Security Considerations for Peer-to-Peer Distributed Hash Tables

Recent peer-to-peer research has focused on providing efficient hash lookup systems that can be used to build more complex systems. These systems have good properties when their algorithms are executed correctly but have not generally considered how to handle misbehaving nodes. This paper looks at what sorts of security problems are inherent in large peerto -peer systems based on distributed hash lookup systems. We examine the types of problems that such systems might face, drawing examples from existing systems, and propose some design principles for detecting and preventing these problems

Symmetric Replication for Structured Peer-to-Peer Systems

Structured peer-to-peer systems rely on replication as a basic means to provide fault-tolerance in presence of high churn. Most select replicas using either multiple hash functions, successor-lists, or leaf-sets. We show that all three alternatives have limitations. We present and provide full algorithmic speci¯cation for a generic replication scheme called symmetric replication which only needs O(1) message for every join and leave operation to maintain any replication degree. The scheme is applicable to all existing structured peer-to-peer systems, and can be implemented on-top of any DHT. The scheme has been implemented in our DKS system, and is used to do load-balancing, end-to-end fault-tolerance, and to increase the security by using distributed voting. We outline an extension to the scheme, implemented in DKS, which adds routing proximity to reduce latencies. The scheme is particularly suitable for use with erasure codes, as it can be used to fetch a random subset of the replicas for decoding

Modélisation et Évaluation des Attaques Ciblées dans un Overlay Structuré

Session Sécurité RéseauInternational audienceDans cet article, nous nous intéressons aux attaques ciblées dans le cadre des systèmes pair-à-pair large échelle. Ces attaques ont pour but d'affaiblir les nœuds ciblés de manière à diminuer leur capacité à fournir ou à utiliser des services de l'overlay. Pour se prémunir de telles attaques, nous tirons parti du clustering de l'overlay sous-jacent. Cela permet de mettre en place un système de churn induit préservant la répartition aléatoire des identifiants des nœuds dans l'overlay et ainsi rendre impossible toute prédiction de l'adversaire quant à celle-ci. Nous montrons qu'en randomisant légèrement les opérations élémentaires de l'overlay, ainsi qu'en introduisant des temps de séjour adaptés, l'effet de ces attaques ciblées est sensiblement amoindri, et la propagation des effets de l'attaque à l'ensemble du système est évitée

Statistical Basics of a Reliable World Wide Web Peer to Peer Storage System

Peer-to-peer networks are highly distributed and unreliable networks. Peers log in and off the network at their own needs without any overall plan. In the real peer-to-peer case there are no central nodes planning the resources of the network or having an overview about the state of the network. The paper on hand describes and mathematically analyzes a storage algorithm allowing information to be stored within the network without the originator of the information needs to stay online. Information is optimally “blurred” within the network meaning that the information is reconstructable with a high probability and a long time interval, but stored as least redundant as possible. The main focus is to analyze the mathematical and statistical properties of the presented peer-to-peer storage algorithm. Technical procedures are described at a high level and need further improvement. Thus, the paper on hand is primarily purely statistically peer-to-peer theory at this stage of research

Privacy preservation using spherical chord

Structured overlay networks are primarily used in data storage and data lookup, but they are vulnerable against many kinds of attacks. Within the realm of security, overlay networks have demonstrated applicability in providing privacy, availability, integrity, along with scalability. The thesis first analyses the Chord and the SALSA protocols which are organized in structured overlays to provide data with a certain degree of privacy, and then defines a new protocol called Spherical Chord which provides data lookup with privacy, while also being scalable, and addresses critical existing weaknesses in Chord and SALSA protocols. Spherical Chord is a variant of the Chord, and utilizes the concept of distributed hash table (DHT). Chord sends packets uni-directionally over a virtual id space in the overlay. While this feature provides lower latencies, it can be used by attackers to misroute and drop packets. Spherical Chord protocol introduces additional connections in the structured overlay and increases the path length and the number of paths for sending messages, hence making it more resilient to routing attacks. A new protocol focusing for constructing the Spherical Chord, followed by a new lookup protocol is defined in this thesis. The protocols are analyzed and it is demonstrated using both theoretical analysis and simulations that improved path availability helps in maintaining privacy, while also limiting the impact of routing attacks. --Abstract, page iii

Detection and mitigation of the eclipse attack in chord overlays

Distributed hash table-based overlays are widely used to support efficient information routing and storage in structured peer-to-peer networks, but they are also subject to numerous attacks aimed at disrupting their correct functioning. In this paper, we analyse the impact of the eclipse attack on a chord-based overlay in terms of number of key lookups intercepted by a collusion of malicious nodes. We propose a detection algorithm for the individuation of ongoing attacks to the chord overlay, relying on features that can be independently estimated by each network peer, which are given as input to a C4.5-based binary classifier. Moreover, we propose some modifications to the chord routing protocol in order to mitigate the effects of such attacks. The countermeasures introduce a limited traffic overhead and can operate either in a distributed fashion or assuming the presence of a centralised trusted entity. Numerical results show the effectiveness of the proposed mitigation techniques

AnKLe: Detecting Attacks in Large Scale Systems via Information Divergence

In this paper, we consider the setting of large scale distributed systems, in which each node needs to quickly process a huge amount of data received in the form of a stream that may have been tampered with by an adversary. In this situation, a fundamental problem is how to detect and quantify the amount of work performed by the adversary. To address this issue, we propose AnKLe (for Attack-tolerant eNhanced Kullback-Leibler divergence Estimator), a novel algorithm for estimating the KL divergence of an observed stream compared to the expected one. AnKLe combines sampling techniques and information-theoretic methods. It is very efficient, both in terms of space and time complexities, and requires only a single pass over the data stream. Experimental results show that the estimation provided by AnKLe remains accurate even for different adversarial settings for which the quality of other methods dramatically decreases

X-Vine: Secure and Pseudonymous Routing Using Social Networks

Distributed hash tables suffer from several security and privacy vulnerabilities, including the problem of Sybil attacks. Existing social network-based solutions to mitigate the Sybil attacks in DHT routing have a high state requirement and do not provide an adequate level of privacy. For instance, such techniques require a user to reveal their social network contacts. We design X-Vine, a protection mechanism for distributed hash tables that operates entirely by communicating over social network links. As with traditional peer-to-peer systems, X-Vine provides robustness, scalability, and a platform for innovation. The use of social network links for communication helps protect participant privacy and adds a new dimension of trust absent from previous designs. X-Vine is resilient to denial of service via Sybil attacks, and in fact is the first Sybil defense that requires only a logarithmic amount of state per node, making it suitable for large-scale and dynamic settings. X-Vine also helps protect the privacy of users social network contacts and keeps their IP addresses hidden from those outside of their social circle, providing a basis for pseudonymous communication. We first evaluate our design with analysis and simulations, using several real world large-scale social networking topologies. We show that the constraints of X-Vine allow the insertion of only a logarithmic number of Sybil identities per attack edge; we show this mitigates the impact of malicious attacks while not affecting the performance of honest nodes. Moreover, our algorithms are efficient, maintain low stretch, and avoid hot spots in the network. We validate our design with a PlanetLab implementation and a Facebook plugin.Comment: 15 page