1 / 28

MIS: Malicious Nodes Identification Scheme

MIS: Malicious Nodes Identification Scheme. Network-Coding-Based Peer-to-Peer Streaming. Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana. Department of Computer Science. University of Illinois at Urbana‐Champaign. IEEE INFOCOM 2010. Outlines. Introduction

ezekiel-whitley
Télécharger la présentation

MIS: Malicious Nodes Identification Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIS: Malicious Nodes Identification Scheme Network-Coding-Based Peer-to-Peer Streaming Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana Department of Computer Science University of Illinois at Urbana‐Champaign IEEE INFOCOM 2010

  2. Outlines • Introduction • MIS: Malicious Node Identification Scheme • Simulation Results • Conclusion

  3. Network Coding • New paradigm of routing:  – Packet mixing at intermediate nodes = f( ,       ,      ) A A Traditional routing : store-and-forward Network coding • Benefits:  – Maximum throughput, robustness to link failure, energy efficiency … • Applications: – Multicast/broadcast, wireless unicast, P2P streaming, P2P file distributing … 2

  4. Network Coding in P2P Streaming Networks 3 • Benefits of network  coding in P2P streaming: – – – – Higher playback quality Shorter buffering delays Minimal bandwidth Better resilience to peer  dynamics A D G Video stream S E B H … … F C Segment [b1, b2, … , bm] 3

  5. Pollution Attacks in Network Coding 4 • Malicious nodes inject corrupted blocks. A D G H Pollution rapidly  spreads over the  network! Video stream … S B E … C F Segment [b1, b2, … , bm] Failure to decode the  original blocks! 4

  6. The Pollution Attack Attacker joins an ongoing video channel Attacker advertises it has a large number of chunks When neighbors request chunks, attacker sends bogus chunks Receiver plays back bogus chunks Each receiver may further forward the polluted chunks P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007. 6

  7. Peer Peer request request Peer Polluter Peer Peer request Peer Peer 7

  8. Existing Defense Strategy: 5 • Checking corrupted blocks at the runtime – Too computationally costly for real‐time streaming A D G H Drop corrupted  blocks at the  runtime Video stream … S B E … C F Segment [b1, b2, … , bm] 5

  9. Pollution Defense Strategy Blacklist Traffic Encryption Chunk Signing Use PKI Every video source has public-private key pair Source uses private key to sign the chunks Receiver uses public key of source to verify integrity of chunk P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007. 9

  10. The Idea of MIS (Malicious Identification  Scheme) • Optimal online efficiency: – We don’t check corrupted blocks at the runtime  (before decoding). • Fundamental limit on pollution attacks:  – Instead, we identify malicious nodes whenever  pollution attacks take place. – We “permanently” remove the identified  malicious nodes from the overlay, so that the  system is free from pollution attacks in the  future. 6

  11. MIS (Malicious node Identification  Scheme) D H A M I E B L S‐server F G J C K 7

  12. MIS (Malicious node Identification  Scheme) • Infected nodes: I, J, K, M, L D H A M I E B L S‐server F G J C K 8

  13. MIS (Malicious node Identification  Scheme) • Detect the existence of pollution attacks based on  the content of decoded original blocks. Alert (with the sequence  number of the segment, a time stamp, the reporting node’s ID) D H A M I E B L S‐server F G J C K 9

  14. MIS (Malicious node Identification  Scheme) • S‐server generates a random checksum for the  polluted segment. • S‐server disseminates the checksum to the overlay. D H A M I E B L S‐server F J C Checksum G K 10

  15. MIS (Malicious node Identification  Scheme) • The checksum can help the infected node (K, or I) to  find out which neighbor (J, or F) has sent him a  corrupted block. D H A M I E B L S‐server F J C Checksum G K 11

  16. MIS (Malicious node Identification  Scheme) • The Infected node (K, or I) reports the discovered suspicious  neighbors (J, or F) to the M‐server, and forwards the  checksum to the reported suspicious neighbors (J, or F). D H M‐server A M I E B F is suspicious L S‐server F J F Suspicious  J C J is suspicious node list  (SNL) 12 G K

  17. MIS (Malicious node Identification  Scheme) • With the received checksum, an innocent suspicious node (J)  can find another suspicious node (F), but the malicious node  (F) cannot. D H M‐server A M I E B L S‐server F J F J C F is suspicious Suspicious  node list  (SNL) 13 G K

  18. MIS – Security Guarantees • Correctness • A malicious node cannot deny having sent a corrupted block or disparage any innocent node. • Guarantee • When a suspicious node is reported, an evidence is shown to the M-server to demonstrate that this reported node has indeed sent out a corrupted block. • Approaches • Public-key signature scheme • Let each node sign the block it sends out using a public-key signature scheme, and the signature associated with the block can be used as the evidence. • This approach requires applying public key signature on each transmitted block, introducing substantial computational delays due to the expensive signature generation and verification. • Non-repudiation transmission protocol

  19. Fig. 2: An example to illustrate network coding in P2P streaming. Each segment consists of m = 2 blocks, and each block has d = 3 codewords. Peer X receives two coded blocks e1,i, e2,i in Sifrom the S-server, and produces a new coded block e3,i for peer Y .

  20. Non-Repudiation Transmission Protocol X: the suspicious node Y: the reporting node λ=6 δ=3 Downstream neighbor Upstream neighbor e Verify evidence with γ2 , γ4, γ5

  21. Non-Repudiation Transmission Protocol • Table I lists the probabilities that a malicious party succeeds in our protocol under several sample parameter selections. • Prob X (or Prob Y) – the probability that a malicious X (or Y ) succeeds. The space overhead includes Φ(e) and Seq(e) (one byte for Seq(e)). 0 ≤ θ ≤λ- δ

  22. Evaluation • Simulation based on real PPLive overlays obtained in our previous work  [TOMCCAP’09] • The overlay contains 1600, or 4000 nodes • Malicious nodes are picked at random • Each segment consists of 32 blocks, and each block has 256 codewords in GF(256) • Time taken to identify malicious nodes is less than 6 seconds [TOMCCAP’09] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang “Understanding the Overlay Characteristics  of a Large‐scale Peer‐to‐Peer IPTV system”,  ACM TOMCCAP, 2009.

  23. Comparison • Online computational times: MIS (5‐10us),Null‐key (1‐2us),  MAC‐based (2ms), Homomorphic signatures or hashes (> 1s). • Per‐block communication overhead: MIS (22B), Homomorphic signatures or hashes (128‐256B), Null‐key and  MAC‐based (>256B). 17

  24. Conclusions • We propose a novel scheme (MIS) to limit network-coding pollution attacks by identifying malicious nodes. • MIS can fully satisfy the requirements of P2P live streaming systems. • MIS has high computational efficiency, small space overhead, and the capability of handling a large number of corrupted blocks and malicious nodes.

  25. References • [5] M. Krohn, M. Freeman, and D. Mazieres, “On-the-fly Verification of Rateless Erase Codes for Efficient Content Distribution”, in Proc. IEEE Symp. on Security and Privacy (Oakland), 2004. • [6] C. Gkantsidis, and P. R. Rodriguez, “Cooperative Security for Network Coding File Distribution”, in Proc. of IEEE INFOCOM, 2005. • [7] Q. Li, D.-M. Chiu, and J. C. S. Lui, “On the Practical and Security Issues of Batch Content Distribution Via Network Coding”, in Proc. of IEEE International Conference on Network Protocols (ICNP’06), 2006. • [9] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An Efficient Signature-based Scheme for Securing Network Coding against Pollution Attacks”, in Proc. IEEE INFOCOM, 2008. • [10] E. Kehdi, and B. Li, “Null Keys: Limiting Malicious Attacks Via Null Space Properties of Network Coding”, in Proc. of IEEE INFOCOM, 2009. • [11] Z. Yu, Y. Wei, B. Ramkumar, Y. Guan, “An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks”, IEEE INFOCOM, 2009. • [16] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang, “Understanding the Overlay Characteristics of a Large-scale Peer-to-Peer IPTV System”, ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP), 2009.

  26. Related Works • Homomorphic signatures or hashes [Krohn04, Gkantsidis05, Li06, Charles06, Yu08, Boneh09] • It’s computationally expensive to verify/generate the signature for each packet at each hop. • Null‐key based on the property of null space [Kehdi09] • Verification key needs to be repeatedly distributed. • MAC‐based scheme [Yu09] • Substantial communication overheads are introduced. • Error‐correction codes [Jaggi07, Kotter07] • Achievable throughput is determined by the power of the adversary • Combining homomorphic MAC and TESLA [Dong09] • It introduces authentication delay and is suspicious to DoS attacks.

More Related