1. 1 Security and Trust in P2P systems

2. 2 Trust and Security Peer-to-Peer systems require different entities to decide how to interact or whether to interact with others  Security decisions I need to know whether I can “trust” another entity within this system Should I trust “Alice” because my friend, Bob, trusts her?

3. 3 Trust and Security The “perfect” P2P system  A system with perfectly flat hierarchy, and with each entity allowing other entities to use local resources How can we provide security without a centralized entity?  Infrastructure  The model of interaction between entities!

4. 4 What is trust When thinking about security in a system, various entities need to “trust” others to varying degrees  We say “trusted hardware”, or “trust administrators So… what is trust  Trust is a bet about the future contingent actions of others

5. 5 Malicious node A malicious node might give erroneous responses to a request  Application level Returning false data  Network level Returning false routes May work together, acting in concert, to attack the remainder of the nodes

6. 6 Outline Identification Routing table risk  Victim Data  Victim Peer Content verification Punishment

7. 7 Identification Identity  Undesirable to know the identity of other entities Privacy Anonymity However,  If you wish to trust entity A, you need to be able to identify it

8. 8 Identification Public key infrastructures (PKI)  Should be run with somebody!  For a PKI to work in this sort of situation, you need to have a trusted third party Recommendation systems  Chains of trust Transitive trust  Trust should be granted directly.

9. 9 Identification  When trust must be transitive, it creates brittleness  In most P2P system, transitive trust is a key component  How to measure “reputation” Roles Time related

10. 10 Secure Routing in p2p systems Security routing primitive ensures that when a non-faulty nodes sends a message to a key k, the message reaches all non-faulty members in the set of replica roots R k with very high probability Security routing guarantees that a replicas are initially placed on legitimate replica roots, and that a lookup message reaches a replica if one exists

11. 11 Three problems Securely assigning nodeIds to nodes  Ensure attackers cannot choose the value of nodeIDs Securely maintaining the routing tables  Ensure that the fraction of faulty nodes that appear in the routing tables of correct nodes does not exceed the fraction of faulty nodes in the entire overlay Securely forwarding messages  Ensure that at least one copy of a message sent to a key reaches each correct replica root for the key with high probability

12. 12 System model N nodes f (0<f<1) : fraction of faulty nodes  Faulty nodes can behave arbitrarily and they may not all necessarily be operating as a single conspiracy The set of faulty nodes is partitioned into independent coalitions, which are disjoint sets with size bounded by cN  (1/N<= c <= f)  Consider the case: c < f

13. 13 Secure nodeId assignment A node might choose its identifier maliciously  Allocate itself a collection of nodeIds closer to that document’s key than any existing nodes in the system Censor a specific document  Choose nodeIds to maximize its chances of appearing in a victim node’s routing tables

14. 14 Secure nodeId assignment Centralized authority  The server is only consulted when new nodes join and is otherwise uninvolved in the actions of the p2p system Sybil attacks  Coalition nodes might try to get a large number of nodeIds Even if those nodeIds are random, a large enough collection of them would still give the attackers disproportionate control over the network  Moderate the rate at which nodeIds are given out Charging money? By solving little problem?

15. 15 Admission control system (ACS) Property  Security Provide resiliency against attacks that work by creating shadow nodes  Efficiency Should be simple and does not require a lot of overhead on participating nodes  Fairness Nodes should do an equal amount of work to join the network  Response to attack Make the attack more difficult while not affecting other legitimate nodes  Scalability  Verifiability Allow any node in the system to verify that it is communicating with a node that was legitimately admitted to the network

16. 16 It is important that the upper layer nodes are both static and trustworthy A must gain admission from a sequence of nodes, starting with leaf node B and ending with root X At each stage, A is required to solve a puzzle presented by B Decentralized, multi-puzzle scheme

17. 17 Join protocol  Get token A wishes to join the network, it must first discover a leaf node B To gain admission from B by solving B’s puzzle After solving the puzzle, it is given a token and is used to prove to B’s parent admission by B At each stage, A is given a token to be used as proof of previous puzzle solution. When reach the root, a final token format is issued by X A’s signature

18. 18  Connect to the network A must prove to its prospective neighbors that it has been admitted by the root node X Signature verification is cost The neighboring nodes each require A to solve one more puzzle challenges protect neighbors from a DoS attack

19. 19 Node Upgrade  A must prove its stability before inclusion in the ACS  Initially, A joins the ACS as a leaf node, and evaluated by its parent node  To maintain a balanced tree A node only upgrades nodes when its number of children has reached the degree of the tree  When it is sufficiently deep to support the join load and achieve the proper security guarantees, no node will be added in the ACS

20. 20 Node departure  Not a member of ACS  A member of ACS Leave gracefully The oldest child is chosen to replace the departing node Due to a failure Children must rejoin the network by  Contact its grandparent  Or, find another node in the ACS

21. 21 Security  The ACS is designed to limit Sybil attacks, not to prevent them!  Attacker is a member of ACS Easily detected by the parent of the attacker by observing the rate of the token requests  Attacker is not a member of ACS Control a significant fraction of nodes Attack is limited by ensuring only a small number of tokens are released during a period of time

22. 22 How about patient attackers? If an attacker is patient enough, it can achieve the required number of IDs to launch a massive attack Cut-off window  Define a token expiration time, W  How to determine the value of W Limit the number of good users that must execute the rejoin process to a small percentage

23. 23 Analysis Models  Legitimate nodes arrive according to a Poisson distribution with an arrival rate of g  Life time is exponentially distributed with mean of  g  Assume an attacker is equal in computational power to the average user  l: Joining difficulty (measured in maximum time)

24. 24 Analysis Puzzles and fairness  The distribution of the time to solve the puzzle is uniform  Single puzzle of average time l / 2  n puzzles of difficulty l/2n  Example 5 mins to solve with a maximum standard deviation of 30 seconds 9 puzzles and each takes max 33.3 seconds.

25. 25 Analysis Steady state  The number of nodes in the network, N N= g *  g  To control fraction f of nodes, an attacker will be required to obtain (f*N)/(1-f) IDs  Assume there are n attackers Arrival rate of attacker nodes will be a = 2*n / l The time to launch a successful attack

26. 26 Analysis Example  If λ g = 1 node/sec, and µ g = 2.3 hours, the steady state number of nodes is 8280  For the attacker to control 10% of the total nodes in the network it is required to obtain 920 IDs  If the joining process takes on average 5 minutes, a successful attack would take 76 hours which is more than 3 days.

27. 27 Analysis Cut-off windows (legitimate nodes)  P : the percentage of legitimate nodes that will be required to reacquire fresh tokens

28. 28 Analysis Example  If µ g = 2.3 hours and W = 4 hours,  The percentage of Legitimate nodes that will be cut off the network and asked to rejoin is 17.5%.

29. 29 Analysis Cut-off window (attackers)  The combined number of nodes of n attackers can accumulate is 2*n*W / l  Example If the maximum join time is 10 minutes and W = 4 hours The maximum number of nodes an attacker can accumulate is 48 nodes

30. 30 Robust routing primitives If an attacker controls a fraction f of the nodes in the p2p network, we would expect that each entry in every routing table would have a probability of f of pointing to a malicious node. If a desired route consumes h hops  The probability being free of malicious nodes is (1-f) h  How about Chord with 2 m nodes?`

31. 31 Robust routing primitives  Locality-based attacks The adversary could take advantage of its locality to a given victim node to get more entries in that node’s routing table Increase its odds of controlling any given route that uses the victim node Attempt multiple, redundant routes from the source to the destination  Costly  How to determine “Not found”

32. 32 Content verification Adversary may spoof the results Verification can be done if we have verification codes Solve by Google’s PageRank technology  Pages that are linked from “popular” pages are themselves more popular  How to add such a notion of popularity into a p2p system

33. 33 Punishment Remove malicious nodes when they are detected Can we have a global view, who can punish the misbehave nodes? Unstructured p2p  Do it by yourself Structured p2p  Should convince other nodes  Or by yourself!

34. 34

35. 35 Conclusions and Discussions What we learn  Topologies Centralized p2p system Search cost is bounded Single point of failure Decentralized p2p system Unstructured p2p system  Flexible  Unbounded search Structured p2p system  Scalibility, bounded search  Only support keyword query Super peer architecture

36. 36 Conclusions and Discussions  Search Constraint of hash Dimension reduction and Document retrieval Absolute angle Rolling index Locality preserving hashing idistance  Application BT For efficiency downloading Tit for tat Skype Super peer architecture  Security Identification Secure nodeId assignment and routing

37. 37 Conclusions and Discussions A better topologies?  Robustness  Scalibility  Flexible  Bounded search  Fairness  Etc.

38. 38 Conclusions and Discussions Support general query?  The constraint of hash  Similarity search  Range query  Content-based retrieval Trust without a third party?  nodeId assignment  Routing table management  Content management How to decide the score?