Induced Churn as Shelter from Routing-Table Poisoning Tyson Condie, Varun Kacholia, Sriram Sankararaman, Joseph M. Hellerstein, Petros Maniatis UC Berkeley.

Slides:

Advertisements

Similar presentations

Declarative Networking Mothy Joint work with Boon Thau Loo, Tyson Condie, Joseph M. Hellerstein, Petros Maniatis, Ion Stoica Intel Research and U.C. Berkeley.

Advertisements

AAAI of 20 Deconstructing Planning as Satisfiability A Revised Report Henry Kautz UW University of Rochester in collaboration with Bart Selman and.

November 20GEOINFO 20061/25 A Robust Strategy for Handling Linear Features in Topologically Consistent Polyline Simplification Department of Computer Engineering.

User meeting June Monthly and Seasonal forecasts Laura Ferranti and the Seasonal Forecast Section User meeting June 2006.

Cooling detectors in particle physics Gavin Leithall CCLRC Rutherford Appleton Laboratory.

CSCI-1680 Network Layer: Intra-domain Routing Based partly on lecture notes by David Mazières, Phil Levis, John Jannotti Rodrigo Fonseca.

Brocade: Landmark Routing on Peer to Peer Networks Ben Y. Zhao Yitao Duan, Ling Huang, Anthony Joseph, John Kubiatowicz IPTPS, March 2002.

1 23 maart 2006 Surface construction techniques for volumetric objects How to maintain convex and concave features? Eddy Loke and Erik Jansen.

CAN 1.Distributed Hash Tables a)DHT recap b)Uses c)Example – CAN.

Vermelding onderdeel organisatie 20/11/ DCA theme 3: Airport Systems Prof.dr.ir. Gabriel Lodewijks DCA - Delft Centre for Aviation Symposium Delft.

Magazine Journalism Welcome back to JO /10/2014template from copyright Overview Take attendance Review readings Write.

EAR-BASED AMENDMENT FORUM. September PROCESS AND PROCEDURES From Preparation of an Amendment to a Finding of “In Compliance”

EAR-BASED AMENDMENT FORUM. September Sponsored by the Pinellas Planning Council September 12 & 13, 2006 Harborview Center Clearwater.

THHGCS07B Coordinate Marketing Activities Lecture 2.

Data accreditation standard for the IM&T DES12 Sept The IM&T DES Using the tools that support e- audit John Williams & James Barrett.

CMPE 511, Fall Hybrid (Software-Hardware) Dynamic Memory Allocator Prepared by Mustafa Özgür Akduran İstanbul, 2006 Boğaziçi Üniversitesi.

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Peer to Peer and Distributed Hash Tables

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

More on protocol implementation Version walks Timers and their problems.

Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Speaker: Cathrin Weiß 11/23/2004 Proseminar Peer-to-Peer Information Systems.

Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)

Identity Theft Protection in Structured Overlays Lakshmi Ganesh Ben Y. Zhao University of California, Santa Barbara NPSec 2005.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.

Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.

Secure routing for structured peer-to-peer overlay networks M. Castro, P. Druschel, A. Ganesch, A. Rowstron, D.S. Wallach 5th Unix Symposium on Operating.

Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony L. T.

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Dynamic Hypercube Topology Stefan Schmid URAW 2005 Upper Rhine Algorithms Workshop University of Tübingen, Germany.

Building Low-Diameter P2P Networks Eli Upfal Department of Computer Science Brown University Joint work with Gopal Pandurangan and Prabhakar Raghavan.

Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.

Aggregating Information in Peer-to-Peer Systems for Improved Join and Leave Distributed Computing Group Keno Albrecht Ruedi Arnold Michael Gähwiler Roger.

presented by Hasan SÖZER1 Scalable P2P Search Daniel A. Menascé George Mason University.

Scalable Ad Hoc Routing: The Case for Dynamic Addressing INFOCOM 2004 Jakob Eriksson, Michalis Faloutsos, Srikanth Krishnamurthy University of California,

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Spring Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.

P2P Course, Structured systems 1 Introduction (26/10/05)

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Introduction to Peer-to-Peer Networks. What is a P2P network Uses the vast resource of the machines at the edge of the Internet to build a network that.

INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.

1 Napster & Gnutella An Overview. 2 About Napster Distributed application allowing users to search and exchange MP3 files. Written by Shawn Fanning in.

Introduction to Peer-to-Peer Networks. What is a P2P network A P2P network is a large distributed system. It uses the vast resource of PCs distributed.

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Disrupting Peer-to-Peer Networks Sybil & Eclipse Attacks Lee Brintle University of Iowa.

Impact of Neighbor Selection on Performance and Resilience of Structured P2P Networks IPTPS Feb. 25, 2005 Byung-Gon Chun, Ben Y. Zhao, and John Kubiatowicz.

Securing Distributed Sensor Networks Udayan Kumar Subhajit Sengupta Sharad Sonapeer.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Static Routing Routing and Switching Essentials.

An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.

The new protocol of freenet Taken from Ian Clarke and Oskar Sandberg (The Freenet Project)

Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

CS1001 Lecture 7. Overview Computer Networks Computer Networks The Internet The Internet Internet Services Internet Services Markup Languages Markup Languages.

Stefanos Antaris A Socio-Aware Decentralized Topology Construction Protocol Stefanos Antaris *, Despina Stasi *, Mikael Högqvist † George Pallis *, Marios.

Minimizing Churn in Distributed Systems P. Brighten Godfrey, Scott Shenker, and Ion Stoica UC Berkeley SIGCOMM’06.

Algorithms and Techniques in Structured Scalable Peer-to-Peer Networks

PeerNet: Pushing Peer-to-Peer Down the Stack Jakob Eriksson, Michalis Faloutsos, Srikanth Krishnamurthy University of California, Riverside.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

Advanced Computer Networks

Christian Scheideler Dept. of Computer Science

Copyright notice © 2008 Raul Jimenez - -

Copyright notice © 2008 Raul Jimenez - -

Providing Secure Storage on the Internet

A Sybil-proof DHT using a social network

Presentation transcript:

Induced Churn as Shelter from Routing-Table Poisoning Tyson Condie, Varun Kacholia, Sriram Sankararaman, Joseph M. Hellerstein, Petros Maniatis UC Berkeley and Intel Research Berkeley

Tyson CondieNDSS Roadmap Overlay networks Routing Table Poisoning Attacks Induced Churn – Periodic reset of routing table – Unpredictable identifier selection – Rate-limiting routing table updates Implementation Results

Tyson CondieNDSS Overlay Networks The nodes build some topology above the network –Messages flow along edges of overlay topology –Typically overlay construction decentralized –Requires little state so can scale to millions of hosts Application use of overlays increasingly common –Resolution services: DNS, Gnutella, etc. –Communication services: Skype –Many others: Akamai, Coral, Microsoft Exchange, Friends Troubleshooting Network, SOS, RON, … Internet Overlay

Tyson CondieNDSS Overlay Networks Typically you start with –A population of some nodes –An idealized graph Hypercube, de Bruijn, random –A set of operations on the graph E.g., search, aggregation, routing, etc. To construct an actual overlay –Nodes assigned identifiers uniformly at random –Mapping function from an ideal graph to node population

Tyson CondieNDSS Hypercube A hypercube connects graph vertices that differ by a single bit in the binary identifier Mapping: node with next higher identifier Link 1 = Link 2 = Link 3 = Neighbors for Link 4 = Link 5 = 00010

Tyson CondieNDSS Prefix Hypercube Prefix hypercube gives more degrees of freedom in mapping graph vertices to nodes –The suffix of the node identifier does not matter Link 3 = 101XX Link 4 = 1000X Link 5 = Link 2 = 11XXX Neighbors for Link 1 = 0XXXX

Tyson CondieNDSS Optimized Prefix Hypercube Optimized prefix hypercube –Choose neighbor with low latency and a proper prefix ms 5ms 11101

Tyson CondieNDSS Malicious Nodes Some fraction of the nodes in the population may be bad, controlled by an adversary

Tyson CondieNDSS Routing Table Poisoning Intercept requests and respond to them Intercept routing table updates and respond to them Spoof optimization computations to increase desirability

Tyson CondieNDSS Routing Table Poisoning Intercept requests and respond to them Intercept routing table updates and respond to them Spoof optimization computations to increase desirability

Tyson CondieNDSS Routing Table Poisoning Intercept requests and respond to them Intercept routing table updates and respond to them Spoof optimization computations to increase desirability

Tyson CondieNDSS Routing Table Poisoning Intercept requests and respond to them Intercept routing table updates and respond to them Spoof optimization computations to increase desirability

Tyson CondieNDSS Roadmap Overlay networks Routing Table Poisoning Attacks Induced Churn – Periodic reset of routing table – Unpredictable identifier selection – Rate-limiting routing table updates Implementation Results

Tyson CondieNDSS Rejuvenate Routing Tables Constrained graph –Poor performance + Less prone to routing table poisoning Optimized graph + Flexibility helps improve performance –But also amplifies routing table poisoning Intuition: Find common ground between the two!

Tyson CondieNDSS Epoch NEpoch N+1 Rejuvenate Routing Tables Maintain one routing table of each kind of graph –Use optimized table to route requests –The constrained to maintain itself Periodically, reset optimized routing table to the constrained one –Average optimized poisoning lower

Tyson CondieNDSS Rejuvenate Routing Tables Shorter epoch means lower average poisoning But lower average performance as well

Tyson CondieNDSS Make Rejuvenation Unpredictable If I dont change identifier the adversary knows where I am at all times –She can build upon prior knowledge to amplify her poisoning Change node identity every epoch – She must attack me anew at every epoch Make identifier changes unpredictable –She cant preplan future attacks So how do we do this –Map from IP address to unpredictable ID using a timed stream of random numbers ID(IPaddr, time) = h(CurrentRand time || IPaddr) –To verify this mapping across all good nodes make the time stream of nonces common We use a global randomness server

Tyson CondieNDSS Keep Slope Low We rely on the slope of poisoning to remain low If as soon as I reset my poisoning jumps weve gained nothing Fix a rate for updating routing table –Adjust for bundled updates

Tyson CondieNDSS Challenges Churn leads to instability –Churning everyone at once will be unstable –Computing new state requires some number of messages –Nodes are unreachable during rejoin process Staggered Churn Desynchronize churn so only a small fraction of nodes are churning at the same time Routing State Precomputation Preplan our next position

Tyson CondieNDSS Staggered Churn –We split the population into G groups –According to the high-order bits of their IP address

Tyson CondieNDSS Staggered Churn –And we stagger their churn times –So that only nodes in the same group are churning in unison –And now the average instantaneous poisoning is lower

Tyson CondieNDSS Routing State Precomputation Determine next routing state before churn point –Moves the cost of churn to when it doesnt matter Switch to new routing state at churn point –Much faster than rejoining anew because weve done our homework Nodes provided with current and next epoch nonces

Tyson CondieNDSS Implementation Maelstrom –A practical implementation of our defenses –Secure extension to the Bamboo DHT written in Java Bamboo DHT –A highly optimized distributed hash table (DHT) implementation –Built to withstand churn –Runs OpenDHT, a publicly accessible DHT service Randomness server –Periodically issues a signed random nonce

Tyson CondieNDSS Average Poisoning for a Single Churn Group

Tyson CondieNDSS Overall Average Poisoning and Successful Lookup Probability Bamboo: 68% 8 min: 7% 16 min: 9% 32 min: 12% Maelstrom:.67 Bamboo:.25 Maelstrom:.99 Bamboo:.35

Tyson CondieNDSS Performance

Tyson CondieNDSS The Good, The Bad, The Ugly Routing-table poisoning now controllable Benefit of routing optimizations diminished –Controlled trade-off Not appropriate for state-intensive applications –Large-state systems must migrate data upon churn so induced churn really hurts them Poisoning resistance Performance Optimized Constrained Maelstrom

Tyson CondieNDSS Related Work Sybil attacks –Used Certification Authority distributed rate-limited identifiers –This does not mitigate routing table poisoning attacks Build failure detectors to indicate when something is amiss –Constrained RT for secure routing and an Optimized RT for normal routing –Can use in/out-degree as an indicator to routing table poisoning Awerbuch and Scheideler have proven some of our intuition –The need for finite identity lifetimes and for changing identities M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach. Secure Routing for Structured Peer-to-Peer Overlay Networks. In OSDI, Dec A. Singh, M. Castro, P. Druschel, and A. Rowstron. Defending against Eclipse attacks on overlay networks. In 11th ACM SIGOPS European Workshop, Sept B. Awerbuch and C. Scheideler. Group Spreading: A protocol for provably secure distributed name service. In ICALP,July 2004.

Tyson CondieNDSS Thank You!

Tyson CondieNDSS Maelstrom Results