sign-and-Correct – less bandwidth requirement but higher processing delay and computational requirement • Based on requirements of the application, either of the two could be used

  18. References [1] C. K.Wong and S. S. Lam. Digital signatures for flows and multicasts. IEEE/ACM Trans. Netw., 1999. [2] A. Lysyanskaya, R. Tamassia, and N. Triandopoulos. Multicast authentication in fully adversarial networks. In IEEE Symposium on Security and Privacy, 2004.

  19. Thank You!

More Related