360 likes | 376 Views
Phenix: Supporting Resilient Low-Diameter Peer-to-Peer Topologies Rita H. Wouhaybi, and Andrew T. Campbell. Antonis Papadogiannakis. Outline. Introduction Phenix Algorithm Description Simulation and Evaluation Experimental Results Conclusion. Introduction.
E N D
Phenix: Supporting Resilient Low-Diameter Peer-to-Peer TopologiesRita H. Wouhaybi, and Andrew T. Campbell Antonis Papadogiannakis Phenix Peer-to-Peer System
Outline • Introduction • Phenix Algorithm Description • Simulation and Evaluation • Experimental Results • Conclusion Phenix Peer-to-Peer System
Introduction • P2P networks are mainly unstructured with no specific topology • Resilient networks: their performance does not affect from network dynamics (nodes joining and leaving, node failure and network attacks) • Low diameter networks: low average distance between nodes, good performance, fast response time • Diameter: average shortest path between two nodes • There are two classes of P2P networks: unstructured networks with better resilience (e.g. Gnutella, KaZaA) and structured networks with better performance (e.g. Chord, CAN) Phenix Peer-to-Peer System
Unstructured VS Structured networks Phenix Peer-to-Peer System
Phenix: A P2P Algorithm • Neither structured nor unstructured networks offer both good performance and resilience • Phenix algorithm constructs low-diameter resilient topologies so it offers both performance and resiliency • Does not impose structure but it create some order instead of total randomness • Low diameter by creating topology of nodes whose degree distribution follows a power-law • Phenix algorithm is fully distributed and does not require any central server • Even in targeted attacks Phenix preserves low diameter by efficiently rearrange the nodes connectivity with low cost Phenix Peer-to-Peer System
Main Design Goals of Phenix • To construct low-diameter graphs for fast response times and small number of hops between nodes • To maintain low-diameter topologies under conditions where nodes join/leave the network and under malicious conditions where nodes attacked and removed from network • To implement the algorithm fully distributed without the need of any central server (also without “supernodes” or “ultrapeers” as in KaZaA and Gnutella v0.6) as it is vulnerable in attacks and malicious nodes • To support the peer connectivity generally so a wide variety of applications can use this network Phenix Peer-to-Peer System
Phenix Algorithm Description Outline • Power-Law Properties • Phenix Algorithm design • Network resiliency • Preferential Nodes Phenix Peer-to-Peer System
Power-Law Properties (1/2) • Power-law (or scale-free) networks: their degree distribution follows a power law, p(K)=K-γ , where K=degree, p(K)=the number of nodes with degree K and γ is the exponent, in most networks it tends to be close to 2 • This means that in power-law networks many nodes have low degree and few nodes have a very high degree • These high connected nodes act as hubs for the rest nodes • In Phenix nodes with degree higher than the average emerge as preferred nodes • Every new node that joins the network wants to connect to a preferred node (with high degree) for better visibility • This approach guarantees power-law for degree distribution Phenix Peer-to-Peer System
Power-Law Properties (2/2) • Power-law networks have a low diameter and they can grow while maintaining a low diameter (scale-free) • Large diameters cause more network traffic or degraded performance if lower radius search is chosen (tradeoff) • Phenix constructs P2P topologies that follows a power-law for its node degree distribution and leads to low diameter Phenix Peer-to-Peer System
Phenix Algorithm Design (1/2) • Algorithm for node i joins the network connect_to_network(i) { obtain Ghost,i from host cache server; divide Ghost,i into Grandom,i and Gfriends,i ; let s be the size of Gfriends,i ; Gcandidates,i =Ø; for (x=0; x<s; x++) { send M0 ; where M0=<source=i, dest=Gfriends,i[x], type=ping, TTL=1, hops=0> Gcandidates,i = Gcandidates,i U Gneighbors[x] ; [x sends a pong to i with its neighbors] [Gfriends,i[x] sends a M1 ping message to its neighbors with source=i, hops=1 and TTL=0 and each neighbor j adds i to a Γj list for a period of time τ] } Gpreferred,i = [g1, g2, …, gp] sorted( Gcandidates,i); [sort by appearance frequency] create connection with all nodes in Gi = Grandom,i U Gpreferred,i ; Phenix Peer-to-Peer System
Phenix Algorithm Design (2/2) for (every m that belongs in Gpreferred,i) { if (i belongs in Γm) cm++; if (cm≥γ) { [creates backward connection] cm= cm - γ; Gbackward,m=Gbackward,m U { i }; [at most din,m/γ backward connections] Gpreferred,i = Gpreferred,i – { m }; Ghighly_preferred,i = Ghighly_preferred,i + { m }; } [list of neighbors: Gi= Grandom,i, Gpreferred,i, Ghighly_preferred,i, Gbackward,i ] } } Example: Phenix Peer-to-Peer System
Network Resiliency • Power-law networks often collapse under targeted attacks in nodes with high degrees (network partitioning) • Guidelines for resiliency: • Hide the identity of high connected nodes • Node maintenance, rearrange connections under attack • Assume that attacker can force a node to drop out of network (e.g. DOS attack) when it knows the node’s IP • Goal of resilience in Phenix is a network graph close to a strongly connected graph as possible Phenix Peer-to-Peer System
Hiding Node Identities • Three mechanisms for limiting the knowledge of a malicious user for the network connections graph: • When a node i sends a ping message M0 the receiver sends a M1 ping message to neighbors and they add i to their Lj list (“black list”) for a period of time. If i sends ping again (“crawling” – capture graph state) it will be in the list and no pong will be sent back. This will slow the crawl progress • Discard any ping message with TTL greater than 1 • Backward connections are not included in pong messages in order to protect possible preferential status for this node. Only the subset Goutside_world=[Grandom, Gpreferred, Ghighly_preferred] is included Phenix Peer-to-Peer System
Node Maintenance Mechanism (1/3) • A state probing mechanism for node failure or attack cases: • The number of neighbors of a node i (hi) is: hi = hir + hip +hib , where hir, hip, hib represent random, preferential (standard and highly) and backward neighbors • If hir + hip < threshold, node i runs a maintenance procedure • If a node leaves gracefully it informs neighbors but if it leaves forcefully a neighbor node can be informed only through probing • Probing: message M2=<source=i, type=ping, TTL=0, hops=0> is send to all neighbors by a node i waiting for response in a timeout if neighbor is alive Phenix Peer-to-Peer System
Node Maintenance Mechanism (2/3) • Number of neighbors before node maintenance is where dri(tn), dpi(tn), dbi(tn) are the number of random, preferential and backward neighbors lost since the last node maintenance • After the node maintenance we will have where uri(tn), upi(tn) are the numbers of new nodes added randomly and preferentially • Ratio of preferential and random neighbors for a node i: where ai(t0)=1 Phenix Peer-to-Peer System
Node Maintenance Mechanism (3/3) • The updates on neighbors is performed as below: where is the average number of preferential nodes dropped out over the last l cycles and μp is the expected value of neighbors disappeared in 1 cycle • The final number of neighbors is: Phenix Peer-to-Peer System
Preferential Nodes (1/2) • Phenix encourages the use of nodes with higher degree than the average (preferred nodes) • If μ is the average number of neighbors a new node will connect to μ/2 nodes from Grandom,i and to μ/2nodes from Gcandidates,i that appears most (Gpreferred,i) since ai(t0)=1 • The probability that a node appears at least twice (preferred node) is: where m=μ/2 and N the number of nodes in the network. Since μ/N<1 it follows Phenix Peer-to-Peer System
Preferential Nodes (2/2) • Probability that a preferred node appears (a node that appears at least twice in candidates list) versus the average number of neighbors for different values of N (number of nodes in the initial network) Phenix Peer-to-Peer System
Simulation and Evaluation • Results from implementation of Phenix algorithm in a simulation environment based on Java software • Power-Law Analysis • Attack Analysis Phenix Peer-to-Peer System
Power-Law Analysis • Degree distribution for a network with 1,000 nodes and for a network with 100,000 nodes on a log-log scale shows the emerging of power-law in Phenix system Phenix Peer-to-Peer System
Attack Analysis (1/2) • Three different types of attacks: • Modest attack: a user that acquires host cache information and candidate’s list like a normal user and then attacks to the nodes that appears most, removing them from the network • ‘Group Type I’ attack: add a number of nodes to network that only point to each other for increasing the possibility to emerge as preferred nodes and then create anomalies and suddenly disconnect all at the same time for partitioning the network • ‘Group Type II’ attack: add a number of nodes to network that behaves like normal nodes and then create anomalies and suddenly disconnect all at the same time for partitioning the network • Last two attacks are possible as network is open without any authentication or authorization Phenix Peer-to-Peer System
Attack Analysis (2/2) • Simulations in network with 2000 nodes (starting with 20), each node chooses a number of neighbors between 5 and 8 • Metric: percentage of unique reachable nodes in the network vs. the number of hops (TTL) • Comparison between a random network (Gnutella v0.6) and Phenix network under attack Phenix Peer-to-Peer System
Modest Attach Analysis Phenix Peer-to-Peer System
Group Attack Analysis Phenix Peer-to-Peer System
Type I Attack Analysis Phenix Peer-to-Peer System
Type II Attack Analysis Phenix Peer-to-Peer System
Attack Analysis in Different Networks • Same simulations for hybrid attacks in network of 20,000 nodes and 2,000 nodes • TTL increment does not improve reachability after a value Phenix Peer-to-Peer System
Giant Component • Giant component: the largest portion of network that remains strongly connected under attacks • Metric: percentage of nodes in giant component vs. percentage of malicious users (group attack) Phenix Peer-to-Peer System
Alpha behavior • α parameter contributes in creating highly connected nodes when it decreases, so it helps for fast recovery • Simulation with hybrid attack 10% Group Type I and 20% Group Type II, α behavior studied Phenix Peer-to-Peer System
Experimental Results • Phenix implementation in a real Internet-wide environment on the PlanetLab testbed • Experiments in 81 PlanetLab nodes • Implementation • Degree Distribution Experiments • Targeted Attacks Experiments Phenix Peer-to-Peer System
Implementation • Modifying the JTella API, based on Gnutella v0.6, for Phenix needs (instead of Gnutella’s random topology) • Each node consists of two layers • First layer implements Phenix algorithm and consists of two types of connections, one that waits incoming connections from other nodes and sends/receives ping messages and an other for Phenix outgoing connections • Second layer is used for experimental purposes, for monitoring connections and controls the node (join/remove to the network) Phenix Peer-to-Peer System
Degree Distribution Experiments • Network started with 10 nodes connected randomly and every new node get a list of 4 nodes. min=3 and max=4 as bounds for neighbors (out-degree) • Out-degree (number of neighbors) distribution examined Phenix Peer-to-Peer System
Targeted Attacks Experiments • Three of the nodes with high degree (with 5, 10 and 18 connections) removed from the system, and the time for recovery using node maintenance was examined • Results gives a fast recovery (for most nodes less than a sec) and new (final) network consists of four new highly connected nodes ensuring low-diameter Phenix Peer-to-Peer System
Conclusion (1/2) • Phenix designed fully distributed in order to create low-diameter and resilient P2P topologies • Phenix supports high performance in terms of low-diameter and fast response times, is robust to attacks and resilient to network dynamics (joins/leaves, failures, attacks) • Rise in number of security attacks makes the need for resilient networks (with also good performance) necessary • In simulations section node maintenance didn’t consider. Using the mechanism of node maintenance the network can recover from group attacks with 90% malicious nodes • Phenix seems to have very good response to attacks that assumed in this paper • Sophisticated attacks used in the paper for simulations, but there are also many other attacks Phenix Peer-to-Peer System
Conclusion (2/2) • Much future work: • Authentication or authorization for extra security • Sharing the “black lists” with higher layer protocols • It is not possible for any node to handle any traffic, so many nodes would refuse to be highly connected • Choosing the neighbors geographically, using response times • More extensive experiments in larger scale • Phenix only constructs effective topologies for P2P networks. There is no proposal for other operations of Phenix P2P system, e.g. any smart query technique for searching in these topologies • The experiments done in this work (using 81 nodes) was in a small scale for real P2P systems (with thousands nodes) Phenix Peer-to-Peer System
Thanks! • Thanks for listening…… • Merry Christmas and happy 2005! Phenix Peer-to-Peer System