1 / 46

Denial-of-Service Resilience in P2P File Sharing Systems

Denial-of-Service Resilience in P2P File Sharing Systems. Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley) Willy Zwaenepoel (EPFL). The Myth. P2P systems are very robust! They are very tolerant of random failures

louis
Télécharger la présentation

Denial-of-Service Resilience in P2P File Sharing Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley) Willy Zwaenepoel (EPFL)

  2. The Myth • P2P systems are very robust! • They are very tolerant of random failures • They are tolerant of node churn

  3. Our Findings • P2P file sharing systems are very vulnerable in the face of coordinated attack • However, resources required to mount a successful attack are large

  4. DoS Attacks • Goals of DoS • Prevent successful downloads • i.e. reduce goodput to near zero • Two classes considered • File targeted • Already in use! • Affects any P2P network, including Bittorrent • We developed Network targeted attack • Targets P2P networks using flooding search

  5. Outline • Methodology • File Attack • Network Attack • Defenses Against Network Attack • Conclusions

  6. Methodology • Analytical modeling • Discrete-time • Simulation • Discrete Event simulation • Gnutella simulator • Structella simulator • Metrics • Percent of good files in the system • P(good reply), i.e. % of replies not tampered with • Goodput

  7. User Model • Two phase user-system interaction • Query • User sends query for particular file • Responses are received and stored • User waits for a certain amount of time • Download • One or more responses are selected based on policy • Downloads are initiated • Closed loop

  8. Outline • Methodology • File Attacks • Network Attacks • Defenses Against Network Attacks • Conclusions

  9. File-targeted Attacks • Attacker offers fake content, for a specific file • Content must have a valid checksum & header • Detection of fake content must be “slow” • Attacker needs to “get in early” • Unwitting users offer false content and thus it spreads

  10. Interesting Questions • What is the impact on rate of spread of good files? • What is the impact of “freeloaders”? • What is the impact of the “user persistence” factor?

  11. Spreading Corruption Fraction of Nodes With File

  12. Persistence and Freeloading Fraction of Nodes With File Here it is!

  13. Cost of File-targeted Attack • Attacker needs to serve 10% of downloads of a file • Real cost could be significant • If files are very popular • If attacker wants to pollute many files • Cost is per file! • Can we do better? Can we take down the entire P2P network?

  14. Outline • Methodology • File Attacks • Network Attacks • Defenses Against Network Attacks • Conclusions

  15. Network-targeted Attacks • Objective is to serve fake content and waste system’s bandwidth • Compromises the search mechanism • Affects entire P2P network and all files • Intercept replies being routed to requesting peer • Replies already have correct filename and checksum • Modify replies to redirect downloader • “False Reply” attack redirects to attacker node which serves false content, with good checksum and header • Advertise fast downloads

  16. Goodput Under Attack

  17. Interesting Questions • What is the impact of network diameter? • What is the impact of “SuperNodes”? • What is the impact of graph topology? • What is the impact of “desired anonymity”? • What is the impact of the type of routing overlay?

  18. Path Length

  19. SuperNodes

  20. Power Law

  21. Overlay Network

  22. Overlay Network - Goodput

  23. Outline • Methodology • File Attacks • Network Attacks • Defenses Against Network Attacks • Conclusions

  24. Client Counter-Strategies • Clients can defend themselves? • Modify reply selection policy! • How well can they do given: • Redundant downloads? • Randomized selection? • Reputation systems?

  25. Randomization

  26. Redundancy

  27. Reputation System

  28. Cost of Network Attacks • Attacker only needs to compromise ~2.5% of supernodes in a network • Cost is still significant, but not unmanageable • If P2P system has 4 million nodes attacker needs ~10000 nodes • Attacker’s nodes can be “virtual” • Attacker nodes must be “well connected”

  29. Outline • Methodology • File Attacks • Network Attacks • Defenses Against Network Attacks • Conclusions

  30. Conclusions • P2P Systems are vulnerable! • File attacks work! • Network Attack is devastating, but considerable resources are required • Structured overlay helps, somewhat • Reputation systems do little to alleviate the situation • User behavior is a major influence • Users may trade off between goodput without attack and attack effectiveness

  31. Thank You!

  32. Extra slides…

  33. Relationship • Depends on client selection strategy • “Best” select • Random select • Redundant select

  34. Relationship

  35. Freeloaders

  36. A Gnutella search mechanism • Steps: • Node 2 initiates search for file A 7 1 4 2 6 3 5

  37. A A A Gnutella search mechanism • Steps: • Node 2 initiates search for file A • Sends message to all neighbors 7 1 4 2 6 3 5

  38. A A A A Gnutella search mechanism • Steps: • Node 2 initiates search for file A • Sends message to all neighbors • Neighbors forward message 7 1 4 2 6 3 5

  39. A A A A:5 A:7 Gnutella search mechanism • Steps: • Node 2 initiates search for file A • Sends message to all neighbors • Neighbors forward message • Nodes that have file A initiate a reply message 7 1 4 2 6 3 5

  40. A A A:5 A:7 Gnutella search mechanism • Steps: • Node 2 initiates search for file A • Sends message to all neighbors • Neighbors forward message • Nodes that have file A initiate a reply message • Query reply message is back-propagated 7 1 4 2 6 3 5

  41. A:5 A:7 Gnutella search mechanism • Steps: • Node 2 initiates search for file A • Sends message to all neighbors • Neighbors forward message • Nodes that have file A initiate a reply message • Query reply message is back-propagated 7 1 4 2 6 3 5

  42. Gnutella search mechanism • Steps: • Node 2 initiates search for file A • Sends message to all neighbors • Neighbors forward message • Nodes that have file A initiate a reply message • Query reply message is back-propagated • File download directly download A 7 1 4 2 6 3 5

  43. Redundancy

  44. What are P2P systems? • Search • Centralized • Napster • Distributed • Gnutella, Kazaa, Overnet, etc. • Bittorrent • Download • Single source • Multiple source • Bittorrent

  45. Conclusions • Attack depends on freeloading being common • Attack depends on users giving up, not being very persistent • If all good users are cooperative, i.e. share files, attack does not scale • Bittorrent is susceptible • It is already happening!

  46. “Slow Node” attack redirects to “very slow”node which has the file

More Related