Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays Håvard Johansen University of Tromsø Norway André Allavena Robbert van Renesse University.

Published byHarley Collie Modified over 9 years ago

Similar presentations

Presentation on theme: "Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays Håvard Johansen University of Tromsø Norway André Allavena Robbert van Renesse University."— Presentation transcript:

1 Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays Håvard Johansen University of Tromsø Norway André Allavena Robbert van Renesse University of Waterloo Cornell University Canada USA

2 Overlay networks are easy targets Adds important Internet functionality –Routing, search, Skype, etc. Deployed on untrusted hosts –Malicious behavior is likely Fireflies provides scalable intrusion-tolerant group membership that supports robust overlay networks Malicious members cannot –Keep correct members out –Keep failed members in

3 Fireflies: a group membership protocol Gossip –Disseminates membership events Membership –Accuse members suspected of being failed –Rebut false accusations Failure detection (monitoring) –Adaptive pinging –Can make mistakes Failure Detection Gossip Membership other members

4 Problem: false accusations A false accusation does not imply that the accuser is Byzantine How to prevent Byzantine members from overloading the system with false accusations?

5 Assigning monitors 6 members: CA assigns identifiers 3 identifier spaces (rings) 1 23

6 Assigning monitors 1 23 6 members: CA assigns identifiers 3 identifier spaces (rings) s-hash ( | #), # = 1, 2, 3

7 Assigning monitors 1 23 6 members: CA assigns identifiers 3 identifier spaces (rings) s-hash ( | #), # = 1, 2, 3

8 Assigning monitors 1 23 6 members: CA assigns identifiers 3 identifier spaces (rings) 3 pseudo-random permutations of the members

9 Assigning monitors 1 23 Monitor successors: monitors Monitored by predecessors: monitored by

10 Disabling predecessors 1 23 Prevents predecessor from accusing a member on a specific ring disables predecessor on ring 1 as part of rebutting a false accusation X

11 How many rings? Use 2t + 1 rings Choose t so that there are no more than t Byzantine predecessors for any member members disable t predecessors of their choice t + 1 predecessors remains enabled  at least 1 correct enabled predecessor … 2t + 1 rings 12342t+1

12 Calculating t P byz : bounded probability that a member is Byzantine min t:  > binominal.cdf( t; 2t+1; 1 - P byz )  = O( 1 / # members )

13 PlanetLab evaluation setup Configuration –t = 12 (25 monitoring rings) –Gossip rate = 1 gossip / 3.5 seconds Byzantine members: –aggressive attacks: accuse at any opportunity do not forward rebuttals –passive attacks: never accuse do not forward accusations

14 Protocol overhead on PlanetLab # members Byzantine: 20% (10% aggressive + 10% passive) bytes/sec

15 Applications Intrusion-Tolerant video streaming –Gossip mesh ideal for multicast dissemination –Based on Chainsaw randomized flooding protocol Intrusion-Tolerant software mirroring tool –Replicate GNU/Linux Debian APT repositories –Time critical patches

16 Conclusions Fireflies: a group membership protocol –Intrusion-tolerant –Scalable –Probabilistic guarantees Available on SourceForge: http://sf.net/projects/fireflies/

Download ppt "Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays Håvard Johansen University of Tromsø Norway André Allavena Robbert van Renesse University."

Similar presentations

Ranveer Chandra Ramasubramanian Venugopalan Ken Birman

Ranveer Chandra Ramasubramanian Venugopalan Ken Birman
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Alex Cheung and Hans-Arno Jacobsen August, 14 th 2009 MIDDLEWARE SYSTEMS RESEARCH GROUP.

Alex Cheung and Hans-Arno Jacobsen August, 14 th 2009 MIDDLEWARE SYSTEMS RESEARCH GROUP.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Cognitive Publish/Subscribe for Heterogeneous Clouds Šarūnas Girdzijauskas, Swedish Institute of Computer Science (SICS) Joint work with:

Cognitive Publish/Subscribe for Heterogeneous Clouds Šarūnas Girdzijauskas, Swedish Institute of Computer Science (SICS) Joint work with:
CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.

CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.
Chord: A Scalable Peer-to- Peer Lookup Service for Internet Applications Ion StoicaRobert Morris David Liben-NowellDavid R. Karger M. Frans KaashoekFrank.

Chord: A Scalable Peer-to- Peer Lookup Service for Internet Applications Ion StoicaRobert Morris David Liben-NowellDavid R. Karger M. Frans KaashoekFrank.
EL9331 Meridian: A Lightweight Network Location Service without Virtual Coordinates Bernard Wong, Aleksandrs Slivkins, Emin Gun Sirer SIGCOMM’05 ( Slides.

EL9331 Meridian: A Lightweight Network Location Service without Virtual Coordinates Bernard Wong, Aleksandrs Slivkins, Emin Gun Sirer SIGCOMM’05 ( Slides.
SplitStream: High- Bandwidth Multicast in Cooperative Environments Monica Tudora.

SplitStream: High- Bandwidth Multicast in Cooperative Environments Monica Tudora.
Ýmir Vigfússon IBM Research Haifa Labs Ken Birman Cornell University Qi Huang Cornell University Deepak Nataraj Cornell University.

Ýmir Vigfússon IBM Research Haifa Labs Ken Birman Cornell University Qi Huang Cornell University Deepak Nataraj Cornell University.
Failure Detectors CS 717 Ashish Motivala Dec 6 th 2001.

Failure Detectors CS 717 Ashish Motivala Dec 6 th 2001.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
ZIGZAG A Peer-to-Peer Architecture for Media Streaming By Duc A. Tran, Kien A. Hua and Tai T. Do Appear on “Journal On Selected Areas in Communications,

ZIGZAG A Peer-to-Peer Architecture for Media Streaming By Duc A. Tran, Kien A. Hua and Tai T. Do Appear on “Journal On Selected Areas in Communications,
SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.

SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Informed Detour Selection Helps Reliability Boulat A. Bash.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Informed Detour Selection Helps Reliability Boulat A. Bash.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
CoolStreaming/DONet: A Data- driven Overlay Network for Peer- to-Peer Live Media Streaming INFOCOM 2005 Xinyan Zhang, Jiangchuan Liu, Bo Li, and Tak- Shing.

CoolStreaming/DONet: A Data- driven Overlay Network for Peer- to-Peer Live Media Streaming INFOCOM 2005 Xinyan Zhang, Jiangchuan Liu, Bo Li, and Tak- Shing.

Similar presentations

Ads by Google