efficient dht attack mitigation through peers id
play

Efficient DHT attack mitigation through peers ID distribution - PowerPoint PPT Presentation

Apr 09, 2023 •230 likes •493 views

Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Efficient DHT attack mitigation through peers ID distribution Thibault Cholez, Isabelle Chrisment and Olivier Festor { thibault.cholez,

  1. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Efficient DHT attack mitigation through peers’ ID distribution Thibault Cholez, Isabelle Chrisment and Olivier Festor { thibault.cholez, isabelle.chrisment, olivier.festor } @loria.fr LORIA - Campus Scientifique - BP 239 - 54506 Vandoeuvre-les-Nancy Cedex April 23rd 2010 1 / 23

  2. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 2 / 23

  3. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 3 / 23

  4. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Background on KAD KAD is : • A fully distributed P2P network (Kademlia DHT) • Used for file sharing • Implemented by open source clients (eMule and aMule) • Widely deployed ( ∼ 3 millions simultaneous users) KAD DHT used to index keywords & files : • KAD ID : place of a peer in the DHT (128 random bits) • target (content) ID : MD5(keyword) or MD5(file) • prefix = number of common bits between a peer & a content T ype ID prefix t arget ID 477221265829086C74988C40EFE63DAF - p eer ID 477229E3D7CFC729F337ABBB69C983C6 20 bits 4 / 23

  5. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion The KAD DHT Fig. : Double indexation mechanism used to publish contents 5 / 23

  6. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Exploiting KAD Search Despite recent protective rules, localized attacks are possible : • Each peer is free to chose its KADID • Very efficient KAD Search procedure ”store to the closest peers possible” • Place few distributed peers close to the targetID (Sybil attack) • Honeypeers attract all the 10 replicated ”service” requests 6 / 23

  7. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Motivation Such attack raises : • privacy issues (attackers monitoring shared contents) • denial of service issues (eclipse attack removing information from the DHT) • security issues (fake files and sources insertion : pollution, malware diffusion) Protecting the KAD network is very challenging : • fully distributed design • strong need of backward compatibility between clients • no existing solution is suitable (central authority, crypto-puzzles, social networks, distributed certification) 7 / 23

  8. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Efficient Pollution Fig. : Result of a search for ”spiderman” under eclipse and poison (4 fake files) 8 / 23

  9. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 9 / 23

  10. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Key Idea Instead of controlling peer IDs : • let them randomly choose their ID... • but check if IDs distributions are really random ! To target an ID, DHT attacks introduce : • proximity abnormalities in IDs distribution • density abnormalities in IDs distribution T ype KADID prefix c ontent 477221265829086C74988C40EFE63DAF - a ttacker 477221265829086C74988C4070D6E0F1 96 bits n ormal 477229E3D7CFC729F337ABBB69C983C6 20 bits Tab. : Example of IDs 10 / 23

  11. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Theoretical IDs distribution Mean number of peers sharing at least x bits with a target ID with N peers in the network : F ( x ) = N (1) 2 x with N = 4 × 10 6 and x ∈ [1; 128]. Fig. : Mean number of peers sharing a given prefix with a target 11 / 23

  12. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Real IDs distribution Real network measurement : • 1800 lookups on safe (random) DHT entries • for each lookup : what are the prefixes of the 10 best peers found ? Fig. : Average Prefix distribution of the 10 best found contacts 12 / 23

  13. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Real IDs distribution Results show : • KAD lookup procedure is efficient enough to give a representative view of the closest peers possible. • The theoretical random ID distribution (geometric distribution with parameter 1 / 2) is sufficient to characterize the results obtained in a real lookup process. Moreover, IDs distribution is stable : all tested parameters do not affect it • time spent in the P2P network • distance between the publishing peer and the published data • type of published information (keyword or file) • type of requested services (publish or search) 13 / 23

  14. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Preventive rules IP address limitation • service requests must be sent to peers from different subnetwork • already applied to filter peers inserted in routing table • distribute a DHT entry on the IP network scale Discarding close nodes • currently prefixes ≥ 28 bits very unlikely • change the tolerance zone from [8 ;128] to [8 ;28] 14 / 23

  15. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 15 / 23

  16. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attack detection Major difficulty : • few (10) best peers constitute a very small sample size • common statistic tools comparing distributions (chi-square, Kolmogorov-Smirnov) inefficient • KL-divergence efficient but must be interpreted Kullback-Leibler divergence (G-test) to detect attacks : M ( i ) log M ( i ) � D KL ( M | T ) = (2) T ( i ) i P refix 18 19 20 21 22 23 24 25 26 27 28 M (attack) 0 0 0 0 0 0 0 0 0.5 0.5 0 M (safe) 0.6 0.2 0.1 0.1 0 0 0 0 0 0 0 1 / 2 2 1 / 2 3 1 / 2 4 1 / 2 5 1 / 2 6 1 / 2 7 1 / 2 8 1 / 2 9 1 / 2 10 1 / 2 11 1 / 2 T Tab. : Distributions compared with KL-distance to detect attacks 16 / 23

  17. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attacks detection Evaluation of the detection metric & threshold : • 2 data sets : simulated attack distributions vs real DHT dist. • the few false negatives are not dangerous attacks : few peers inserted (5 or less) on low prefixes (18-19 bits) • detection threshold = 0.7 • false positives & negatives < 9% 17 / 23

  18. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attacks mitigation When an attack is detected : • countermeasures progressively filter the attacked prefixes • while the distribution is not ’safe’, remove peers with the most suspicious prefix, update distribution and distance • peers with lower prefixes ( < 18 bits) fill the left places among the 10 best P refix Avg number of contacts 1 3 0.60 1 4 1.36 1 5 2.78 1 6 3.62 1 7 3.75 Tab. : Best remaining contacts with prefix under 18bits 18 / 23

  19. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion DHT attacks mitigation • countermeasure removes almost all malicious peers • safe threshold defines the countermeasure tolerance Fig. : Average number of contacts removed among the 10-best by the countermeasure 19 / 23

  20. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Full defense scheme Fig. : Full defense scheme applied to KAD 20 / 23

  21. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Is the KAD network really threatened ? Yes ! local attacks are running Simple test : • choose few ”well-known” keywords • launch DHT lookups • write the prefix of the closest peer found k eyword best prefix k eyword best prefix a vatar 126 n ine 122 i nvictus 123 l ove 122 s herlock 122 a merican 97 p rincess 122 r ussian 97 f rog 98 b lack 96 n cis 96 p irate 96 n ero 96 . .. ... 21 / 23

  22. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Outline Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion 22 / 23

  23. Introduction Analysis of IDs distribution DHT attacks detection & mitigation Conclusion Conclusion Our solution : • is efficient ; introduces no overhead • provides full backward compatibility • can be applied to any DHT with iterative routing and replicated data Future (current) work : • crawl the KAD DHT to detect real attacks • evaluate the implementation • dynamically set the detection parameters 23 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture

Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture

5/25/2019 Assentication: User De-Authentication and Lunch Time Attack Mitigation with Seated Posture Biometric University of California, Irvine Tyler Kaczmarek , Ercan Ozturk, Gene Tsudik { tkaczmar , ercano, gtsudik}@uci.edu 1 Overview

588 views • 15 slides
Current Trends in Cyber Security Course on Cyber Attack Detection &amp; Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection &amp; Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection &amp; Mitigation Techniques (NIT-K) S. K. Pal Defence Research &amp; Development Organization (DRDO) SAG, Metcalfe House, Delhi 27-Jul-2020 1 What is Cyberspace? Refers to

766 views • 17 slides
An efficient structural attack on NIST submission DAGS lise Barelli 1 and Alain Couvreur 2,3 1

An efficient structural attack on NIST submission DAGS lise Barelli 1 and Alain Couvreur 2,3 1

An efficient structural attack on NIST submission DAGS lise Barelli 1 and Alain Couvreur 2,3 1 Universit de Versailles Saint Quentin 2 INRIA 3 LIX, cole polytechnique Asiacrypt 2018 E. Barelli, A. Couvreur Structural attack on DAGS

822 views • 52 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay CRYPTO August 2012 BLUF (Bottom Line Up

602 views • 19 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J. Kai-Tsay CRYPTO August 2012 BLUF (Bottom Line Up

584 views • 42 slides
Preliminary valuation approach 1. . Lis isted peers approach 1.1. Selection of peers and

Preliminary valuation approach 1. . Lis isted peers approach 1.1. Selection of peers and

Preliminary valuation approach 1. . Lis isted peers approach 1.1. Selection of peers and financial information LVMH (M) Market cap 175 978 December 2016 2017 2018 2019 2020 2021 Swatch to be looked upon as a luxury Sales 53

488 views • 3 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Cost-efficient Emergency Intervention for Collision Mitigation Development and Evaluation Results

Cost-efficient Emergency Intervention for Collision Mitigation Development and Evaluation Results

Cost-efficient Emergency Intervention for Collision Mitigation Development and Evaluation Results Thomas Wohllebe, Volkswagen AG interactIVe Final Event 20 th -21 st November 2013 Content Overview Objectives Functions and

157 views • 14 slides
RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny Andeas) Summery 1. Introduction 2. Keepalives and Heartbeats 3. DPD Protocol 4. Resistance to Replay Attack and False Proof of Liveliness Situation

890 views • 20 slides
AIQL : Enabling Efficient Attack Investigation from System Monitoring Data Peng Gao 1 , Xusheng

AIQL : Enabling Efficient Attack Investigation from System Monitoring Data Peng Gao 1 , Xusheng

AI AIQL : Enabling Efficient Attack Investigation from System Monitoring Data Peng Gao 1 , Xusheng Xiao 2 , Zhichun Li 3 , Kangkook Jee 3 , Fengyuan Xu 4 , Sanjeev R. Kulkarni 1 , Prateek Mittal 1 1 Princeton University 2 Case Western Reserve

800 views • 34 slides
M14 - Peers for Housing Stability: Preventing Homelessness through Education Peers for Housing

M14 - Peers for Housing Stability: Preventing Homelessness through Education Peers for Housing

M14 - Peers for Housing Stability: Preventing Homelessness through Education Peers for Housing Stability Welcome! Kristi Fairholm Mader- Co-Executive Director Ready to Rent BC Donalee White- Housing Outreach for Aboriginal Transformative

797 views • 23 slides
Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i . i o FARSIGHT SECURITY DISCUSSION POINTS Attack Trends A Historical View Attack Vectors in Recent Years Evolution of Mitigation

634 views • 29 slides
The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice Director Global experts in cyber security &amp; risk mitigation Agenda Space attack surface overview Attacks against terrestrial assets

310 views • 30 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -&gt; receiver): sender

958 views • 23 slides
Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control Service Service for for DDoS DDoS Attack Attack Control Control Service for DDoS Attack Mitigation Mitigation Mitigation Bernhard Plattner,

474 views • 24 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day &gt;&gt; exploitation of the device &gt;&gt; the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Addressing Model in DHT based Networks Mohammed B. M. Kamel , Pter Ligeti, dm Nagy Etvs

Addressing Model in DHT based Networks Mohammed B. M. Kamel , Pter Ligeti, dm Nagy Etvs

Addressing Model in DHT based Networks Mohammed B. M. Kamel , Pter Ligeti, dm Nagy Etvs Lornd University (ELTE), Budapest, Hungary 2019 June Peer-to-Peer Network Peers are equally privileged, equipotent participants in the

301 views • 15 slides
Scalable Consistency in Scatter A Distributed Key-Value Storage System Lisa Glendenning Ivan

Scalable Consistency in Scatter A Distributed Key-Value Storage System Lisa Glendenning Ivan

Scalable Consistency in Scatter A Distributed Key-Value Storage System Lisa Glendenning Ivan Beschastnikh University of Washington Arvind Krishnamurthy Thomas Anderson Supported by NSF CNS-0963754 October 2011 1 1 Internet services

540 views • 27 slides
Simulation and Modelling of Large-scale Structured P2P Overlays y Mario Kolberg &amp; Jamie

Simulation and Modelling of Large-scale Structured P2P Overlays y Mario Kolberg &amp; Jamie

Simulation and Modelling of Large-scale Structured P2P Overlays y Mario Kolberg &amp; Jamie Furness University of Stirling Peer-to-Peer (P2P) Overlay build on top of the IP network Nodes in the overlay are connected by

250 views • 22 slides
WAP5 Black-box Performance Debugging for Wide-Area Distributed Systems Patrick Reynolds

WAP5 Black-box Performance Debugging for Wide-Area Distributed Systems Patrick Reynolds

WAP5 Black-box Performance Debugging for Wide-Area Distributed Systems Patrick Reynolds reynolds@cs.duke.edu With: Janet Wiener Marcos Aguilera Jeffrey Mogul Amin Vahdat http://www.hpl.hp.com/research/project5/ Motivation Discover

606 views • 34 slides
The time scales of a stochastic network with failures Mathieu Feuillet joint work with Philippe

The time scales of a stochastic network with failures Mathieu Feuillet joint work with Philippe

The time scales of a stochastic network with failures Mathieu Feuillet joint work with Philippe Robert YEQT-V Contents Introduction Model Time scale: t t/N Time scale: t t Time scale: t Nt Case d 3 An inspiring example: a

577 views • 53 slides
Connectivity Properties of Mainline BitTorrent DHT Nodes Raul Jimenez, Flutra Osmani, Bjrn

Connectivity Properties of Mainline BitTorrent DHT Nodes Raul Jimenez, Flutra Osmani, Bjrn

Connectivity Properties of Mainline BitTorrent DHT Nodes Raul Jimenez, Flutra Osmani, Bjrn Knutsson KTH, Sweden 1 IEEE P2P'09 9-11 Sept Seattle, WA Background P2P-Next Large EU project Content distribution platform on

472 views • 22 slides
Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet Stephen Herwig Katura Harvey George Hughey Richard Roberts Dave Levin University of Maryland The Max Planck Institute + for Software Systems Rise of IoT Botnets

569 views • 52 slides
Distributed hybrid Grbner bases computation Heinz Kredel University of Mannheim ECDS at CISIS

Distributed hybrid Grbner bases computation Heinz Kredel University of Mannheim ECDS at CISIS

Distributed hybrid Grbner bases computation Heinz Kredel University of Mannheim ECDS at CISIS 2010, Krakow Overview Introduction to JAS Grbner bases sequential and parallel algorithm problems with parallel computation

619 views • 39 slides

More recommend