1 / 31

Security

Security. Michael Foukarakis ( foukas@ics.forth.gr ) 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University, Houston, TX 77005, USA. Security. Introduction Background, models and solution Routing in p2p systems Storage Trust in p2p overlays Conclusions.

crumley
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security • Michael Foukarakis (foukas@ics.forth.gr) • 13/12/2004 • A Survey of Peer-to-Peer Security Issues • Dan S. Wallach • Rice University, Houston, TX 77005, USA

  2. Security • Introduction • Background, models and solution • Routing in p2p systems • Storage • Trust in p2p overlays • Conclusions

  3. Introduction • Peer to Peer systems: • Gnutella & Napster: mainly for file sharing • CAN, Chord, Pastry, Tapestry: structured p2p overlays • Designed for various services such as network storage, content distribution, web caching, searching and indexing (use of routing tables)

  4. Introduction • These systems are scalable, fault-tolerant and provide effective load balancing • Making them secure is a challenge • Several types of attack: • Erroneous responses (false data/routes) • Abuse of resources (disk space/bandwidth) • “trust” issues (malicious code) • Other

  5. Security • Introduction • Background, models and solution • Routing in p2p systems • Storage • Trust in p2p overlays • Conclusions

  6. Background, models and solution • Abstract routing overlay model • Nodes and objects have unique identifiers called nodeIds and keys respectively. Keys are mapped to unique live nodes called roots • Nodes have routing tables and neighbor sets • Replica functions are used to map keys to sets of replica keys

  7. Background, models and solution Pastry • Random assignment of nodeIdsfrom a circular 128-bit id space • nodeIds and keys are thought of as a sequence of digits in base 2b (b is usually 4) • Routing is based on prefix

  8. Background, models and solution Pastry routing table

  9. Background, models and solution Message Routing Example Source node: 65a1fc Message has key: d46a1c Message arrives at node D467c4 after 4 hops

  10. Background, models and solution System model • The system has N nodes • Fraction of faulty nodes (f): 0 ≤ f < 1 • Faulty nodes form clusters of independent coalitions whose size is bounded by cN where 1/N ≤ c < f • Parameter c is coalition independency factor

  11. Background, models and solution System model • All IP addresses are static • Communication is over Internet connections • Network-level: no routing through the overlay • Overlay-level: routing through the overlay using corresponding protocol • Cryptographic techniques are used to prevent data observation and modification

  12. Security • Introduction • Background, models and solution • Routing in p2p systems • Storage • Trust in p2p overlays • Conclusions

  13. Routing in p2p systems • The problem: a malicious overlay node can corrupt, delete, deny access to or supply stale copies of all replicas of an object • We need a secure routing technique • Successful delivery of a message even if some nodes corrupt, drop or misroute it • Successful delivery to all legitimate replica roots for a given key

  14. Routing in p2p systems • Secure routing requires: • 1)Securely assigning nodeIds to nodes • Attackers can’t choose values of nodeIds assigned to nodes they control • 2)Securely maintaining the routing tables • The fraction of faulty nodes in routing tables is less than the fraction of faulty nodes in the entire overlay • 3)Securely forwarding messages • At least one copy of a message sent to a key reaches correct replica roots for the key with high probability

  15. Routing in p2p systems 1)Secure nodeId assignment • Nodes might choose their identifiers maliciously so that it is easy to censor specific documents or appear on the routing table of a victim node • Random assignment of nodeIds is necessary • Possible use of a server that is only consulted when new nodes join

  16. Routing in p2p systems 1)Secure nodeId assignment • What if a hostile node or coalition of nodes try to get a large number of nodeIds? • Best solution: moderate the rate at which nodeIds are given out • Other solutions: charging money for nodeId certificates or external authentication requirements

  17. Routing in p2p systems 2)Robust routing primitives • Attackers control a fraction f of the nodes in the p2p network • For h hops, the probability a route is free of malicious nodes is (1 – f)h • Unfortunately, adversaries take advantage from locality and they try to appear more often in their neighbor's routing table • Constrained routingtables

  18. Routing in p2p systems 3)Robust routing primitives • To increase the odds of a message reaching its destination, we attempt redundant routes • In Pastry, source node sends to all its neighbors. Then, each of them forwards the message to the target node • If at least one route is successful, the message is considered successfully delivered • For f≤ 30% probability of success is 99.9%

  19. Routing in p2p systems Ejecting misbehaving nodes • That is an open problem • If a node is accused of cheating, proof needs to be presented • It’s not clear how proof can be generated at the routing layer • False positives

  20. Security • Introduction • Background, models and solution • Routing in p2p systems • Storage • Trust in p2p overlays • Conclusions

  21. Storage • Systems should be designed to limit how much remote space one can consume without providing a suitable amount of storage for the use of others • The same applies to network bandwidth

  22. Storage – Disk Space • A malicious node might choose to claim its storage is full, when it actually has free space • What if we use a central authority again, just like in nodeId assignment? Use of quotas • That way every request to store a document would require a query to the quota authority • Bottleneck

  23. Storage – Disk Space • Method 1: Attach Smartcards that provide quota information to each node. • Problem: Impractical, can be hacked • Method 2: Ask your neighbors to act as quota managers. Distribute quota information just like sending messages. • Problem: No incentive for the neighbors

  24. Storage – Disk Space • Nodes keep two logs • Local list of files that the node is storing on behalf of remote nodes • Remote list of files that other nodes are storing on behalf of the local node • Log entries contain IP addresses of remote nodes and file sizes • The local list also contains the amount of free disk space available

  25. Storage – Disk Space • Of course, feeding false information to nodes is a problem • Anonymous communication prevents this • This way a node does not know who is checking on it

  26. Storage – Disk Space • Cheating chains • Example: A claims it’s storing a file for B and B confirms that, but no files are actually stored. The same can happen with more nodes • Random audits should be performed with random keys. This way cheaters will be eventually caught, but it is costly

  27. Storage – Network Bandwidth • Bandwidth sharing • Micropayment systems • Perform query→spend a token • Receive a query→get a token • Surplus of tokens→refuse to service queries • High cost of evaluating validity of tokens • Data needs to be widely replicated

  28. Security • Introduction • Background, models and solution • Routing in p2p systems • Storage • Trust in p2p overlays • Conclusions

  29. Trust in p2p overlays • Spoofing of search results is possible • Solution: implementation of something like Google’s PageRank technology • For Google, pages linked by “popular” pages are themselves more popular • We could add this notion of popularity in p2p systems using the audit log • Users themselves could rank the files • Code→ Architecture to safely execute it

  30. Security • Introduction • Background, models and solution • Routing in p2p systems • Storage • Trust in p2p overlays • Conclusions

  31. Conclusions • Summary of security techniques • Cryptography • Redundant routing • Economic methods • Diversity of p2p systems → diversity of solutions

More Related