1 / 43

Security Mechanisms for Distributed Computing Systems

2011/12/15. Security Mechanisms for Distributed Computing Systems. A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY. Chapter 1 I ntroduction. Distributed Computing System.

medea
Télécharger la présentation

Security Mechanisms for Distributed Computing Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2011/12/15 Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY

  2. Chapter 1 Introduction

  3. Distributed Computing System • Distributed computing systems (DCSs): A system where nodes cooperate with each other to finish certain goals • Example: volunteer computing system

  4. Task 1 Task 1 Task 2 Task 3 Task 4 Result 1 Result 2 Result 3 Result 4 Task 2 Task n Volunteer Computing System • Utilizes the idling computing resources on the network to finish computing intensive tasks host worker 2 worker 3 worker 4 worker 1 The structure of a typical volunteer computing system

  5. Classification of DCSs • Centralized DCSs: • Feature: • has some central servers to manage the system • easy to manage • Example: Volunteer computing system • Decentralized DCSs: • Features: • has no central server; all nodes take the same responsibility to maintain the system • High scalability • Example: Peer to peer system (Skype, bitTorrent)

  6. Security Problems in DCSs • In a DCS, malicious nodes may exist and will launch attacks against the system • Two representative attacks against DCSs • False result attack (for both centralized and decentralized DCSs) • Malicious nodes send incorrect data to other nodes deliberately to interrupt the system • Sybil attack (mainly in decentralized DCSs) • In decentralized DCSs, it is easy for malicious nodes to join the system • A large number of malicious nodes collude to break the system protocol • Malicious nodes are called Sybil nodes in this attack

  7. Research Objective • Address the critical security problems of DCSs • False result attack • Sybil attack • Approach • For false result attack: enable honest nodes to detect malicious nodes  honest nodes can expel malicious nodes out of the system • For Sybil attack: enable honest nodes to detect Sybil nodes  Honest nodes can expel Sybil nodes out of the system

  8. Dissertation Organization • Chapter 1 Introduction • Chapter 2 MSC: A False Result Resisting Algorithm • Chapter 3 SybilDetector: A Shortest Path and Attack Edge Detecting Based Sybil Detecting Algorithm • Chapter 4 RSSR: A Random Walk and Attack Edge Detecting Based Sybil Detecting Algorithm • Chapter 5 Conclusion The false result attack The Sybil attack

  9. Chapter 2 MSC: A False Result Resisting Algorithm

  10. Introduction • Computing model of DCSs • The system has a host node and multiple worker nodes • The host dispatches tasks to workers • Workers compute the received tasks and return answers to the host • Problem • Malicious workers may return incorrect answers to the host • Malicious workers can collude (cooperate to find the best strategy) to break the system protocol • Objective: enable the host to detect malicious workers

  11. Existing Solution • Quiz-Based Spot Checking • The host dispatches multiple tasks to each worker v • These tasks contains some special tasks called quizzes • The host checks the correctness of the answers of quizzes Node v is honest only if the answers of the quizzes return by v are correct • Problem: • A Quiz should satisfy: the correctness of the answer of a quiz should be easy to check • How to generate quizzes that satisfy this property is an open problem.

  12. Address the Problems of Existing Solutions • Quiz-Based Spot Checking • Dispatches a task set to each worker v • The task set contains some special tasks called quizzes • Checks the correctness of the answers of quizzes Use normal tasks as quizzes Let workers themselves to check the correctness of the quizzes

  13. Algorithm Outline The host • Dispatches a task set to each worker. • For each pair of two workers, v and u, the task sets of v and u have some tasks in common (checking tasks) • Increases the reliabilities of v and u if v and u return equal answers to their checking tasks (made a match). Use normal tasks as quizzes (checking tasks) Let workers themselves to check the correctness of the quizzes Malicious workers make more mismatches have lower reliabilities be detected

  14. Analysis • More practical than Quiz-based spot checking • No need to generate the quizzes • Effective: • Without collusion : Can detect all malicious workers • Under colluding: Can detect all malicious workers when malicious workers are less than half of the system

  15. Evaluation • Performance metric • average reliability of honest nodes • average reliability of malicious nodes • Questions to answers • How will the performance changes as the number malicious workers increases?

  16. Strategy of Workers • Honest worker • always return correct answer • Malicious non-conspirator • compute w% of the tasks it received • Malicious conspirator • Two conspirators can find and compute their common checking tasks

  17. Change of Performance as the Number of Malicious Workers Increases • Pf: Percentage of malicious workers in the system • Number of malicious workers is small  honest workers have highest reliabilities. • Number of malicious worker is large  conspirators have the highest reliabilities. •  Under collusion: MSC can detect malicious nodes when # of malicious nodes is small (50% of the system)

  18. Conclusion • Objective: design an algorithm to detect malicious workers for the false result attack • MSC, a malicious worker detecting algorithm • More practical than previous solution • Effective: • Without collusion : Can detect all malicious workers • Under colluding: Can detect all malicious workers when malicious workers are less than half of the system Publication Ling Xu, Hirouyki Takizawa, and Hiroaki Kobayashi: “A Reliability Model for Result Checking in Volunteer Computing”, Proceedings of DAS-P2P 2008 Workshop, pp.201-204, 2008.

  19. Chapter 3 SybilDetector: A Shortest Path and Edge Detecting Based Sybil Detecting Algorithm

  20. Introduction • Problem: Sybil attack is a critical threat to DCSs • A large number of malicious nodes exist in the system, and collude to interrupt the system • Collude nodes are called Sybil nodes • Objective: a Sybil detecting algorithm • Enables each honest node to detect other Sybil nodes

  21. Related Work Attack edges Honest cluster Sybil cluster • Social network model[Yu2008] • nodes of the same types are closely connected • nodes of different types are connected by a small number of attack edges • Example[Danezis05]: in many P2P systems • To join the system, the new node has to attach to an existing node • Sybil node can only attach to existing Sybil nodes The number of attack edges is small

  22. Assumption The system obeys the social network model The system has trustful third parties

  23. SybilDetector • Observation • For node v, node u is Sybil  (v,u)-SP will pass the attack edges (v,u)-SP: a shortest path between the v and u • Idea: For v to decide whether u is Sybil • Computes (v,u)-SPs • Detect the attack edges • Judge whether the (v,u)-SPs have passed the attack edges u v Honest cluster Sybil cluster

  24. Algorithm: For v to decide whether u is Sybil • Computes (v,u)-SPs • Use existing distributed shortest path computing algorithms • Detect the attack edges • Compute the shortest path betweenness of each edge SPB of edge e: # of shortest paths that pass e • Attack edges have higher SPBs • (v,u)-SPs have passed edges of high betweennesses u is Sybil sp ae u v e b(ae) = 18 b(e) = 8

  25. Evaluation Honest cluster Sybil cluster • Compare the performances of SybilDetector and SybilLimit • SybilLimit: a representative Sybil detecting algorithm • Performance metric • Sybil accept rate (sar): the probability that honest node regard Sybil nodes to be honest • Questions to answer: • What is the influence of the number of attack edges in the system? • What is the influence of the number of Sybil nodes in the system?

  26. Network Configuration • Create the honest region: A real world network topology • Create the Sybil region: synthetic network topologies • Connect the two regions with attack edges Honest region Honest cluster Sybil cluster

  27. Change of SAR as the Number of Attack Edges in the System Increases 50x decrease in SAR • SAR increases with g • The btns of attack edges decrease • Less Sybil are detected • SAR(SybilDetector)<<SAR(SybilLimit) • 50x improvement 10x decrease in SAR

  28. Change of SAR as the Number of Sybil Nodes in the System Increases • As snn increases, SAR of SD decreases • The btns of attack edges increase • More Sybil node detected • SAR(SybilDetector)<<SAR(SybilLimit) • 4x~180x improvement 4 x decreases in SAR 180 x decreases in SAR

  29. Conclusion Publication Ling Xu, SatayapiwatChainan, Hiroyuki Takizawa, Hiroaki Kobayashi, ”Resisting Sybil Attack By Social Network and Network Clustering,” saint, pp.15-21, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet, 2010 • Sybil attack is a critical threat to decentralized DCSs • Objective: enable each honest node to detect Sybil nodes • Proposed SybilDetector, a Sybil resisting algorithm • Made great (4x~180x in the simulation) increase in the Sybil detecting accuracy, compared with the representative existing solution

  30. Chapter 4 RSSR: A Random Walk and Attack Edge Detecting Based Sybil Detecting Algorithm

  31. Introduction • SybilDetector • An effective Sybil detecting algorithm • Problem: needs trustful third parties (to compute shortest paths) • unpractical in some DCSs (e.g., P2P systems) • Objective: A Sybil detecting algorithm • Remove the need of trustful 3rd party do not use shortest path  use random walk instead

  32. Existing Sybil Detecting Algorithm: SOHL • Probing random walk: a message packet that moves in a random walk manner for a short distance • Has a low escape rate • Ends at a random honest node w.h.p • SOHL: each honest node v • Disseminates a large number of probing random walks • Ending nodes of the random walks  honest nodes w.h.p • Other nodes  Sybil nodes w.h.p v u Number of attack edges is small escape rate is low

  33. Idea • Improve the performance of SOHL • Detect the attack edges • Prevent probing random walks from passing the detected edges v u Number of attack edge is small escape rate is low

  34. RSSR • Detect attack edges • Compute the Random walk betweenness • Each pair of nodes disseminate a random walk to each other. • RWB of e: the number of times random walk messages passing e • Attack edges have higher RWB’s • Prevent probing random walks from passing the detected edges • Reduce the probability that probing random walks passing the edges of high betweennesses Do not compute shortest path betweenness No need of trustful 3rd party any more

  35. Evaluation Honest cluster Sybil cluster • Compare the performance of SOHL and RSSR • Performance metric • Sybil accept rate: the probability that Sybil nodes are regarded honest nodes. • Questions to answer: • What is the influence of number of attack edges in the system on the performance?

  36. Network Configuration • Create the honest region: A real world network topology • Create the Sybil region: synthetic network topologies • Connect the two regions with attack edges Honest region Honest cluster Sybil cluster

  37. Change of Sybil Accept Rate as the Number of Attack Edges Increases • As g increases, SAR increases • Average btns of attack edges decreases • Escape rate increases • Accept more Sybil nodes • SAR(RSSR) << SAR(SOHL) • Attack edges can be effectively detected 28x decrease in SAR 3x decreases in SAR Honest cluster Sybil cluster

  38. Conclusion • Objective: a Sybil detecting algorithm without trustful 3rd parties • Proposed RSSR, a Sybil detecting algorithm • Practical: no need of trustful third party • Shortest path (SybilDetector)  Random Walk (RSSR) • Effective: increased the Sybil detecting accuracy of a representative existing solution by 3~28 times Publication Ling Xu, Ryusuke EGAWA, Hiroyuki TAKIZAWA, Hiroaki KOBAYASHI, “A Network Clustering Algorithm for Sybil-Attack Resisting”, IEICE Transactions, special section, Parallel and Distributed Computing and Networking

  39. Chapter 5 Conclusion

  40. Conclusion • Objective: address critical security threats to DCSs • False result attack • Sybil attack • Approach • Detect malicious workers False result attack • MSC (Chapter 2) • Detect Sybil nodes  Sybil attack • SybilDetector (Chapter 3) • RSSR (Chapter 4)

  41. Future Work • Short term • More theoretical analysis of the performances of SybilDetector and RSSR • Long term • Extend the social network model (more than two clusters)

  42. Publication • Ling Xu, Hirouyki Takizawa, and Hiroaki Kobayashi: “A Reliability Model for Result Checking in Volunteer Computing”, Proceedings of DAS-P2P 2008 Workshop, pp.201-204, 2008. • Ling Xu, SatayapiwatChainan, Hiroyuki Takizawa, Hiroaki Kobayashi, ”Resisting Sybil Attack By Social Network and Network Clustering,” saint, pp.15-21, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet, 2010. • Ling Xu, Ryusuke EGAWA, Hiroyuki TAKIZAWA, Hiroaki KOBAYASHI, “A Network Clustering Algorithm for Sybil-Attack Resisting”, IEICE Transactions, special section, Parallel and Distributed Computing and Networking.

  43. Reference • [Yu2008] Haifeng Yu, Phillip B. Gibbons, Michael Kaminsky, and Feng Xiao. Sybillimit: A near-optimal social network defense against sybil attacks. In Proc. of IEEE Security & Privacy, 2008 • [Danezis05] G. Danezis, C. Lesniewski-Laas, M. F. Kaashoek, and R. Anderson. Sybil-resistant DHT routing. In European Symposium On Research In Computer Security, 2005

More Related