1 / 30

Making Peer-to-Peer Anonymous Routing Resilient to Failures

Making Peer-to-Peer Anonymous Routing Resilient to Failures. Yingwu Zhu Seattle University http://fac-staff.seattleu.edu/zhuy. Overview. Background P2P Anonymous Routing Research Problem Current Solutions Our Approach Erasure Coding Message and Path Redundancy Wise Choice of Mixes.

zelia
Download Presentation

Making Peer-to-Peer Anonymous Routing Resilient to Failures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Making Peer-to-Peer Anonymous Routing Resilient to Failures Yingwu Zhu Seattle University http://fac-staff.seattleu.edu/zhuy IPDPS 2007

  2. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  3. P2P Anonymous Routing • Using P2P networks as an anonymizing network to achieve initiator/responder anonymity • Using peer nodes as mixes or relay nodes to relay messages, tunneling communication for initiators/responders • Many are based on Onion Routing • Layered encryption creates an Onion • Multi-hop routing: an anonymous message represented by an Onion goes through a small number of mixes (strip the Onion) IPDPS 2007

  4. P2P Anonymous Routing • Why appealing? • A potentially large anonymity set offered by the open set of peer nodes • Sidestep political background and local jurisdiction issues due to the distribution of peer nodes • Scalable compared to current static anonymizing networks which operate a small set of fixed mixes • Ideal for hiding anonymous traffics due to communication patterns and heterogeneity of peer nodes’ locations • More?... IPDPS 2007

  5. P2P Anonymous Routing • A big challenge: node churn in P2P networks • Problems • Fragile and short-lived paths: node failures disrupts anonymous paths/tunnels • Message loss and communication failures • Complicate path construction which is expensive, i.e., usually incurs expensive asymmetric encryption/decryption IPDPS 2007

  6. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  7. Research Problem • Can we make P2P anonymous routing resilient to node failures? • We are not alone! • Mix-base solutions • Multicast-based solutions IPDPS 2007

  8. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  9. Current Solutions • Mix-based • Use a group of peer nodes as a mix to mask single mix node failures • The peer nodes in each group share secrecy to encrypt/decrypt messages along the path • E.g., TAP and Cashmere IPDPS 2007

  10. Current Solutions • Multicast-based • Initiators and responders join a group • Messages are multicasted to all group members • Cover/noise traffics are used to gain initiator/responder anonymity • Bandwidth overhead due to message multicasting and cover traffics • E.g., P5, APFS, Hordes IPDPS 2007

  11. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  12. Our Approach • Based on a simple yet powerful idea • Resilience can be achieved by redundancy • Rely on Onion routing • Layered encryption and multi-hop routing • Techniques employed • Message redundancy by erasure coding • Path redundancy (coded messages are sent over multiple disjoint paths) • Wise choice of peer nodes as mixes in each single path IPDPS 2007

  13. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  14. Erasure Coding • Widely used in file & storage systems • Tradeoff between data availability and storage cost • Breaks a message M into n coded segments, each of length |M|/m • m of n segments suffice to reconstruct M • Redundancy r = n/m IPDPS 2007

  15. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  16. M1 M1 M1 M1 Mk … … Mk Mk Mk … … Mn Mn Mn Mn Onion Routing Message and Path Redundancy M: original message Mi: coded segment with length of |M|/m, 1≤ i ≤ n Bob Alice Alice can reconstruct M upon the first m arrived coded segments IPDPS 2007

  17. Allocation of Coded Segments • Message M n coded segments with length of|M|/m, redundancy r = n/m • k disjoint paths from Bob to Alice • Idea: equally distribute n segments over k paths (k ≤ n, assume k is a multiple of r for simplicity) • P(k) = Psuccess (Alice receives M) = Prob(≥k/r paths succeed in message delivery) p = (pnode_availability)L L: # of nodes in a path Goal: maximize P(k) with respect to k and r IPDPS 2007

  18. Allocation of Coded Segments Guideline to maximize routing resilience upon different node availabilities and message redundancy degrees IPDPS 2007

  19. Validation of 3 Observations Impact of different ks on success of routing under different node availabilities of 0.70, 0.86, and 0.95, where L = 3 and r = 2. IPDPS 2007

  20. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  21. Wise Choice of Mixes • Problem • Current mix-based protocols do NOT consider node lifetime when choosing mixes • Random selection in mixes • Our goal • Choose nodes that tend to live longer as mixes • Improve path durability (prolong path lifetime) • Challenge • Can we predict node lifetime? IPDPS 2007

  22. Node Lifetime Distribution Figure 1: Cumulative dist. of the measured Gnutella node lifetime dist. comparedwith a Pareto dist. with α=0.83 and β = 1560 sec. IPDPS 2007

  23. Wise Choice of Mixes • Based on the Pareto distribution • Prediction: Nodes that have stayed a long time tend to stay longer in the system • Each node gossips node liveness information they have learned • Each node seeking anonymity makes mix choices to construct anonymous paths based on node liveness prediction IPDPS 2007

  24. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  25. Experimental Setup • Simulator built from P2psim 3.0 by MIT • Augment OneHop • Membership management is essentially a hierarchical gossip protocol • Learn node liveness information • Node lifetime dist. to simulate churn • Pareto • Uniform • Exponential IPDPS 2007

  26. Results • Main results are omitted here. • Security analysis • Similar to Onion Routing • Please see paper for details IPDPS 2007

  27. Impact of wise choice of mixes on path durability (the duration that a sender can successfully route messages to a destination over 4 disjoint paths with redundancy degree of 4) IPDPS 2007

  28. Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007

  29. Summary • Strike a balance between routing resilience and bandwidth cost while preserving sender anonymity • Message redundancy by erasure coding and path redundancy • Improve path construction and routing resilience • Tolerate up to path failures • Choice of mixes based on node lifetime prediction • Based on Pareto dist. • Surprisingly, work very well for other dist. like Uniform and Exponential dist. (significantlybetter than random selection) • Bandwidth cost by erasure coding is modest IPDPS 2007

  30. Questions ? IPDPS 2007

More Related