1 / 22

A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK

A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK. by Aravind Renganathan. P APERS…. N.Daswani and H.Garcia-Molina, “ PONG – CACHE POISONING IN GUESS” , ACM Conference On Computer and Communications Security 2004

glyn
Download Presentation

A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APRESENTATION ONRESOURCE DISCOVERY IN THE PEER-TO-PEER NETWORK by Aravind Renganathan

  2. PAPERS….. • N.Daswani and H.Garcia-Molina, “PONG – CACHE POISONING IN GUESS”, ACM Conference On Computer and Communications Security 2004 • E.Damiani, S.De Capitani di Vimercati, S.Paraboschi, P.Samarati and F.Violante, “A REPUTION BASED APPROACH FOR CHOOSING RELIABLE RESOURCE IN PEER-TO-PEER NETWORK”, ACM Conference On Computer and Communications Security 2002

  3. Introduction… • What is Peer-to-Peer Network? • A sharing and delivery of user specified files among groups of people who are logged on to a file sharing network. (1) • Peer-to-Peer, or abbreviated P2P, a type of network in which each workstation has equivalent capabilities and responsibilities. (2) • What is Resource Discovery? • In a P2P network, discovery of the required file (resource) over the vast spread clients for downloading. 1 - www.mp3-cdburner.com/MP3-glossary.shtml 2 - http://www.webopedia.com/TERM/p/peer_to_peer_architecture.html

  4. “PONG – CACHE POISONING IN GUESS”N.Daswani and H.Garcia-Molina

  5. Pong-Cache Poisoning In GUESS • Proposes Policy On….. • Resource Discovery that are resilient to attacks by Malicious Node • Algorithms Proposed (Remodeling GUESS) • Seeding Policy (SP) • Introduction Protocol (IP) • Ping Probe and Pong Choice Policy (PPP and PCP) • Cache Replacement Policy (CRP) • ID Smearing Algorithm (IDSA) • Dynamic Network Partitioning (DNP) • Malicious Node Detection (MND)

  6. Gnutella UDP Extension for Scalable Searches (GUESS) • Nodes Cache… • Cache contains IDs of the available node in the network. Node are classified as • Good Node • Malicious Node ID’s are classified as • Live • Poisoned • Dead • Cache Management.. • Node’s cache are updated using the “PING” and “PONG” messages • Ping: Query to the available Node’s Cache to find any new node added • Pong: Reply to the Ping from the node’s cache of the updated network information

  7. Threats to GUESS… • What is Pong Cache Poisoning? • Contaminating the good Node’s cache with the Malicious node’s ID. • Pong cache Poisoning leads to… • Denial of Service (DOS) • A good node may query a malicious node, and may not receive a response • Inauthentic Results • Query a malicious node and may receive a incorrect answers to the query. • Propagated Cache Poisoning • A good node may respond to a ping with a malicious ID

  8. We Modify the GUESS to…. • Maximize the number of live node in the Pong cache • To mitigate the Pong Cache poisoning • Limit the number of cache entries with the malicious node ID • Reduce the rate of poisoning occurs

  9. Policies Introduced in GUESS… • Seeding Policy (SP) • Seeding is done when a new node wants to join the network • Various Seeding Policies.. • Random Friend (RF) – New nodes seeds its cache with a random nodes cache • Popular Node (PN) – New node seeds from a node N1, where N1 is a “popular” node • Trusted Directory (TD) – New node seeds from a node that guarantees to be a non-dead. A “Trusted Directory” node is responsible to maintain non-dead node’s list. • Introduction Protocol (IP) • Here new born node ping to an existing node’s so that the existing node makes update the new born node in its cache. • Note: SP should be used in tandem with IP to Achieve liveliness of the network.

  10. Ping Probe and Pong Cache Policy • Ping Probe Policy (PPP) • Used to decide which node to ping • It helps in identifying dead nodes • Pong Cache Policy (PCP) • Determines to which |S| node id’s to respond for a ping operation • |S| - Subset of node IDs in the Pong cache • Cache Replacement Policy (CRP) • When pong arrives a subset of the cache is replaced with new pong IDs. Choices are done by • Random • Most Recently Used (MRU) • Least Recently Used (LRU) • Note: MRU CRP reduces the poisoning rate

  11. ID Smearing Algorithm (IDSA) • When node ID repeats in many pong message, it implies • Node may be a malicious node • Good node that is overloaded • In this case we drop that ID from the Pong cache. • In IDSA a node ID can repeats itself in 1/n pong message. n – No: of nodes in the system. • Note: IDSA limits the no: of poisoned entries • Dynamic Network Partitioning (DNP) • In this we partition the network that enhances the search. • J-length of ID • Size of partition is 2p : 0<=p<=j • No: of partition is 2j-p • When j=p there is no need of DNP • Note: when DNP is used with IDSA it mitigates the poisoning

  12. Malicious Node Detection (MND) • We try to detect a node is malicious or not based on our previous experiences. • Note: MND is required where Malicious Node > Pong Cache Size. • Modified GUESS…

  13. “A REPUTION BASED APPROACH FOR CHOOSING RELIABLE RESOURCE IN PEER-TO-PEER NETWORK”E.Damiani, S.De Capitani di Vimercati, S.Paraboschi, P.Samarati and F.Violante

  14. A REPUTION BASED APPROACH FOR CHOOSING RELIABLE RESOURCE IN PEER-TO-PEER NETWORK • Paper Proposes… • Reputation Sharing of a client by which resource requestor can assess the reliability of the resource offered. • This achieved over the existing P2P protocol by piggybacking. • Algorithm Proposes… • Combined reputations of servant and resources which provides informative polling and overcomes limitation of servant based systems.

  15. Servants and Resources • Resources • File shared over the network • Servants - Nodes • Servers when sharing resources • Client when requesting for resources

  16. XREP Protocol… • Basic Assumption • Require a servant to be associated with a servant_id, obtained using a secure hash function • Resource identifier to be associated with the resource content (using hash function on the content) • Experience Repositories • Resource repository • (resource_id, value) • Resource_id – specify the resource • Value – binary value specifying good or bad • Servant repository • (servant_id, num_plus, num_minus) • Servant_id – peer has associated with the servants • No: successful and unsuccessful downloads

  17. XREP Protocol Phases… • Resource Searching • Resource Selection and Vote Polling • Vote Evaluation • Best Servant Check • Resource Downloading

  18. XREP Phases…

  19. XREP Security Consideration • Attacks on P2P • Self Replication • At any point of time a node can change it name or resource name. • This is overcome by collecting votes on both the servant and the resource • Man in the Middle Attack • A -> D-> B • A – client • B – server • D – Malicious node • This is overcome during the vote evaluation and best servant check phase.

  20. XREP Security Consideration • Attacks on Reputation based system • Pseudo spoofing • Exploits the use of pseudonyms • This is discovered in the Vote Evaluation Phase • ID Stealth • Malicious node generates multiple replies for a query with the stolen ID and its own ID • This is prevented in Best Servant Check Phase • Another attack is that Malicious node stealing the Hash of a good resource • This becomes ineffective as the downloaded file hash does not match • Shilling • The attacker creates a multiple users with real IP address trying to influence the voting • This invariably increases the cost for the attacker • This is made by the TrustVote/TrustVoteReply

  21. Advantages of Combining Both Servant and Resource Reputations. • Reputation’s Life Cycle • Impact on peers anonymity • Cold-start • Performance Bottleneck • Blacklisting • Data Storage and Bandwidth requirements • Threshold Effects

  22. Thank You

More Related