Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward.

Published byDorothy Conley Modified over 9 years ago

Similar presentations

Presentation on theme: "Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward."— Presentation transcript:

1 Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward W. Felten 3 J. Alex Halderman 1 Christopher J. Rossbach 2 Brent Waters 2 Emmett Witchel 2 1 The University of Michigan 2 The University of Texas at Austin 3 Princeton University

2 Click to edit Master title style Road Map 1.What is Vanish? 2.Attacking Vanish 3.Costs and performance 4.Countermeasures 5.What went wrong?

3 Click to edit Master title style Why Self-Destructing Data? AliceBob “Transient” messages tend to persist Stored copies enable retroactive attacks Attacker subpoenas data months or years later

4 Click to edit Master title style DHT Vanish AliceBob Geambasu, Kohno, Levy, Levy — USENIX Security ’09   Mallory

5 Click to edit Master title style Vanish and Vuze Vanish uses the Vuze DHT (Distributed Hash Table) Over 1 million nodes, mostly BitTorrent Nodes delete values after 8 hours Vuze DHT

6 Click to edit Master title style Vanish and Vuze Vuze DHT Shares placed at random locations in the DHT Replicated to 20 “closest” nodes 

7 Click to edit Master title style Is Vanish Secure? Vanish 0.1 prototype released at publication Included user-friendly Firefox plugin Focused wide attention on its practical security

8 Click to edit Master title style Road Map 1.What is Vanish? 2.Attacking Vanish 3.Costs and performance 4.Countermeasures 5.What went wrong?

9 Click to edit Master title style DHT Crawling Threat Threat: attacker might continuously archive all data in the DHT Later, query archive to decrypt messages Don’t need specific targets when recording

10 Click to edit Master title style Crawling with a Sybil Attack

11 Click to edit Master title style A Practical Threat? Vanish authors anticipated this attack and estimated would need 87,000 Sybils at a cost of $860,000/year……… Can we do better?

12 Click to edit Master title style Making the Attack Practical Insight: have 8 hours to observe fragments Vuze replicates to 20 nearest nodes 1.Every 30 minutes 2.On join!

13 Click to edit Master title style

14 “Hopping” Strategy Sybils “hop” to new IDs every 3 minutes 160x resource amplification over 8 hours Practical attack needs only ~2000 concurrent Sybils with hopping

15 Click to edit Master title style Making the Attack Practical Insight: Vuze client is a notorious resource hog Only 50 instances fit in 2 GB of RAM! Can we more efficiently support 2000 Sybils?

16 Click to edit Master title style Optimized Sybil Client C, lightweight, event-based implementation Listen-only (no Vuze routing table!) Thousands of Sybils in one process

17 Click to edit Master title style Road Map 1.What is Vanish? 2.Attacking Vanish 3.Costs and performance 4.Countermeasures 5.What went wrong?

18 Click to edit Master title style Attack Costs? Vanish paper estimate (for 25% recovery at k=45, n=50): – 87,000 Sybils – $860,000/year What does attacking Vanish really cost?

19 Click to edit Master title style Experiments 1.Insert key shares into the DHT 2.Run attack from 10 Amazon EC2 instances 3.Measure: DHT coverage= % key shares recovered Key coverage = % messages decrypted Attack cost= EC2 charges (Sep. 2009)

20 Click to edit Master title style Experimental Results Cost for >99% Vanish key recovery? AttackConcurrent Sybils Key Shares Recovered Annual Attack Cost * Hopping50092%$23,500 Hopping + Optimized Client 200099.5%$9,000

21 Click to edit Master title style DHT Coverage vs. Attack Size Hopping plus Optimized Client

22 Click to edit Master title style Key Recovery vs. Attack Size 25% @ 70k Sybils 99% @ 136k Sybils Hopping plus Optimized Client Key-sharing parameters (k/n)

23 Click to edit Master title style Annual Cost vs. Key Recovery 25% @ $5000 90% @ $7000 99% @ $9000 Hopping plus Optimized Client Key-sharing parameters (k/n)

24 Click to edit Master title style Storage $1400/yr for all observed data $80/yr for potential key shares

25 Click to edit Master title style Road Map 1.What is Vanish? 2.Attacking Vanish 3.Costs and performance 4.Countermeasures 5.What went wrong?

26 Click to edit Master title style Increase Key Recovery Threshold? Required coverage increases in n and k/n Why not raise them? (99/100?) Reliability: some shares lost due to churn Performance: pushing shares is slow!

27 Click to edit Master title style Limit Replication? Attack exploits aggressive replication Less replication might make the attack harder, but how much? More in a few slides…

28 Click to edit Master title style Sybil Defenses from the Literature? Client puzzles Limit ports/IP, IPs/subnet, etc. Social networking

29 Click to edit Master title style Detecting Attackers Find and target IPs with too many clients Use node enumerator, Peruze Can detect attack IPs hours after the attack Detected the Vanish demo

30 Click to edit Master title style Road Map 1.What is Vanish? 2.Attacking Vanish 3.Costs and performance 4.Countermeasures 5.What went wrong?

31 Click to edit Master title style Recall Vanish Authors’ Analysis Cost estimates for 25% recovery at 45/50: – 87,000 Sybils – $860,000/year Extrapolated from 8000-node DHT Actual cost: -70,000 Sybils -$5000/year

32 Click to edit Master title style Cost Estimation Issues Vanish paper extrapolated from 8000-node DHT Assumed Sybils must run continuously Assumed attacker uses inefficient Vuze client

33 Click to edit Master title style Cost Not Linear in Recovery Key Recovery Fraction Key-sharing parameters (k/n) Coverage Fraction

34 Click to edit Master title style Response to Our Work Second report and prototype by Vanish team 1 New defenses – Use both Vuze DHT and OpenDHT – Disable replicate-on-join in Vuze – Use less aggressive “threshold replication” Will these defenses stop real attackers? 1 Geambasu, Falkner, Gardner, Kohno, Krishnamurthy, Levy. “Experiences building security applications on DHTs”. Technical report, UW-CSE-09-09-01.

35 Click to edit Master title style Conclusion Showed attacks that defeat Vanish 0.1 in practice for $9000/year Vanish team has proposed new defenses Future work: are new defenses effective? Our take: building Vanish with DHTs seems risky.

36 Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward W. Felten 3 J. Alex Halderman 1 Christopher J. Rossbach 2 Brent Waters 2 Emmett Witchel 2 1 The University of Michigan 2 The University of Texas at Austin 3 Princeton University http://z.cs.utexas.edu/users/osa/unvanish/

37 Click to edit Master title styleReferences J.R. Douceur. The Sybil attack. IPTPS 2001. R. Geambasu, J. Falkner, P. Gardner, T. Kohno, A. Krishnamurthy, H. Levy. Experiences building security applications on DHTs. Technical report, UW-CSE-09- 09-01. R. Geambasu, T. Kohno, A. Levy, H. Levy. Vanish: Increasing data privacy with self- destructing data. USENIX Security 2009. G. Memon, R. Rejaie, Y. Guo, D. Stutzbach. Large-scale monitoring of DHT traffic. IPTPS 2009. M. Steiner, T. En-Najjary, E. Biersack. A global view of Kad. IMC 2007. M. Steiner, W. Effelsberg, T. En-Najjary, E. Biersack. Load reduction in the KAD peer- to-peer system. DBISP2P 2007. D. Stutzbach and R. Rejaie. Improving lookup performance over a widely-deployed DHT. INFOCOM 2006. D. Stutzbach and R. Rejaie. Understanding churn in peer-to-peer networks. IMC 2006.

38 Click to edit Master title styleVanish Attack Model Need to recover k of n fragments p = Pr{recover key fragment} Pr{recover VDO} = Pr{recover k or more fragments} Binomial distribution Pr{recover VDO} =

39 Click to edit Master title styleCoverage Model m Sybils see c of N objects Balls-in-bins problem Expected fraction = 1 – e -cm/N = 1 – e -sm s = c/N is the (overlapping) fraction of the network observed by each Sybil

40 Click to edit Master title stylePrior Work Enumerating DHT nodes – Cruiser [Stutzbach 2006a,b] – Blizzard [Steiner 2007a] Measuring DHT traffic – Mistral [Steiner 2007b] – Montra [Memon 2009]

41 Click to edit Master title style Hopping plus Optimized Client Concurrent Sybils Hours# VDO Fragments Fragments Found 2000816501640 (99.4%) 20007.517001692 (99.5%) 500816501561 (91.8%)

Download ppt "Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward."

Similar presentations

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Peer to Peer and Distributed Hash Tables

Peer to Peer and Distributed Hash Tables
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Pastiche: Making Backup Cheap and Easy. Introduction Backup is cumbersome and expensive Backup is cumbersome and expensive ~$4/GB/Month (now $0.02/GB)

Pastiche: Making Backup Cheap and Easy. Introduction Backup is cumbersome and expensive Backup is cumbersome and expensive ~$4/GB/Month (now $0.02/GB)
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.
Comet: An Active Distributed Key-Value Store Roxana Geambasu Amit Levy Yoshi Kohno Arvind Krishnamurthy Hank Levy University of Washington.

Comet: An Active Distributed Key-Value Store Roxana Geambasu Amit Levy Yoshi Kohno Arvind Krishnamurthy Hank Levy University of Washington.
Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.
S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.
Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.

Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.
Small-Scale Peer-to-Peer Publish/Subscribe

Small-Scale Peer-to-Peer Publish/Subscribe
Haifeng Yu National University of Singapore

Haifeng Yu National University of Singapore
Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J.

Privacy Management for J. Alex Halderman Brent Waters Edward W. Felten Princeton University Department of Computer Science Portable Recording Devices J.
Applications over P2P Structured Overlays Antonino Virgillito.

Applications over P2P Structured Overlays Antonino Virgillito.
Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.
Improving Lookup Performance over a Widely-Deployed DHT Daniel Stutzbach Reza Rejaie The ION P2P Project University of.

Improving Lookup Performance over a Widely-Deployed DHT Daniel Stutzbach Reza Rejaie The ION P2P Project University of.
Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.

Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.
Understanding Churn in Peer-to-Peer Networks Daniel Stutzbach – University of Oregon Reza Rejaie – University of Oregon Internet Measurement Conference.

Understanding Churn in Peer-to-Peer Networks Daniel Stutzbach – University of Oregon Reza Rejaie – University of Oregon Internet Measurement Conference.

Similar presentations

Ads by Google