+ All Categories
Home > Documents > Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Date post: 17-Dec-2015
Category:
Upload: gary-bradford
View: 215 times
Download: 0 times
Share this document with a friend
Popular Tags:
22
Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues
Transcript
Page 1: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Peer-to-Peer Systems

Kulesh Shanmugasundaram

Security Issues

Page 2: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

SYN

SYN P2P Basics Attack Classification Attacks and Defenses Further Research FIN

Page 3: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

P2P Basics

All nodes are created equal, not really! Network classification based on network

connectivity– Exponential Networks:

Homogenous network, [average] node connectivity is equally distributed

– Scale-free networks:Follows power-law for connectivity, that is there are some highly connected nodes and many not to highly connected nodes

Current P2P systems are scale-free networks

Page 4: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Network Maps

Partial map of Gnutella Network Note the hierarchical structure of the

network

Page 5: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Network Maps…

Gnutella Neighborhood Map

Page 6: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Failure vs. Attack [1]

Failure:– Random failure of nodes and/or

infrastructure elements Attack:

– Systematic failure of nodes and/or infrastructure elements

Scale-free networks are failure-tolerance Exponential networks are attack-

tolerance Why? Most P2P systems give priority for

failure-tolerance over attack-tolerance

Page 7: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Possible Targets

Underlying protocol layers P2P routing mechanism Nodes themselves Trust system Homeostasis (of the system) Applications Users

Page 8: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Attack Classification

Infrastructure Attacks:– Attacks aimed at disabling p2p system

e.g: eliminating nodes, attacks on routing protocols

Semantic Attacks:– Attacks aimed at p2p system but not to

disable the system but to make users abandon the systeme.g: bad content, asymmetric consumption

Both attacks are equally effective because p2p is a “peoples’ system”

Page 9: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Attacks & Defenses

Attack detection & recovery involves…– Identifying Invariants in the System– Monitoring the Invariants– Detecting/Ascertain Attacks– Triggering Recovery Procedure

Infrastructure Attacks– Attacks on nodes– Attacks on routing mechanism

Semantic Attacks– Storage & Retrieval Attacks– Flooding– Face/Off

Page 10: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Attacks on Nodes [2]

Goal of the adversary is to fragment the network

Since p2p networks follow power-law an adversary can selectively knock down highly connected nodes

Interesting questions?– How to find highly connected nodes?

• Queries can provide some intelligence…– How would one fragment a network while always

being part of the largest cluster?– Lower bound on malicious nodes?

Page 11: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Attacks on Nodes…

Detection Mechanism– During an attack a node would loose many 2nd order

nodes than 1st order nodes. – For a fixed window of time if number of 2nd order

nodes drops below a threshold then flag it as an attack

Recovery Mechanism– Attack is possible because p2p networks are scale-

free networks– Maintain an overlay exponential network network

and switch to it during attacks

Page 12: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Attacks on Nodes…

So, how would one build an exponential network from a scale-free network?– Use an RDP (Random Discovery Protocol)– Send out an RDP with TTL 20. Why 20?– For first half of TTL choose nodes with probability

scaling linearly to number of neighbors– For the second half choose the opposite strategy

Collect enough random nodes to create an exponential network

During an attack replace each lost node with a node from the exponential network

Resulting network is resilient to attacks but…

Page 13: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Attacks on Routing [3]

P2P routing mechanism in general…– A key identifier space– A node identifier space– Rules for associating keys to particular nodes– Per-node routing tables that refer to other nodes– Rules for updating the tables as nodes join and

leave

Routing Attacks– Incorrect Lookup Routing– Incorrect Routing Updates– Partitioning

Page 14: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Incorrect Lookup Routing

Malicious node forwards lookups to incorrect or non-existence node

Detection Mechanism: At each hop lookup is suppose to get “closer” to the key identifier

For the detection to work, querier must be allowed to observe lookup progress

Criteria for verifiable lookup– Querier should ensure that the destination itself

agrees that it is the correct termination point– Assign keys to nodes in a verifiable way

Long term identities using public-keys

Page 15: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Incorrect Routing Update

A malicious node could corrupt the routing table with incorrect updates to neighbors

Systems that have the freedom to choose between multiple routes are especially vulnerable

Detection Mechanism: Verifiable routing updates e.g. Pastry’s update prefix requirements

Page 16: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Partitioning

Set of malicious nodes form a parallel network and trap new nodes inside them rendering the network useless for new nodes

Detection Mechanism: Incorrect functioning of the network/queries etc.

Criteria for reliable join:– Use history of queries and verify the current

network’s results with random queries– Out-of-band trusted source– Use of public-key for trust systems

Page 17: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Semantic Attacks

Goal is not to knock down the entire system but to make the system look inefficient or faulty to the user and convince them to abandon the system (probably what RIAA will do)

– E.g. For all the queries to MP3 return false data but queries for text files return proper results

Semantic Attacks– Storage and Retrieval Attacks– Flooding– Face/Off

Page 18: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Storage & Retrieval

Storage and Retrieval Attacks– Disinformation about storage– Deny access to stored data (natural on p2p)– Return incorrect data (overpeering inc.)

Detection Mechanism: Wrong results, denial of service etc.

Criteria for Reliable Storage & Retrieval:– Maintain replication invariant– Avoid single point responsibilities– Verification queries from different sources

Page 19: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Miscellaneous Attacks

Face/Off– Just like the movie…– Show good face to part of the network and

the other face to rest Flooding/DoS

– As usual– Replication may provide certain level of

defense Rapid Joins & Leaves Unsolicited Messages

Page 20: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

P2P Design Principles

Define verifiable system invariants Verify system invariants during opetion Allow the querier to observe lookup

progress Assigns keys to nodes in a verifiable way Server selection in routing may be abused Cross-check routing tables using random

queries Avoid single points of responsibilities

Page 21: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

References…

1. Error and Attack Tolerance of Complex Networks, Reka Albert, Hawoong Jeong et. al.

2. Peer Pressure: Distributed Recovery from Attacks in Peer-to-Peer Systems, Pedram Keyani, Brian Larson et. al.

3. Security Considerations for Peer-to-Peer Distributed Hash Tables, Emil Sit, Robert Morris

4. The Sybil Attack, John R. Douceur

Page 22: Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

FIN

Questions, comments, concerns?


Recommended