Presentation on theme: "1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic."— Presentation transcript:
1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic University
2 The Pollution Attack Attacker joins an ongoing video channel Attacker advertises it has a large number of chunks W hen neighbors request chunks, attacker sends bogus chunks Receiver plays back bogus chunks Each receiver may further forward the polluted chunks
4 Contributions Identified the pollution attack in P2P live video streaming applications Verify via experimental results (in PPLive) that pollution attack can be devastating Survey possible defenses against the attack
8 Hong Kong Peer Figure: Clean and polluted chunks to/from Hong Kong peer
9 Pollution Defense Mechanisms Blacklisting Traffic Encryption Chunk Signing –Sign-All Approach –Signature-Amortization Approaches Star Chaining Merkle Tree –Sign-and-Correct Approach
10 Chunk Signing Use PKI Every video source has public-private key pair Source uses private key to sign the chunks Receiver uses public key of source to verify integrity of chunk
11 Sign-All (1) Source –Source signs each chunk –Sends signature (authentication information) with corresponding chunk Receiver –Verifies each chunk individually using authentication information and public key of source
12 Sign-All (2) Chunk processing independence Bandwidth overhead -For a stream of m chunks, m signatures For 372 kbps channel with chunk size of 4000 bytes, around 3% Computation overhead - 1 (expensive) signature operation per chunk
13 Block Signing Chunks organized into blocks –Each block contains n chunks After generating n chunks, hash concatenation of all hashes, and sign result Reduces computation But cant verify individual chunks
14 Star Chaining Chunks organized into blocks –Each block contains n chunks After generating n chunks, calculate authentication information for each chunk –Signed hash of concatenation of all chunk hashes –Along with, all hashes of other n-1 chunks Receiver, chunk by chunk: –Applies public key to get hash of hashes –Verifies by concatenating hash of current chunk with those of the n-1 chunks, and taking hash
15 Star Chaining Computation overhead –> 1 signature per block Loss –> If some chunks are lost in block, can still decode rest Bandwidth overhead -> for block of n chunks, n-1 hashes + n signatures For channel of bitrate 372 kbps and chunk size of 4000 bytes, n = 32, about 16%
16 Merkle Tree Computation overhead –> 1 signature per block Loss –> If some chunks are lost in block, can still decode rest Bandwidth overhead -> nlog 2 n hashes + n signatures (about 5%)
17 Conclusion The pollution attack can be devastating Defenses: –Signature Amortization (Merkle Tree) – less computational overhead and delay at receiver but more bandwidth overhead –Sign-and-Correct – less bandwidth requirement but higher processing delay and computational requirement Based on requirements of the application, either of the two could be used
18 References  C. K.Wong and S. S. Lam. Digital signatures for flows and multicasts. IEEE/ACM Trans. Netw., 1999.  A. Lysyanskaya, R. Tamassia, and N. Triandopoulos. Multicast authentication in fully adversarial networks. In IEEE Symposium on Security and Privacy, 2004.
Your consent to our cookies if you continue to use this website.