efficient dht attack mitigation through peers id
play

Efficient DHT attack mitigation through peers ID distribution - PowerPoint PPT Presentation

Apr 09, 2023 •230 likes •493 views

Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Efficient DHT attack mitigation through peers ID distribution Thibault Cholez, Isabelle Chrisment and Olivier Festor { thibault.cholez,

  1. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Efficient DHT attack mitigation through peers’ ID distribution Thibault Cholez, Isabelle Chrisment and Olivier Festor { thibault.cholez, isabelle.chrisment, olivier.festor } @loria.fr LORIA - Campus Scientifique - BP 239 - 54506 Vandoeuvre-les-Nancy Cedex April 23rd 2010 1 / 23

  2. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 2 / 23

  3. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 3 / 23

  4. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Background on KAD KAD is : • A fully distributed P2P network (Kademlia DHT) • Used for file sharing • Implemented by open source clients (eMule and aMule) • Widely deployed ( ∼ 3 millions simultaneous users) KAD DHT used to index keywords & files : • KAD ID : place of a peer in the DHT (128 random bits) • target (content) ID : MD5(keyword) or MD5(file) • prefix = number of common bits between a peer & a content T ype ID prefix t arget ID 477221265829086C74988C40EFE63DAF - p eer ID 477229E3D7CFC729F337ABBB69C983C6 20 bits 4 / 23

  5. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion The KAD DHT Fig. : Double indexation mechanism used to publish contents 5 / 23

  6. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Exploiting KAD Search Despite recent protective rules, localized attacks are possible : • Each peer is free to chose its KADID • Very efficient KAD Search procedure ”store to the closest peers possible” • Place few distributed peers close to the targetID (Sybil attack) • Honeypeers attract all the 10 replicated ”service” requests 6 / 23

  7. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Motivation Such attack raises : • privacy issues (attackers monitoring shared contents) • denial of service issues (eclipse attack removing information from the DHT) • security issues (fake files and sources insertion : pollution, malware diffusion) Protecting the KAD network is very challenging : • fully distributed design • strong need of backward compatibility between clients • no existing solution is suitable (central authority, crypto-puzzles, social networks, distributed certification) 7 / 23

  8. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Efficient Pollution Fig. : Result of a search for ”spiderman” under eclipse and poison (4 fake files) 8 / 23

  9. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 9 / 23

  10. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Key Idea Instead of controlling peer IDs : • let them randomly choose their ID... • but check if IDs distributions are really random ! To target an ID, DHT attacks introduce : • proximity abnormalities in IDs distribution • density abnormalities in IDs distribution T ype KADID prefix c ontent 477221265829086C74988C40EFE63DAF - a ttacker 477221265829086C74988C4070D6E0F1 96 bits n ormal 477229E3D7CFC729F337ABBB69C983C6 20 bits Tab. : Example of IDs 10 / 23

  11. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Theoretical IDs distribution Mean number of peers sharing at least x bits with a target ID with N peers in the network : F ( x ) = N (1) 2 x with N = 4 × 10 6 and x ∈ [1; 128]. Fig. : Mean number of peers sharing a given prefix with a target 11 / 23

  12. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Real IDs distribution Real network measurement : • 1800 lookups on safe (random) DHT entries • for each lookup : what are the prefixes of the 10 best peers found ? Fig. : Average Prefix distribution of the 10 best found contacts 12 / 23

  13. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Real IDs distribution Results show : • KAD lookup procedure is efficient enough to give a representative view of the closest peers possible. • The theoretical random ID distribution (geometric distribution with parameter 1 / 2) is sufficient to characterize the results obtained in a real lookup process. Moreover, IDs distribution is stable : all tested parameters do not affect it • time spent in the P2P network • distance between the publishing peer and the published data • type of published information (keyword or file) • type of requested services (publish or search) 13 / 23

  14. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Preventive rules IP address limitation • service requests must be sent to peers from different subnetwork • already applied to filter peers inserted in routing table • distribute a DHT entry on the IP network scale Discarding close nodes • currently prefixes ≥ 28 bits very unlikely • change the tolerance zone from [8 ;128] to [8 ;28] 14 / 23

  15. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 15 / 23

  16. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attack detection Major difficulty : • few (10) best peers constitute a very small sample size • common statistic tools comparing distributions (chi-square, Kolmogorov-Smirnov) inefficient • KL-divergence efficient but must be interpreted Kullback-Leibler divergence (G-test) to detect attacks : M ( i ) log M ( i ) � D KL ( M | T ) = (2) T ( i ) i P refix 18 19 20 21 22 23 24 25 26 27 28 M (attack) 0 0 0 0 0 0 0 0 0.5 0.5 0 M (safe) 0.6 0.2 0.1 0.1 0 0 0 0 0 0 0 1 / 2 2 1 / 2 3 1 / 2 4 1 / 2 5 1 / 2 6 1 / 2 7 1 / 2 8 1 / 2 9 1 / 2 10 1 / 2 11 1 / 2 T Tab. : Distributions compared with KL-distance to detect attacks 16 / 23

  17. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attacks detection Evaluation of the detection metric & threshold : • 2 data sets : simulated attack distributions vs real DHT dist. • the few false negatives are not dangerous attacks : few peers inserted (5 or less) on low prefixes (18-19 bits) • detection threshold = 0.7 • false positives & negatives < 9% 17 / 23

  18. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attacks mitigation When an attack is detected : • countermeasures progressively filter the attacked prefixes • while the distribution is not ’safe’, remove peers with the most suspicious prefix, update distribution and distance • peers with lower prefixes ( < 18 bits) fill the left places among the 10 best P refix Avg number of contacts 1 3 0.60 1 4 1.36 1 5 2.78 1 6 3.62 1 7 3.75 Tab. : Best remaining contacts with prefix under 18bits 18 / 23

  19. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attacks mitigation • countermeasure removes almost all malicious peers • safe threshold defines the countermeasure tolerance Fig. : Average number of contacts removed among the 10-best by the countermeasure 19 / 23

  20. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Full defense scheme Fig. : Full defense scheme applied to KAD 20 / 23

  21. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Is the KAD network really threatened ? Yes ! local attacks are running Simple test : • choose few ”well-known” keywords • launch DHT lookups • write the prefix of the closest peer found k eyword best prefix k eyword best prefix a vatar 126 n ine 122 i nvictus 123 l ove 122 s herlock 122 a merican 97 p rincess 122 r ussian 97 f rog 98 b lack 96 n cis 96 p irate 96 n ero 96 . .. ... 21 / 23

  22. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 22 / 23

  23. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Conclusion Our solution : • is efficient ; introduces no overhead • provides full backward compatibility • can be applied to any DHT with iterative routing and replicated data Future (current) work : • crawl the KAD DHT to detect real attacks • evaluate the implementation • dynamically set the detection parameters 23 / 23

Recommend

Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture

Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture

5/25/2019 Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture Biometric University of California, Irvine Tyler Kaczmarek , Ercan Ozturk, Gene Tsudik { tkaczmar , ercano, gtsudik}@uci.edu 1 Overview

588 views • 15 slides
Current Trends in Cyber Security Course on Cyber Attack Detection &amp; Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection &amp; Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection &amp; Mitigation Techniques (NIT-K) S. K. Pal Defence Research &amp; Development Organization (DRDO) SAG, Metcalfe House, Delhi 27-Jul-2020 1 What is Cyberspace? Refers to

766 views • 17 slides
An efficient structural attack on NIST submission DAGS lise Barelli 1 and Alain Couvreur 2,3 1

An efficient structural attack on NIST submission DAGS lise Barelli 1 and Alain Couvreur 2,3 1

An efficient structural attack on NIST submission DAGS lise Barelli 1 and Alain Couvreur 2,3 1 Universit de Versailles Saint Quentin 2 INRIA 3 LIX, cole polytechnique Asiacrypt 2018 E. Barelli, A. Couvreur Structural attack on DAGS

822 views • 52 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay CRYPTO August 2012 BLUF (Bottom Line Up

602 views • 19 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J. Kai-Tsay CRYPTO August 2012 BLUF (Bottom Line Up

584 views • 42 slides
Preliminary valuation approach 1. . Lis isted peers approach 1.1. Selection of peers and

Preliminary valuation approach 1. . Lis isted peers approach 1.1. Selection of peers and

Preliminary valuation approach 1. . Lis isted peers approach 1.1. Selection of peers and financial information LVMH (M) Market cap 175 978 December 2016 2017 2018 2019 2020 2021 Swatch to be looked upon as a luxury Sales 53

488 views • 3 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Cost-efficient Emergency Intervention for Collision Mitigation Development and Evaluation Results

Cost-efficient Emergency Intervention for Collision Mitigation Development and Evaluation Results

Cost-efficient Emergency Intervention for Collision Mitigation Development and Evaluation Results Thomas Wohllebe, Volkswagen AG interactIVe Final Event 20 th -21 st November 2013 Content Overview Objectives Functions and

157 views • 14 slides
RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny Andeas) Summery 1. Introduction 2. Keepalives and Heartbeats 3. DPD Protocol 4. Resistance to Replay Attack and False Proof of Liveliness Situation

890 views • 20 slides
AIQL : Enabling Efficient Attack Investigation from System Monitoring Data Peng Gao 1 , Xusheng

AIQL : Enabling Efficient Attack Investigation from System Monitoring Data Peng Gao 1 , Xusheng

AI AIQL : Enabling Efficient Attack Investigation from System Monitoring Data Peng Gao 1 , Xusheng Xiao 2 , Zhichun Li 3 , Kangkook Jee 3 , Fengyuan Xu 4 , Sanjeev R. Kulkarni 1 , Prateek Mittal 1 1 Princeton University 2 Case Western Reserve

800 views • 34 slides
M14 - Peers for Housing Stability: Preventing Homelessness through Education Peers for Housing

M14 - Peers for Housing Stability: Preventing Homelessness through Education Peers for Housing

M14 - Peers for Housing Stability: Preventing Homelessness through Education Peers for Housing Stability Welcome! Kristi Fairholm Mader- Co-Executive Director Ready to Rent BC Donalee White- Housing Outreach for Aboriginal Transformative

797 views • 23 slides
Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i . i o FARSIGHT SECURITY DISCUSSION POINTS Attack Trends A Historical View Attack Vectors in Recent Years Evolution of Mitigation

634 views • 29 slides
The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice Director Global experts in cyber security &amp; risk mitigation Agenda Space attack surface overview Attacks against terrestrial assets

310 views • 30 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -&gt; receiver): sender

958 views • 23 slides
Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control Service Service for for DDoS DDoS Attack Attack Control Control Service for DDoS Attack Mitigation Mitigation Mitigation Bernhard Plattner,

474 views • 24 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day &gt;&gt; exploitation of the device &gt;&gt; the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
United Nations Environment Programme en.lighten initiative Guidebook for the Development of a

United Nations Environment Programme en.lighten initiative Guidebook for the Development of a

United Nations Environment Programme en.lighten initiative Guidebook for the Development of a Nationally Appropriate Mitigation Action on Efficient Lighting 5 February 2014 Developing a Nationally Appropriate Mitigation Action on Efficient

381 views • 10 slides
Hazard Mitigation Planning Katie Sommers State Hazard Mitigation Officer Roxanne Gray

Hazard Mitigation Planning Katie Sommers State Hazard Mitigation Officer Roxanne Gray

Hazard Mitigation Planning Katie Sommers State Hazard Mitigation Officer Roxanne Gray Mitigation Section Supervisor What is Mitigation? According to the Federal Emergency Management Agency (FEMA): Mitigation is any sustained action taken

905 views • 71 slides
Mitigation mitigation midSH()n/ noun the action of reducing the severity,

Mitigation mitigation midSH()n/ noun the action of reducing the severity,

Mitigation mitigation midSH()n/ noun the action of reducing the severity, seriousness, or painfulness of something. &quot;the emphasis is on the identification and mitigation of pollution&quot; Two Mitigation Issues

293 views • 27 slides
Hazard Mitigation Assistance Hazard Mitigation Assistance Hazard Mitigation Assistance

Hazard Mitigation Assistance Hazard Mitigation Assistance Hazard Mitigation Assistance

Fort Bend County, TX Commissioners Court Workshop July 27, 2016 Hazard Mitigation Assistance Hazard Mitigation Assistance Hazard Mitigation Assistance Purpose To investigate and report findings to Commissioners Court regarding Federal

494 views • 23 slides
Mitigation Needs Assessment 1 CDBG-MIT Webinar Series HUD and FEMA role (National Mitigation

Mitigation Needs Assessment 1 CDBG-MIT Webinar Series HUD and FEMA role (National Mitigation

Mitigation Needs Assessment 1 CDBG-MIT Webinar Series HUD and FEMA role (National Mitigation Investment Strategy) Resources Addressing Mitigation and Mitigation Planning 2019 CDBG-DR Problem Solving Clinic: Day 1 - CDBG-MIT Grantees

581 views • 55 slides
Hazard Mitigation Assistance Hazard Mitigation Assistance Program Overview Program Overview 1

Hazard Mitigation Assistance Hazard Mitigation Assistance Program Overview Program Overview 1

Hazard Mitigation Assistance Hazard Mitigation Assistance Program Overview Program Overview 1 Susan Murray June 22, 2009 What is Mitigation? Mitigation is sustained action taken to reduce or eliminate long term risk to life

451 views • 30 slides
welcome. Crestwood Behavioral Health, Inc. Peer-Operated Services Crisis Residential Peers in

welcome. Crestwood Behavioral Health, Inc. Peer-Operated Services Crisis Residential Peers in

welcome. Crestwood Behavioral Health, Inc. Peer-Operated Services Crisis Residential Peers in the Forefront Peers in the Forefront Peer Led Services Peers are the center and leaders in the Crestwood Resiliency program and is built on the

607 views • 34 slides
Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti

Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti

Monitoring, Attack Detection and Mitigation Monitoring, Attack Detection and Mitigation MonAM 2006 MonAM 2006 Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti Authors: merson Virti, Liane

474 views • 16 slides

More recommend