Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed Computing WS 07/08 MPI-SWS (Saarland University), Petr Kuznetsov
Motivation 1. Introduction 2. Secure Routing 3. Fairness and trust 4. Secure lookup protocol 5. S-Chord 6.
Motivation 1. Introduction 2. Secure Routing 3. Fairness and trust 4. Secure lookup protocol 5. S-Chord 6.
Motivation I 4 Examples of structured p2p overlays: � CAN � Chord � Pastry � Tapestry Some applications: � Network storage � Content distribution � Web cashing, searching and indexing � Applicaion level multicast Security of P2P Systems
Motivation II 5 Examples of structured p2p overlays: � CAN � Chord � Pastry � Tapestry Some properties: � High availability and Scalability � Decentralized and self-organizing � Effective load balancing � Highly resilient � But, not secure Security of P2P Systems
Motivation III 6 Example of some attacks: � Malicious nodes might give erroneous response to a reguest: - At the application level: returning false data -> censor the data - At the network level: returning false routing -> partition the network � They might try to analyse the traffic againt system that try to provide ananymous communication � Fairness: gain more from the network than give back to it: - in terms of disc space - in terms of bandwidth � Trust Security of P2P Systems
7 Motivation 1. Introduction 2. 1. Abstract m odel 2. Pastry 3. Tapestry 4. CAN 5. Chord 6. System m odels and assum ptions Security of P2P Systems
Abstract m odel 8 � Each peer has an identifier (e.g.,128-bit): nodeId � Unique and randomly distributed E.g., by a hash-function, applied on the IP-address � Objects are assigned keys, selected from the same id space, mapped to a unique live node (key‘s root ) � Nodes maintain a routing table (incl. a neighbor set ) � Copies of the objecs are stored at replica roots � Routing � The messages are routed to the node whose nodeId is numerically closest to the key Security of P2P Systems
Pastry I 9 Security of P2P Systems
Pastry II 10 � Message routing: Route(key k ) j shares at lest one digit (or b bits) with k more than i , or � Case 1) j is numerically closer to k than i nodeId i nodeId j � Case 2) if no such node found, then the current node or its neighbor is the destination Expected number of routing hops: < Security of P2P Systems
Pastry III 11 Security of P2P Systems
Tapestry 12 � Very similar to Pasrty � Differences to Pastry: � No neighbor set � Other message forwarding mechanism (surrogate routing): Forwards the message to the node with the next higher value in the n th digit modulo � expected number of routing hops: � Replica function produces random keys for storing replicas Security of P2P Systems
CAN 13 � Some properties: � Entries in the node i ‘s routing tables are neighbors in a d -dimensional space. � Each node is reachable in (d/4) routing hops in average. � Replica function produces random keys for storing replicas. � As N increases, the size of the routing table does not grow, but the number of routing hops. Security of P2P Systems
Chord I 14 � Nodes have m-bit IDs on an “identifier ring”(e.g., m=160) � Nodes maintain a “finger table” � Each node points to up to 160 other nodes � The i th entry refers to the live node with the samllest id clockwise from � Each node points to its predecessor and n successors � Replicas are stored in the neighbor set of the key’s root � Expected number of routing hops: Security of P2P Systems
Chord II 15 Security of P2P Systems
System m odel and assum ptions 16 � N : # nodes in the network � We assume fraction f of faulty nodes � constrained-collusion Byzantine failure model � Size of coalitions of faulty nodes bounded by cN (1 /N ≤ c ≤ f) � Static IP addresses � � Two communication types: network-level: direct communication without routing the overlay, 1. and overlay-level: where messages are routed through the overlay using 2. one of the protocols � Cryptographic techniques (to prevent adversaries from observing or modifying network-level communication between correct nodes) � Any message sent by a correct node to a correct destination over an overlay with no faulty nodes in delivered within time D with Pr D Security of P2P Systems
17 Motivation 1. Introduction 2. Routing in p2p system s 3. Secure routing 1. Secure nodeId assignm ent 2. Attacks&Solutions � Seure routing table m aintenance 3. Attacks&Solutions � Secure m essage forwarding 4. Attacks&Solutions � Routing failure test � Redundant routing � Self-certifying data � Security of P2P Systems
Secure routing I 18 � Definition: � R k : set of nodes that contains, for each member of the set of replica keys associated with k , a live root node that is responsible for that replica key. secure routing primitive + secure routing primitive + � Example in the Pastry: set of live nodes with nodeIds other security techniques numerically closest to the key other security techniques -> secure application -> secure application � The secure routing primitive ensures that: when a non-faulty node send a message to a key k, the message reaches all non-faulty members in the set of replica roots R k with a very high probability. Security of P2P Systems
Secure routing II 19 � Secure routing ensures that: (1) the message is eventually delivered, despite nodes that may corrupt, drop or misroute the message; and (2) the message is delivered to all legitimate replica roots for the key, despite nodes that may attempt to impersonate a replica root � Implementing the secure routing primitive requires: (1) securely assigning nodeIds to nodes (2) securely maintaining the routing tables, and (3) securely forwarding messages Security of P2P Systems
Secure nodeId assignm ent � Fundamental assumption: There is a uniform random distribution of nodeIds There is a uniform random distribution of nodeIds � Secure nodeId assignment ensures that: no attacker can choose the value of nodeIds of the nodes it controls We now represent som e attacks and their corresponding solutions
Attacks & Solutions I 21 � If an attacker can choose nodeIds, it might: � maximize the probability of appearing in the victim‘s routing table � partition the the Pastry and –chord overlay if it controls two disjoint neighbor sets � control access to target objects by choosing the closest nodeIds to all replica keys for a target object, thus controling all replica roots -> it could delete, corrupt, or deny access to objects � If an attacker can obtain a large number of valid nodeIds easily -> same problems above Sybil attack Sybil attack Security of P2P Systems
Attacks & Solutions II 22 Solution: certified nodeIds - use CAs (certification authorities) - CAs sign nodeId certificates - nodeId certificates bind a random nodeId to the public key associated with the node and its IP address Why do we need to include the IP addresses in certificates? What about What about - at attacker with multiple valid nodeId certificates could swap dynamic IP certificates among the nodes it controls, dynamic IP addresses? -> it can increase the the fraction of bad nodes in those routing addresses? tables - hard to move nodeIds across nodes by binding the nodeId to IP addresses, but Security of P2P Systems
Attacks & Solutions III 23 � Certified nodeIds work well when we have fixed nodeIds (in Chord, Pastry and Tapestry), but � hard to secure CAN where nodeIds represent a zone in a d- dimensional space that split in half when a new node joins nodeIds change Security of P2P Systems
Attacks & Solutions IV 24 � Solution for Sybil attack: Modeare the rate at which nodeIds are given out (1) Make attacks economically expensive (2) Bind nodeIds to real world identities � Open problem: Can we prevent such attackers without CAs, fees or identitiy checks? Security of P2P Systems
Attacks & Solutions V 25 � Some other methods: Use some crypto puzzles example: require new nodes to generate a key pair s. t., the SHA-1 hash of the public key has the first p bits zero. Use a secure hash of the public key as their nodeIds Use different initialization vector for SHA-1. or use MD5 number of random bits in nodeIds will not be reduced Security of P2P Systems
Attacks & Solutions VI 26 � Some other methods:(cont.) - periodically invaidate nodeIds, recompute new Ids using another initialization vector More overhead More overhead Security of P2P Systems
Secure routing table m aintenance I 27 � Secure routing table maintenance ensures that: � average fraction of bad entries in a routing table (= f ) of a correct node does not exceed � Note: � Bad routing updates increases f We now represent som e attacks and their corresponding solutions Security of P2P Systems
Recommend
More recommend
