20090304 Hongil Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High.

Slides:

Advertisements

Similar presentations

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Advertisements

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

1 1 Chord: A scalable Peer-to-peer Lookup Service for Internet Applications Dariotaki Roula

Xiaowei Yang CompSci 356: Computer Network Architectures Lecture 22: Overlay Networks Xiaowei Yang

Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony L. T.

Application Layer Overlays IS250 Spring 2010 John Chuang.

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

X Non-Transitive Connectivity and DHTs Mike Freedman Karthik Lakshminarayanan Sean Rhea Ion Stoica WORLDS 2005.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.

Peer-to-Peer Intro Jani & Sami Peltotalo.

Object Naming & Content based Object Search 2/3/2003.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Topics in Reliable Distributed Systems Fall Dr. Idit Keidar.

1 CS 194: Distributed Systems Distributed Hash Tables Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer.

Wide-area cooperative storage with CFS

Improving Data Access in P2P Systems Karl Aberer and Magdalena Punceva Swiss Federal Institute of Technology Manfred Hauswirth and Roman Schmidt Technical.

Peer-to-Peer Networks Slides largely adopted from Ion Stoica’s lecture at UCB.

File Sharing : Hash/Lookup Yossi Shasho (HW in last slide) Based on Chord: A Scalable Peer-to-peer Lookup Service for Internet ApplicationsChord: A Scalable.

Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Introduction to Peer-to-Peer Networks. What is a P2P network Uses the vast resource of the machines at the edge of the Internet to build a network that.

Peer-to-Peer Computing CS587x Lecture Department of Computer Science Iowa State University.

Peer-to-Peer Overlay Networks. Outline Overview of P2P overlay networks Applications of overlay networks Classification of overlay networks – Structured.

Security Considerations for Structured p2p Peng Wang 6/04/2003.

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.

Introduction of P2P systems

Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.

Jonathan Walpole CSE515 - Distributed Computing Systems 1 Teaching Assistant for CSE515 Rahul Dubey.

 A P2P IRC Network Built on Top of the Kademlia Distributed Hash Table.

Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Xiaozhou Li COS 461: Computer Networks (precept 04/06/12) Princeton University.

1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)

Network Computing Laboratory Scalable File Sharing System Using Distributed Hash Table Idea Proposal April 14, 2005 Presentation by Jaesun Han.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

An Improved Kademlia Protocol In a VoIP System Xiao Wu ， Cuiyun Fu and Huiyou Chang Department of Computer Science, Zhongshan University, Guangzhou, China.

Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.

SIGCOMM 2001 Lecture slides by Dr. Yingwu Zhu Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.

Kaleidoscope – Adding Colors to Kademlia Gil Einziger, Roy Friedman, Eyal Kibbar Computer Science, Technion 1.

1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.

Scalable Content- Addressable Networks Prepared by Kuhan Paramsothy March 5, 2007.

Peer to Peer A Survey and comparison of peer-to-peer overlay network schemes And so on… Chulhyun Park

1 JTE HPC/FS Pastis: a peer-to-peer file system for persistant large-scale storage Jean-Michel Busca Fabio Picconi Pierre Sens LIP6, Université Paris 6.

Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity.

BY: REBECCA NAVARRE & MICHAEL BAKER II Persea: Making Networks More Secure Since Early 2013.

1. Efficient Peer-to-Peer Lookup Based on a Distributed Trie 2. Complex Queries in DHT-based Peer-to-Peer Networks Lintao Liu 5/21/2002.

Peer to Peer Network Design Discovery and Routing algorithms

Sybil attacks as a mitigation strategy against the Storm botnet Authors:Carlton R. Davis, Jos´e M. Fernandez, Stephen Neville†, John McHugh Presenter:

Kademlia: A Peer-to-peer Information System Based on the XOR Metric.

Algorithms and Techniques in Structured Scalable Peer-to-Peer Networks

LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.

INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.

P2P Search COP6731 Advanced Database Systems. P2P Computing  Powerful personal computer Share computing resources P2P Computing  Advantages: Shared.

P2P Search COP P2P Search Techniques Centralized P2P systems  e.g. Napster, Decentralized & unstructured P2P systems  e.g. Gnutella.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

P2P Networking: Freenet Adriane Lau November 9, 2004 MIE456F.

CS694 - DHT1 Distributed Hash Table Systems Hui Zhang University of Southern California.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

CS 425 / ECE 428 Distributed Systems Fall 2015 Indranil Gupta (Indy) Peer-to-peer Systems All slides © IG.

CS Spring 2010 CS 414 – Multimedia Systems Design Lecture 24 – Introduction to Peer-to-Peer (P2P) Systems Klara Nahrstedt (presented by Long Vu)

Peer-to-Peer Data Management

CHAPTER 3 Architectures for Distributed Systems

EE 122: Peer-to-Peer (P2P) Networks

KAIST SysSec Lab Minjung Kim

Consistent Hashing and Distributed Hash Table

Kademlia: A Peer-to-peer Information System Based on the XOR Metric

Attacking the Kad Network

Presentation transcript:

Hongil Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN -", Wiley Security and Communication Networks 2009Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN - 1

 File Sharing : Napster, Gnutella, BitTorrent, etc  Recent Commercial Applications  Skype  BitTorrent becomes legit  P2P TV by Yahoo Japan  Research community  P2P File and archival systems: Ivy, Kosha, Oceanstore, CFS  Web caching: Squirrel, Coral  Multicast systems: SCRIBE  P2P DNS: CoDNS and CoDoNS  Internet routing: RON  Next generation Internet Architecture: I3 2

 How to find the desired information?  Centralized structured: Napster  Decentralized unstructured: Gnutella  Decentralized structured: Distributed Hash Table ▪ Content Addressable!  A DHT provides a hash table’s simple put/get interface  Insert a data object, i.e., key-value pair (k,v)  Retrieve the value v using key k Napster BAX … Napster.com P P: a node looking for a file O: offerer of the file Query QueryHit Download O Match O retrieve (K 1 ) K V 3

 Every node has a unique ID: nodeID  Every object has a unique ID: key  Keys and nodeIDs are logically arranged on a ring (ID space)  A data object is stored at its root(key) and several replica roots  Closest nodeID to the key (or successor of k)  Range: the set of keys that a node is responsible for  Routing table size: O(log(N))  Routing delay: O(log(N)) hops  Content addressable! 4 C B R Q D Y X A k (k,v)

 Kad  A peer-to-peer DHT based on Kademlia  Kad Network  Overnet: an overlay built on top of eDonkey clients ▪Used by P2P Bots  Overlay built using eD2K series clients ▪eMule, aMule, MLDonkey ▪Over 1 million nodes, many more firewalled users  BT series clients ▪Overlay on Azureus ▪Overlay on Mainline and BitComet 5

 d(X, Y) = X XOR Y  An entry in k-bucket shares at least k-bit prefix with the nodeID  k=20 in overnet  Add new contact if  k-bucket is not full  Parallel, iterative, prefix-matching routing  Replica roots: k closest nodes … K bucket … … Find/store 6

 No restriction on nodeID  Replica root: |r, k| <   K buckets with index [0,4] can be split if new contact is added to full bucket  Wide routing table  short routing path  K bucket in i-th level covers 1/2 i ID space  A knows new node by asking or contact from other nodes  Hello_req is used for liveness  routing request can be used

 No admission control, no verifiable binding  An attacker can launch a Sybil attack by generating an arbitrary number of IDs  Eclipse Attack  Stay long enough: Kad prefers long-lived contact  (ID, IP) update: Kad client will update IP for a given ID without any verification  Termination condition  Query terminates when A receives 300 matches.  Timeout  When M returns many contacts close to K, A contacts only those nodes and timeouts. 8

 Preparation phase  Backpointer Hijacking: 8 A, attacker M ▪ Learns A’s Routing Table by sending appropriate queries ▪ Then, change routing table by sending the following message.  Execution phase  Provide many non-existing contacts ▪ Fact: Query will timeout after trying 25 contacts. MA 0xD00DIP B IP M Hello, B, IP M 9

10

 Assumption  Total 1M nodes  800 routing table entries  100 Mbps network link  Preparation cost  41.2GB bandwidth to hijack 30% of routing table  Takes 55 minutes with 100 Mbps link  Query prevention  100 Mbps link is sufficient to stop 65% of WHOLE query messages. 11

 11,303 ~ 16,105 Kad nodes running on ~500 PlanetLab machines ^Comparison between expected and measured  keyword query failures  Number of messages used to attack one node  Bandwidth usage 12

 Fill node A’s routing table with A itself. A C G … G C A C G … G C Attack IP C IP G ^≈ 100% queries failed after attack ^Nodes can recover slowly ^Second round of attack Hello, X, IP A 13

 Identity authentication  Routing correctness  Independent parallel routes ▪ Incrementally deployable 14 MethodSecurePersistent IDIncremental deployable Verify the liveness of old IPNoYes Drop Hello with new IPYesNoYes ID=hash(IP)YesNo ID=hash(Public Key)Yes No backpointersCurrent methodIndependent parallel routes 40%98% fail45% fail 10%59.5% fail1.7% fail

Thank you Any Questions?