1 / 22

Peer-to-Peer Systems

Peer-to-Peer Systems. Security Issues. Kulesh Shanmugasundaram. SYN. SYN P2P Basics Attack Classification Attacks and Defenses Further Research FIN. P2P Basics. All nodes are created equal, not really! Network classification based on network connectivity

gautam
Télécharger la présentation

Peer-to-Peer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Peer-to-Peer Systems Security Issues Kulesh Shanmugasundaram

  2. SYN • SYN • P2P Basics • Attack Classification • Attacks and Defenses • Further Research • FIN

  3. P2P Basics • All nodes are created equal, not really! • Network classification based on network connectivity • Exponential Networks:Homogenous network, [average] node connectivity is equally distributed • Scale-free networks:Follows power-law for connectivity, that is there are some highly connected nodes and many not to highly connected nodes • Current P2P systems are scale-free networks

  4. Network Maps • Partial map of Gnutella Network • Note the hierarchical structure of the network

  5. Network Maps… • Gnutella Neighborhood Map

  6. Failure vs. Attack [1] • Failure: • Random failure of nodes and/or infrastructure elements • Attack: • Systematic failure of nodes and/or infrastructure elements • Scale-free networks are failure-tolerance • Exponential networks are attack-tolerance • Why? • Most P2P systems give priority for failure-tolerance over attack-tolerance

  7. Possible Targets • Underlying protocol layers • P2P routing mechanism • Nodes themselves • Trust system • Homeostasis (of the system) • Applications • Users

  8. Attack Classification • Infrastructure Attacks: • Attacks aimed at disabling p2p systeme.g: eliminating nodes, attacks on routing protocols • Semantic Attacks: • Attacks aimed at p2p system but not to disable the system but to make users abandon the systeme.g: bad content, asymmetric consumption • Both attacks are equally effective because p2p is a “peoples’ system”

  9. Attacks & Defenses • Attack detection & recovery involves… • Identifying Invariants in the System • Monitoring the Invariants • Detecting/Ascertain Attacks • Triggering Recovery Procedure • Infrastructure Attacks • Attacks on nodes • Attacks on routing mechanism • Semantic Attacks • Storage & Retrieval Attacks • Flooding • Face/Off

  10. Attacks on Nodes [2] • Goal of the adversary is to fragment the network • Since p2p networks follow power-law an adversary can selectively knock down highly connected nodes • Interesting questions? • How to find highly connected nodes? • Queries can provide some intelligence… • How would one fragment a network while always being part of the largest cluster? • Lower bound on malicious nodes?

  11. Attacks on Nodes… • Detection Mechanism • During an attack a node would loose many 2nd order nodes than 1st order nodes. • For a fixed window of time if number of 2nd order nodes drops below a threshold then flag it as an attack • Recovery Mechanism • Attack is possible because p2p networks are scale-free networks • Maintain an overlay exponential network network and switch to it during attacks

  12. Attacks on Nodes… • So, how would one build an exponential network from a scale-free network? • Use an RDP (Random Discovery Protocol) • Send out an RDP with TTL 20. Why 20? • For first half of TTL choose nodes with probability scaling linearly to number of neighbors • For the second half choose the opposite strategy • Collect enough random nodes to create an exponential network • During an attack replace each lost node with a node from the exponential network • Resulting network is resilient to attacks but…

  13. Attacks on Routing [3] • P2P routing mechanism in general… • A key identifier space • A node identifier space • Rules for associating keys to particular nodes • Per-node routing tables that refer to other nodes • Rules for updating the tables as nodes join and leave • Routing Attacks • Incorrect Lookup Routing • Incorrect Routing Updates • Partitioning

  14. Incorrect Lookup Routing • Malicious node forwards lookups to incorrect or non-existence node • Detection Mechanism: At each hop lookup is suppose to get “closer” to the key identifier • For the detection to work, querier must be allowed to observe lookup progress • Criteria for verifiable lookup • Querier should ensure that the destination itself agrees that it is the correct termination point • Assign keys to nodes in a verifiable way • Long term identities using public-keys

  15. Incorrect Routing Update • A malicious node could corrupt the routing table with incorrect updates to neighbors • Systems that have the freedom to choose between multiple routes are especially vulnerable • Detection Mechanism: Verifiable routing updates e.g. Pastry’s update prefix requirements

  16. Partitioning • Set of malicious nodes form a parallel network and trap new nodes inside them rendering the network useless for new nodes • Detection Mechanism: Incorrect functioning of the network/queries etc. • Criteria for reliable join: • Use history of queries and verify the current network’s results with random queries • Out-of-band trusted source • Use of public-key for trust systems

  17. Semantic Attacks • Goal is not to knock down the entire system but to make the system look inefficient or faulty to the user and convince them to abandon the system (probably what RIAA will do) • E.g. For all the queries to MP3 return false data but queries for text files return proper results • Semantic Attacks • Storage and Retrieval Attacks • Flooding • Face/Off

  18. Storage & Retrieval • Storage and Retrieval Attacks • Disinformation about storage • Deny access to stored data (natural on p2p) • Return incorrect data (overpeering inc.) • Detection Mechanism: Wrong results, denial of service etc. • Criteria for Reliable Storage & Retrieval: • Maintain replication invariant • Avoid single point responsibilities • Verification queries from different sources

  19. Miscellaneous Attacks • Face/Off • Just like the movie… • Show good face to part of the network and the other face to rest • Flooding/DoS • As usual • Replication may provide certain level of defense • Rapid Joins & Leaves • Unsolicited Messages

  20. P2P Design Principles • Define verifiable system invariants • Verify system invariants during opetion • Allow the querier to observe lookup progress • Assigns keys to nodes in a verifiable way • Server selection in routing may be abused • Cross-check routing tables using random queries • Avoid single points of responsibilities

  21. References… • Error and Attack Tolerance of Complex Networks, Reka Albert, Hawoong Jeong et. al. • Peer Pressure: Distributed Recovery from Attacks in Peer-to-Peer Systems, Pedram Keyani, Brian Larson et. al. • Security Considerations for Peer-to-Peer Distributed Hash Tables, Emil Sit, Robert Morris • The Sybil Attack, John R. Douceur

  22. FIN Questions, comments, concerns?

More Related