security of p2p systems
play

Security of P2P Systems Faraz Makari March 6, 2008 Seminar on - PowerPoint PPT Presentation

Feb 14, 2024 •202 likes •989 views

Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed Computing WS 07/08 MPI-SWS (Saarland University), Petr Kuznetsov Motivation 1. Introduction 2. Secure Routing 3. Fairness and trust 4. Secure

  1. Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed Computing WS 07/08 MPI-SWS (Saarland University), Petr Kuznetsov

  2. Motivation 1. Introduction 2. Secure Routing 3. Fairness and trust 4. Secure lookup protocol 5. S-Chord 6.

  3. Motivation 1. Introduction 2. Secure Routing 3. Fairness and trust 4. Secure lookup protocol 5. S-Chord 6.

  4. Motivation I 4 Examples of structured p2p overlays: � CAN � Chord � Pastry � Tapestry Some applications: � Network storage � Content distribution � Web cashing, searching and indexing � Applicaion level multicast Security of P2P Systems

  5. Motivation II 5 Examples of structured p2p overlays: � CAN � Chord � Pastry � Tapestry Some properties: � High availability and Scalability � Decentralized and self-organizing � Effective load balancing � Highly resilient � But, not secure Security of P2P Systems

  6. Motivation III 6 Example of some attacks: � Malicious nodes might give erroneous response to a reguest: - At the application level: returning false data -> censor the data - At the network level: returning false routing -> partition the network � They might try to analyse the traffic againt system that try to provide ananymous communication � Fairness: gain more from the network than give back to it: - in terms of disc space - in terms of bandwidth � Trust Security of P2P Systems

  7. 7 Motivation 1. Introduction 2. 1. Abstract m odel 2. Pastry 3. Tapestry 4. CAN 5. Chord 6. System m odels and assum ptions Security of P2P Systems

  8. Abstract m odel 8 � Each peer has an identifier (e.g.,128-bit): nodeId � Unique and randomly distributed E.g., by a hash-function, applied on the IP-address � Objects are assigned keys, selected from the same id space, mapped to a unique live node (key‘s root ) � Nodes maintain a routing table (incl. a neighbor set ) � Copies of the objecs are stored at replica roots � Routing � The messages are routed to the node whose nodeId is numerically closest to the key Security of P2P Systems

  9. Pastry I 9 Security of P2P Systems

  10. Pastry II 10 � Message routing: Route(key k ) j shares at lest one digit (or b bits) with k more than i , or � Case 1) j is numerically closer to k than i nodeId i nodeId j � Case 2) if no such node found, then the current node or its neighbor is the destination Expected number of routing hops: < Security of P2P Systems

  11. Pastry III 11 Security of P2P Systems

  12. Tapestry 12 � Very similar to Pasrty � Differences to Pastry: � No neighbor set � Other message forwarding mechanism (surrogate routing): Forwards the message to the node with the next higher value in the n th digit modulo � expected number of routing hops: � Replica function produces random keys for storing replicas Security of P2P Systems

  13. CAN 13 � Some properties: � Entries in the node i ‘s routing tables are neighbors in a d -dimensional space. � Each node is reachable in (d/4) routing hops in average. � Replica function produces random keys for storing replicas. � As N increases, the size of the routing table does not grow, but the number of routing hops. Security of P2P Systems

  14. Chord I 14 � Nodes have m-bit IDs on an “identifier ring”(e.g., m=160) � Nodes maintain a “finger table” � Each node points to up to 160 other nodes � The i th entry refers to the live node with the samllest id clockwise from � Each node points to its predecessor and n successors � Replicas are stored in the neighbor set of the key’s root � Expected number of routing hops: Security of P2P Systems

  15. Chord II 15 Security of P2P Systems

  16. System m odel and assum ptions 16 � N : # nodes in the network � We assume fraction f of faulty nodes � constrained-collusion Byzantine failure model � Size of coalitions of faulty nodes bounded by cN (1 /N ≤ c ≤ f) � Static IP addresses � � Two communication types: network-level: direct communication without routing the overlay, 1. and overlay-level: where messages are routed through the overlay using 2. one of the protocols � Cryptographic techniques (to prevent adversaries from observing or modifying network-level communication between correct nodes) � Any message sent by a correct node to a correct destination over an overlay with no faulty nodes in delivered within time D with Pr D Security of P2P Systems

  17. 17 Motivation 1. Introduction 2. Routing in p2p system s 3. Secure routing 1. Secure nodeId assignm ent 2. Attacks&Solutions � Seure routing table m aintenance 3. Attacks&Solutions � Secure m essage forwarding 4. Attacks&Solutions � Routing failure test � Redundant routing � Self-certifying data � Security of P2P Systems

  18. Secure routing I 18 � Definition: � R k : set of nodes that contains, for each member of the set of replica keys associated with k , a live root node that is responsible for that replica key. secure routing primitive + secure routing primitive + � Example in the Pastry: set of live nodes with nodeIds other security techniques numerically closest to the key other security techniques -> secure application -> secure application � The secure routing primitive ensures that: when a non-faulty node send a message to a key k, the message reaches all non-faulty members in the set of replica roots R k with a very high probability. Security of P2P Systems

  19. Secure routing II 19 � Secure routing ensures that: (1) the message is eventually delivered, despite nodes that may corrupt, drop or misroute the message; and (2) the message is delivered to all legitimate replica roots for the key, despite nodes that may attempt to impersonate a replica root � Implementing the secure routing primitive requires: (1) securely assigning nodeIds to nodes (2) securely maintaining the routing tables, and (3) securely forwarding messages Security of P2P Systems

  20. Secure nodeId assignm ent � Fundamental assumption: There is a uniform random distribution of nodeIds There is a uniform random distribution of nodeIds � Secure nodeId assignment ensures that: no attacker can choose the value of nodeIds of the nodes it controls We now represent som e attacks and their corresponding solutions

  21. Attacks & Solutions I 21 � If an attacker can choose nodeIds, it might: � maximize the probability of appearing in the victim‘s routing table � partition the the Pastry and –chord overlay if it controls two disjoint neighbor sets � control access to target objects by choosing the closest nodeIds to all replica keys for a target object, thus controling all replica roots -> it could delete, corrupt, or deny access to objects � If an attacker can obtain a large number of valid nodeIds easily -> same problems above Sybil attack Sybil attack Security of P2P Systems

  22. Attacks & Solutions II 22 Solution: certified nodeIds - use CAs (certification authorities) - CAs sign nodeId certificates - nodeId certificates bind a random nodeId to the public key associated with the node and its IP address Why do we need to include the IP addresses in certificates? What about What about - at attacker with multiple valid nodeId certificates could swap dynamic IP certificates among the nodes it controls, dynamic IP addresses? -> it can increase the the fraction of bad nodes in those routing addresses? tables - hard to move nodeIds across nodes by binding the nodeId to IP addresses, but Security of P2P Systems

  23. Attacks & Solutions III 23 � Certified nodeIds work well when we have fixed nodeIds (in Chord, Pastry and Tapestry), but � hard to secure CAN where nodeIds represent a zone in a d- dimensional space that split in half when a new node joins nodeIds change Security of P2P Systems

  24. Attacks & Solutions IV 24 � Solution for Sybil attack: Modeare the rate at which nodeIds are given out (1) Make attacks economically expensive (2) Bind nodeIds to real world identities � Open problem: Can we prevent such attackers without CAs, fees or identitiy checks? Security of P2P Systems

  25. Attacks & Solutions V 25 � Some other methods: Use some crypto puzzles example: require new nodes to generate a key pair s. t., the SHA-1 hash of the public key has the first p bits zero. Use a secure hash of the public key as their nodeIds Use different initialization vector for SHA-1. or use MD5 number of random bits in nodeIds will not be reduced Security of P2P Systems

  26. Attacks & Solutions VI 26 � Some other methods:(cont.) - periodically invaidate nodeIds, recompute new Ids using another initialization vector More overhead More overhead Security of P2P Systems

  27. Secure routing table m aintenance I 27 � Secure routing table maintenance ensures that: � average fraction of bad entries in a routing table (= f ) of a correct node does not exceed � Note: � Bad routing updates increases f We now represent som e attacks and their corresponding solutions Security of P2P Systems

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/24/2017 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

533 views • 14 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/18/2018 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

374 views • 9 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Capability Systems Trent Jaeger

622 views • 36 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

555 views • 35 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

589 views • 23 slides
Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems Data is distributed among many sources Ex. Distributed database systems Frequently utilize a centralized lookup server for addressing

500 views • 15 slides
Peer-to-Peer Networks Distribution Decentralized control Self-organization Outline

Peer-to-Peer Networks Distribution Decentralized control Self-organization Outline

Background Peer-to-Peer Networks Distribution Decentralized control Self-organization Outline Symmetric communication Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter

158 views • 5 slides
inDecentralizedOnlineSocialNetworks OnlineSocialNetworks(OSNs)

inDecentralizedOnlineSocialNetworks OnlineSocialNetworks(OSNs)

Privacy,Cost,andAvailabilityTradeoffs inDecentralizedOnlineSocialNetworks OnlineSocialNetworks(OSNs) areenormouslypopular

178 views • 16 slides
11/10/08 Today P561: Network Systems Finding content and services Week 7: Finding content

11/10/08 Today P561: Network Systems Finding content and services Week 7: Finding content

11/10/08 Today P561: Network Systems Finding content and services Week 7: Finding content Infrastructure hosted (DNS) Peer-to-peer hosted (Napster, Gnutella, DHTs) Multicast Multicast: one to many content dissemination

368 views • 14 slides
Big Data Processing Technologies Chentao Wu Associate Professor Dept. of Computer Science and

Big Data Processing Technologies Chentao Wu Associate Professor Dept. of Computer Science and

Big Data Processing Technologies Chentao Wu Associate Professor Dept. of Computer Science and Engineering wuct@cs.sjtu.edu.cn Schedule lec1: Introduction on big data and cloud computing Iec2: Introduction on data storage lec3: Data

976 views • 84 slides
Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry and Richard West Boston University Boston, MA 02215 {gfry,richwest}@cs.bu.edu Computer Science Introduction Computer Science Internet growth

407 views • 28 slides
Structured P2P Networks Niels Olof Bouvin 1 Distributed Hash Tables DHTs are designed to be

Structured P2P Networks Niels Olof Bouvin 1 Distributed Hash Tables DHTs are designed to be

Structured P2P Networks Niels Olof Bouvin 1 Distributed Hash Tables DHTs are designed to be infrastructure for other applications General concept Assign peers IDs evenly across an ID space (e.g., [0, 2 n -1]) Assign resources IDs in the same

668 views • 65 slides
Brief Summary on Topology and Performance of Distributed Hash Tables Zhirong Yang Helsinki

Brief Summary on Topology and Performance of Distributed Hash Tables Zhirong Yang Helsinki

Brief Summary on Topology and Performance of Distributed Hash Tables Zhirong Yang Helsinki University of Technology rozyang@cc.hut.fi Agenda Introduction Basic DHTs Pastry (mentioned later) CAN (coming soon) Tapestry

531 views • 21 slides

More recommend