200 likes | 214 Views
Secure Routing for Structured Peer-to-Peer Overlay Networks. M. Castro, P. Druschel, A. Ganesh, A. Rowstron and D. S. Wallach Proc. Of the 5 th Usenix Symposium on Operating Systems Design and Implementation, Boston, MA, Dec. 2002. Contents. Background of P2P overlay network
E N D
Secure Routing for Structured Peer-to-Peer Overlay Networks M. Castro, P. Druschel, A. Ganesh, A. Rowstron and D. S. Wallach Proc. Of the 5th Usenix Symposium on Operating Systems Design and Implementation, Boston, MA, Dec. 2002
Contents • Background of P2P overlay network • System model & Secure routing • Secure nodeId assignment • Secure Routing table maintenance • Secure message forwarding • Conclusion
NodeId Replica roots Key’s Root NodeId NodeId NodeId Background of P2P • Provide a powerful platform for decentralized services: network storage, content distribution, and application-level multicast. • Example P2P overlay networks: CAN, Chord, Pastry and Tapestry • An abstract model of P2P overlay network.
Pastry • A node’s route table has 128/2b rows and 2b columns. • Each node maintains a neighbor set (“leaf set”) • Includes a set of l nodes with nodeIds that are numerically closes to the present node’s nodeId • l/2 larger than the current nodeId • l/2 smaller than the current nodeId • l is constant for all nodes • A typical value is 8*log2bN Routing table of a Pastry node with nodeId 65a1x, b=4. Digits are in base 16, x represents an arbitrary suffix
Message routing in Pastry Routing a message from node 65a1 f c with key d46a1c. The dots depict live nodes in Pastry’s circular namespace.
System model & Secure Routing • System model • N: size of the overlay network • f : 0<= f < 1, fraction of faulty nodes • c: 1/N <= c <= f, size of collude nodes. (c=f) • Each node has a static IP address • Secure Routing • Secure routing primitive: ensures that when a non-faulty node sends a message to a key k, the message reaches all non-faulty member in the set of replica roots Rk with very high probability. • Securely assigning nodeIds to nodes • Securely maintain the routing tables • Securely forwarding messages
Secure nodeId assignment • Goal • ensure that an attacker cannot choose the value of nodeId assigned to the nodes that the attacker controls. • Attacks • By carefully choosing nodeIds, attack a victim node’s routing table • Control access to target objects by choosing closest nodeIds to all replica key. • Obtain a large number of legitimate nodeIds. • Solutions • Centralized - Certified nodeId • A set of trusted certification authorities (CAs) to assign nodeIds and to assign nodeId certificates. • The nodeId certificate binds a random nodeId to the public key • Nodes with valid certificates can join the overlay network • CAs are not involved in the overlay network
Decentralized • Require prospective node to solve cryto puzzle to gain a nodeId. • The cost to solving a crypto puzzle must be acceptable to legitimate node but hard enough to slow down attackers --- conflict • Simple approach using crypto puzzle • Each node generates a key pair: public key and private key • SHA-1(I, K) has the first p bits zero • I—initialization vector or MD5 • K – public key • The expected number of operations required to generate such a key pair is 2^p. • NodeId = SHA-1(I, K) • Periodically invalidate nodeIds
Secure routing table maintenance • Goal • Ensure that the fraction of faulty nodes that appears in the routing tables of correct nodes does not exceed f. • Attacks • Attackers fake proximity to increate the fraction of bad routing table entries • A correct node p sends a probe to estimate delay to a faulty node. • An attacker intercepts the probe and have the faulty node closest to p reply to the probe. • Supply incorrect routing updates while nodes join the overlay network.
Secure routing table maintenance (con’t) • Solutions – constrained routing table • One routing table that maintains network proximity information for efficient routing (as in Pastry and Tapestry) • The other routing table constraints routing entries (as in Chord).
Secure routing table maintenance (con’t) 64a1x 6501x Constraint routing table of a Pastry node with nodeId 65a1x, b=4. Digits are in base 16, x represents an arbitrary suffix
Secure routing table maintenance (con’t) • Initialize neighbor set • A newly joining node, n, picks a set of bootstrap nodes • Each bootstrap node obtain neighbor set to n • n picks the “closest” live nodeIds • Initialize routing table • Initialize locality-aware routing table • Initialize constraint routing table • Use secure forwarding to get live nodeId for each entry p for n’s constraint routing table – too expensive • n request its neighbor set’s constraint routing table
Secure message forwarding(1) • Goal: • Ensures that at lease one copy of a message sent to a key reaches each correct replica root for the key with high probability. • Attacks: • Faulty nodes can drop message • route message to the wrong place • Pretend to be the key’s root. • The root node itself may be faulty • The probably of routing successfully to a correct replica node is (1-f)h (h is the average routing hops) b = 4
Secure message forwarding(2) • Solution • Detect faults and redundant routes • Routes a message to the key’s root using locality-aware routing table • Collect the prospective set of replica roots from the prospective root node • Apply failure test to the set of replica roots. • If the test is negative, accept the prospective replica roots as the correct ones. • Otherwise, message copies are sent over diverse routes toward the various replica roots
Secure message forwarding(3) • Routing failure test(Based on the observation: the average density of nodeIds per unit of “volume” in the id space is greater than the average density of faulty nodeIds). • Input: a key x and a set of prospective replica roots for the key x: rn = id0,…, idl+1 • Output: negative or positive • p calculate the average numerical distance Up between consecutive nodesIds in its neighbor set. • P checks • All nodeIds in rn have a valid nodeId certificate, the closes nodeId to the key is the middle one, and the nodeIds satisfy the definition of a neighbor set. • The average numerical distance Urn in rn satisfies Urn < Up *γ Urn < Up *γ
Secure message forwarding(4) • Other attacks • Collect old nodeId certificates • Include both nodeIds of nodes it controls and nodeId of correct nodes in a prospective root neighbor set. • nodeId suppression attack • Suppress nodeId close to sender, increase β(false negative) • Suppress nodeId in root neighbor set , which increaseα(false positive)
Redundant Routing • While failure test is positive, send message to each replica root via multiple routes. • In Pastry, they send message from the source node to all of its neighbors in the p2p overlay. • Because nodeIds are random, the neighbors should represent a random, geographically diverse, sampling of the nodes in the p2p overlay. From there, each neighbor node forwards the message toward the target node. If at least one of the neighbors can achieve a successful route, then the message is considered successfully delivered.
Redundant route • Neighbor set anycast: 1) p sends r messages to the destination key x with a nonce. 2) Any correct node that receives the message and has x’s root in its neighbor set returns its nodeId certificate and the nonce, signed by its private key. 3) p collects in a set N the l/2+1 nodeId certificates closet to x on the left and l/2+1 nodeId certificates closet to x on the right, marked pending. 4) After timeout or r replies are received, p sends a list of nodeIds in N to each node in N. and mark as done. 5) Any correct node that receives the list forwards p’s original message to the nodes in its neighbor set that are not in the list or returns a confirmation if no such nodes exist. 6) P receives r confirmation or step 4 was executed three times. it computes the set of replica rots for x from N.
Simulation results Model and simulation results for the probability of reaching all correct replica roots using redundant routing with neighbor set anycast.
Conclusion • Presented the design and analysis of techniques for secure node joining, routing table maintenance and message forwarding in p2p overlay • Based on modeling and corroborated with simulations, they have measured that this operation can be successful with a 99.9% probability, as long as f<= 30%.