MIS: Malicious Nodes Identification SchemeNetwork-Coding-Based Peer-to-Peer Streaming

Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana

Department of Computer ScienceUniversity of Illinois at Urbana Champaign‐

IEEE INFOCOM 2010

Outlines

• Introduction

• MIS: Malicious Node Identification Scheme

• Simulation Results

• Conclusion

Network Coding

•  New paradigm of routing: –  Packet mixing at intermediate nodes

•  Benefits: –  Maximum throughput, robustness to link failure, energy efficiency …

•  Applications:–  Multicast/broadcast, wireless unicast, P2P streaming, P2P file distributing …

2

A A= f( ,       ,      )

Traditional routing : store-and-forward Network coding

E

A

F

B

C

D

H

G

Segment [b1, b2, … , bm]

3

… …

Video stream    S

Network Coding in P2P Streaming Networks3

•   Benefits of network coding in P2P streaming:––––

Higher playback qualityShorter buffering delaysMinimal bandwidthBetter resilience to peer dynamics

SE

A

F

B

C

D

…

G

H

Pollution rapidly spreads over the network!

Failure to decode the original blocks!

4

Pollution Attacks in Network Coding4

• Malicious nodes inject corrupted blocks.

Segment [b1, b2, … , bm]

Video stream

…

6

The Pollution Attack

• Attacker joins an ongoing video channel • Attacker advertises it has a large

number of chunks • When neighbors request chunks,

attacker sends bogus chunks• Receiver plays back bogus chunks • Each receiver may further forward the

polluted chunksP. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.

7

Peer

Peer

Peer

Peer

Peer

Peer

Peer

Polluter

request

request

reques

t

5

SE

A

F

B

C

D

…

G

H

Drop corrupted blocks at the runtime

Existing Defense Strategy:5

• Checking corrupted blocks at the runtime–  Too computationally costly for real time streaming‐

Segment [b1, b2, … , bm]

Video stream

…

9

Pollution Defense Strategy

• Blacklist

• Traffic Encryption

• Chunk Signing– Use PKI

– Every video source has public-private key pair

– Source uses private key to sign the chunks

– Receiver uses public key of source to verify integrity of chunk

P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.

6

The Idea of MIS (Malicious Identification Scheme)

• Optimal online efficiency:– We don’t check corrupted blocks at the runtime (before decoding).

• Fundamental limit on pollution attacks: – Instead, we identify malicious nodes whenever pollution attacks take place.

– We “permanently” remove the identified malicious nodes from the overlay, so that the system is free from pollution attacks in the future.

7

MIS (Malicious node Identification Scheme)

B

C

D

E

F

G

H

I

J

K

A

M

LS server‐

8

MIS (Malicious node Identification Scheme)

•  Infected nodes: I, J, K, M, L

B

C

D

E

F

G

H

I

J

K

A

M

LS server‐

9

B

C

D

E

F

G

H

I

J

K

A

M

LS server‐

MIS (Malicious node Identification Scheme)

•  Detect the existence of pollution attacks based on the content of decoded original blocks.

Alert (with the sequence number of the segment,

a time stamp, the reporting node’s ID)

10

MIS (Malicious node Identification Scheme)

•  S server generates a ‐ random checksum for the polluted segment.

•  S server disseminates ‐ the checksum to the overlay.

B

C

D

E

F

G

H

I

J

K

A

M

LS server‐

Checksum

11

MIS (Malicious node Identification Scheme)

•  The checksum can help the infected node (K, or I) to find out which neighbor (J, or F) has sent him a corrupted block.

B

C

D

E

F

G

H

I

J

K

A

M

LS server‐

Checksum

MIS (Malicious node Identification Scheme)•   The Infected node (K, or I) reports the discovered suspicious 

neighbors (J, or F) to the M server‐ , and forwards the checksum to the reported suspicious neighbors (J, or F).

A

B

C

D

E

F

G

H

I

J

K

M

LS server‐

F is suspicious

JF

Suspicious node list (SNL)

12

M server‐

J is suspicious

MIS (Malicious node Identification Scheme)

•   With the received checksum, an innocent suspicious node (J) can find another suspicious node (F), but the malicious node (F) cannot.

A

B

C

D

E

F

G

H

I

J

K

M

LS server‐ J

FSuspicious node list (SNL)

13

M server‐

F is suspicious

MIS – Security Guarantees

• Correctness– A malicious node cannot deny having sent a corrupted

block or disparage any innocent node.• Guarantee

– When a suspicious node is reported, an evidence is shown to the M-server to demonstrate that this reported node has indeed sent out a corrupted block.

• Approaches– Public-key signature scheme

• Let each node sign the block it sends out using a public-key signature scheme, and the signature associated with the block can be used as the evidence.

• This approach requires applying public key signature on each transmitted block, introducing substantial computational delays due to the expensive signature generation and verification.

– Non-repudiation transmission protocol

Fig. 2: An example to illustrate network coding in P2P streaming. Each segment consists of m = 2 blocks, and each block has d = 3 codewords. Peer X receives two coded blocks e1,i, e2,i in Si from the S-server, and produces a new coded block e3,i for peer Y .

Non-Repudiation Transmission Protocol

λ=6 δ=3

Upstream neighbor

Downstream neighbor

X: the suspicious nodeY: the reporting node

e

Verify evidence with γ2 , γ4, γ5

Non-Repudiation Transmission Protocol

• Table I lists the probabilities that a malicious party succeeds in our protocol under several sample parameter selections.

• Prob X (or Prob Y) – the probability that a malicious X (or Y ) succeeds. The space overhead includes Φ(e) and Seq(e) (one byte for Seq(e)).

0 ≤ θ ≤ λ- δ

Evaluation

• Simulation based on real PPLive overlays obtained in our previous work  [TOMCCAP’09]– The overlay contains 1600, or 4000 nodes– Malicious nodes are picked at random– Each segment consists of 32 blocks, and each block has 256 c

odewords in GF(256)– Time taken to identify malicious nodes is less than 6 seconds

[TOMCCAP’09] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang “Understanding the Overlay Characteristics of a Large scale Peer to Peer IPTV system”,  ACM TOMCCAP, 2009.‐ ‐ ‐

17

Comparison

•   Online computational times: MIS (5 10us)‐ , Null key (1 2us), ‐ ‐MAC based (2ms), Homomorphic signatures or hashes (> 1s).‐•   Per block communication overhead: ‐ MIS (22B),Homomorphic signatures or hashes (128 256B), Null key and ‐ ‐MAC based (>256B).‐

Conclusions

• We propose a novel scheme (MIS) to limit network-coding pollution attacks by identifying malicious nodes.

• MIS can fully satisfy the requirements of P2P live streaming systems.

• MIS has high computational efficiency, small space overhead, and the capability of handling a large number of corrupted blocks and malicious nodes.

References

• [5] M. Krohn, M. Freeman, and D. Mazieres, “On-the-fly Verification of Rateless Erase Codes for Efficient Content Distribution”, in Proc. IEEE Symp. on Security and Privacy (Oakland), 2004.

• [6] C. Gkantsidis, and P. R. Rodriguez, “Cooperative Security for Network Coding File Distribution”, in Proc. of IEEE INFOCOM, 2005.

• [7] Q. Li, D.-M. Chiu, and J. C. S. Lui, “On the Practical and Security Issues of Batch Content Distribution Via Network Coding”, in Proc. of IEEE International Conference on Network Protocols (ICNP’06), 2006.

• [9] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An Efficient Signature-based Scheme for Securing Network Coding against Pollution Attacks”, in Proc. IEEE INFOCOM, 2008.

• [10] E. Kehdi, and B. Li, “Null Keys: Limiting Malicious Attacks Via Null Space Properties of Network Coding”, in Proc. of IEEE INFOCOM, 2009.

• [11] Z. Yu, Y. Wei, B. Ramkumar, Y. Guan, “An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks”, IEEE INFOCOM, 2009.

• [16] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang, “Understanding the Overlay Characteristics of a Large-scale Peer-to-Peer IPTV System”, ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP), 2009.

Related Works

• Homomorphic signatures or hashes [Krohn04, Gkantsidis05, Li06, Charles06, Yu08, Boneh09]– It’s computationally expensive to verify/generate the signature f

or each packet at each hop.• Null‐key based on the property of null space [Kehdi09]

– Verification key needs to be repeatedly distributed.• MAC‐based scheme [Yu09]

– Substantial communication overheads are introduced.• Error‐correction codes [Jaggi07, Kotter07]

– Achievable throughput is determined by the power of the adversary

• Combining homomorphic MAC and TESLA [Dong09]– It introduces authentication delay and is suspicious to DoS atta

cks.