1. Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao

2. Outline Background P2P File Sharing DoS Scenario File-targeted DoS attacks Network-targeted DoS attacks Model Simulation Study

3. Gnutella Overview Peer-to-peer indexing and searching service Built on top of an unstructured overlay network Two level hierarchy Peer-to-peer point-to-point file downloading using HTTP P2P file sharing application on top of an overlay network Nodes maintain open TCP connections Messages are broadcasted (flooded) or back- propagated

4. Gnutella － unstructured p2p system A given file can be stored at any node Original version used scoped flooding to locate a file flexible and robust, not scalable Two-level hierarchy (KaZaA) Leaf nodes & supernodes Hierarchy p2p systems are scalable than the original one

5. Freenet － unstructured p2p network Aim － to provide anonymity and censorship resistance Each file is assigned a unique ID by hashing the file content Each node maintains a routing table Insert The file is routed according to its ID and stored at all nodes along the path Retrieve The file is copied along the path from the source to the requester It is hard to locate all copies of a specific file Trying to locate a file will result in the file being copied at even more nodes

6. Structured p2p networks Partition a global ID space across all nodes Each node － for a chunk of the ID space Each file is associated with a unique ID A file can be stored at an arbitrary node Efficient in locating such a node Given an ID, find the node responsible for that ID Find the node responsible for a given ID by contacting only O(logN) nodes Example: CAN, Chord, Pastry, Tapestry, Kademlia

7. Structella—hybrid proposal Use flooding to locate files, but in a more efficient way Use the underlying structure of Pastry to send no more than one flood message per virtual link Reduce the flooding cost by a factor of k Note: This paper assume that the replies are sent back to the requester using the Pastry routing protocol.

8. Outline Background P2P File Sharing DoS Scenario File-targeted DoS attacks Network-targeted DoS attacks Model Simulation Study

9. File-targeted DoS attacks － pollution attacks Malicious node advertises a corrupted file, and eventually distributes this copy The p2p network topology does not play a role in the effectiveness The user-behavior factors determine the spread of polluted files Willingness to share files Speediness in removing corrupted files Persistence in downloading files under attack Attack against a single file Attacker wants to prevent spread of file

10. Attack Model Attacker responds to queries for a particular file Replies with a very high bandwidth and low waiting time, to be attractive Serves fake content for the file Requires relatively large resources Attacker serves 10% of file

11. Analytical Model: Spreading Content

12. Spreading polluted and good copies

13. Non-cooperative users

14. Effect of User Persistence Here it is!

15. Counterstrategy: Parallel Download

16. File-targeted DoS attacks System is really quite vulnerable Attacker, however, requires large resources to mount the attack FYI, there is evidence that these pollution attacks are being carried out

17. Network-targeted DoS attacks Directed against unstructured p2p networks like Gnutella or Kazaa Attack against whole p2p network Attacker wants to significantly reduce system goodput

18. System model Two phase user-system interaction Query User sends query for particular file Responses are received and stored Download One or more responses are selected based on policy Downloads are initiated

19. Attacker Strategy False content attack Respond to all queries pointing to self Modify all replies and redirect to self Serve bad files Slow node attack Modify all replies and redirect to slowest nodes, advertising high speed for them.

20. Client Strategy Download peer selection policy: Best by expected download time Random Redundant best File chunking Reputation systems Detection

21. Network-targeted DoS attacks Again, systems are very vulnerable Again, attackers require quite large resources to mount attack Random selection counterstrategy effective However, it prevents selection of high bandwidth peers Non-attack performance is significantly reduced

22. Outline Background P2P File Sharing DoS Scenario File-targeted DoS attacks Network-targeted DoS attacks Model Simulation Study

23. Supernodes and hierarchy

24. Long paths for anonymity

25. Power-law topologies

26. Outline Background P2P File Sharing Gnutella DoS Scenario System model Attacker strategy Client strategy Model Simulation Study

27. Simulation Preliminaries Discrete event simulation Two peer classes Leaf nodes (80%) – 56Kb to 1Mb Supernodes (20%) – 1Mb to 10Mb Asymmetric bandwidth Upstream ¼ of downstream Zipf file distribution TCP max-min fairness

28. Baseline Experiments Baseline attack

29. System Factors Overlay structure and hierarchy

30. System Factors Path length

31. Victim counter strategies Random redundant downloads 1 or more in parallel Lowers base performance VERY MUCH Much less vulnerable to attack Best redundant download Best N by estimated time in parallel Lowers base performance Moves system breaking point far out

32. Conclusions File-targeted attacks are inefficient in cooperative p2p environment It is insufficient to only transmit false info to launch an attack in p2p networks Structured p2p systems are more resilient than hierarchical p2p systems System goodput degrades tremendously with the number of malicious nodes in both cases Reputation systems are largely ineffective Randomization techniques are indeed able to transform the system’s resilience from a devastating hyperexponential scaling to a more resilient linear scaling

33. Thank you!