S-Kademlia: A trust and reputation method to mitigate a Sybil attack in Kademlia
Introduction
In the current structure of the Internet, peer-to-peer (P2P) networks have conquered a significant part in the whole traffic distribution and they have become very popular for their scalability and the great amount of services they can support. Upon their inception, they were mainly deployed as a simple, decentralized and scalable way to exchange files, but they are now used for several different services as well. Among these we can recall P2P Voice-over-IP (VoIP) communications [1], [2], streaming applications, sharing bandwidth and computing power, storage capacity and many others.
During the last years, in particular, the role of structured P2P networks has been becoming preponderant; this is mainly due to their ability of both organizing the network, through their own addressing schemes, into a so called “overlay network” and of exploiting particular algorithms for fast and efficient lookup and storage and retrieval operations. Some examples of these algorithms are Chord [3], Kademlia [4], Pastry [5], CAN [6], and the like. They use Distributed Hash Tables (DHTs) to allow for efficient lookup of identifiers and routing to the corresponding nodes. This is achieved by imposing a strict structure on the routing tables of nodes, warranting quick convergence to a target. This firm framework makes DHTs, on one side, efficient and simple to use, on the other side, subject to be easily attacked and broken by a set of malicious nodes that return not useful information instead of helping in the routing. As a matter of fact, a very large number of fake identities (IDs) in the overlay can poison honest nodes routing tables and disrupt or degrade the DHT performances. This is the so-called “Sybil attack” [7].
Therefore some security issues must still be fixed, and this is the purpose of this paper that takes place in this scenario where we studied possible solutions for avoiding or better mitigating the misbehavior caused by sybil nodes. Particularly we considered an application context in which the P2P routing scheme is based on the classic routing structure of Kademlia [4], one of the most widespread DHTs (so much that it is used, for example, by eMule, BitTorrent, etc.).
Moreover, we did not try to prevent the creation of sybil nodes, rather, we supposed the environment to analyze is inherently infected by sybils, i.e., there is a subset of nodes that can present multiple identities. So, like in [8], we are not interested in a “clean network” but in a “trusted network”, in which only the most trustworthy nodes should be used for both routing and storage and retrieval operations. A node routing table may and even needs to contain nodes it does not trust. The requesting node shall be able to decide on its own which nodes to trust in order to store its data or to retrieve data from, on the basis of a quality rating rooted in a trust score. Moreover, we allowed the decision, about which nodes are trustworthy and which are not, to vary between nodes, so we considered a local trust.
So, following this more conservative and robust approach, we re-adapted Kademlia standard procedures (both routing and storing) in order to take into account trust and reputation as well. This allows the reordering of the temporary search list and the final storing list in such a way that the sybils, if they are a limited percentage of all nodes, cannot completely degrade performances. Our solution is based on security measures that have proven themselves effective in other contexts and we combined these measures in a new way, applying them to a structured Kademlia network and making opportune adaptations. With our proposal we got a more reliable and secure Kademlia network, called S-Kademlia, which, even if not the optimum, makes the routing and storing mechanisms stronger against the presence of sybil nodes in the network.
To summarize, the main contributions of our work concern:
- 1.
the evaluation, through a detailed survey, of both current and past anti-Sybil solutions,
- 2.
the assessment of the degradation of Kademlia standard algorithm in presence of a growing number of sybil nodes with different malicious behaviors,
- 3.
the proposal and evaluation of a new algorithm mixing the standard Kademlia routing and storage/retrieval procedures with a proper trust scheme, and
- 4.
the comparison of this new algorithm with one already presented in the literature and based only on trust.
The rest of the paper is organized as follows: in Section 2 the background about the Sybil attack and possible countermeasures is described, in Section 3 there is a brief summary of the classic Kademlia routing and storage and retrieval procedures along with an analysis of sybils effects on them, in Section 4 we accurately present our integrated trust-based algorithm besides the trust management, Section 5 presents in details simulation results, whereas Section 6, in the end, seals up the work with some conclusions.
Section snippets
Sybil attack: rationale and countermeasures
Peer-to-peer networks usually rely on the existence of multiple, independent, and remote entities to mitigate the threat of bogus peers. The Sybil attack [7] takes advantage of this feature, commonly present into P2P systems, as it is normally started by a faulty entity masquerading with multiple identities in the overlay network. The key idea behind the Sybil attack is to insert in the overlay malicious identities, the sybils, which are all controlled by one single physical entity (Fig. 1).
Consequences of a Sybil attack in Kademlia
In this section we deeply analyze the effects sybils cause in a Kademlia network. In the following we first briefly recall Kademlia classic routing and storing procedure [4], then, by means of our simulation results, we analyze how Kademlia performances degrade in a Sybil scenario, showing the effects of these malicious nodes on the standard Kademlia algorithm.
S-Kademlia: balanced trust-based DHT algorithm
We propose to improve Kademlia resilience to incorrect operations caused by sybils, introducing trust in the standard Kademlia algorithm. Our approach has been studied from several different viewpoints: we applied trust both to the iterative routing process and to the storage and retrieval process, in this case independently whether the iterative or recursive scheme is employed. The main concept is taking a trust value into account when ordering the local temporary routing list or the final
Simulation results
In this section we present the results of our analysis of the performances of our new balanced trust-based approach over Kademlia with sybils. The majority of the parameters and of the simulation conditions are the same as the ones in Section 3.2. The value for the parameter b is critical and very important to opportunely tune the performances of our balanced trust-based algorithm. Its optimum value, obtained after a great simulation campaign and averaged over the malicious behaviors
Conclusion
In this paper we carried out a deep analysis of anti-sybil countermeasures present in the literature of the last years and we quantitatively analyzed the effects of a Sybil attack on some important features of a Kademlia network, namely routing and storage and retrieval operations. We presented a combined trust-based algorithm to make the and store RPCs of a Kademlia network more resilient in presence of malicious nodes with many false identities, considering both some
Acknowledgments
The author would like to thank his colleague Luca Veltri, who provided insight and expertise that greatly assisted the research, and Antonio Enrico Buonocore for his precious support in proof reading the article.
Riccardo Pecori received the 3-year program degree in Telecommunications Engineering on October 2004, “cum laude”, from University of Parma. On July 2007, he got the Master’s degree in Telecommunications Engineering “cum laude”, discussing a thesis entitled “Development of a Statistical Technique for Recognizing Applications over IP Networks”, awarded as a finalist in the Laurea degree awards competition from the Institute of Engineers of Perugia in December 2008. Since April 2008 to December
References (40)
- et al.
Reputation management algorithms for DHT-based peer-to-peer environment
Comput. Commun.
(2009) - et al.
A key agreement protocol for P2P VoIP applications
Proceedings of the Seventeenth International Conference on Software, Telecommunications and Computer Networks
(September 2009) A PKI-free key agreement protocol for P2P VoIP applications
Proceedings of the IEEE International Conference on Communications (ICC), Ottawa, Canada
(June 2012)- et al.
Chord: a scalable peer-to-peer lookup service for internet applications
Proceedings of the SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, San Diego, CA, USA
(August 27th--31st, 2001) - et al.
Kademlia: A Peer-to-peer Information System Based on the XOR Metric
Proceedings of the First International Workshop, IPTPS 2002, Cambridge, MA, USA
(March 2002) - et al.
Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer system
Proceedings of the Eighteenth IFIP/ACM International Conference on Distributed Systems Platforms (Middleware 2001), Heidelberg, Germany
(November 2001) - et al.
A scalable content-addressable network
Proceedings of the SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, San Diego, California, USA
(August 2001) The Sybil Attack
Proceedings of the IPTPS First International Workshop, Cambridge, MA, USA
(March 2002)Analysis and optimization of routing trust values in a Kademlia-based distributed hash table in a malicious environment
Proceedings of the Second Baltic Congress on Future Internet Communications (BCFIC), Vilnius, Lithuania
(25th--27th April, 2012)- et al.
Eclipse attack on overlay networks: Threats and defenses
Proceedings of the INFOCOM Twenty-fifth IEEE Conference on Computer Communications, Barcelona, Spain
(April 2006)
Trust-based routing for Kademlia in a sybil scenario
Proceedings of the Twenty-second International Conference on Software, Telecommunications and Computer Networks (SoftCOM), September 17th--19th 2014, Split, Croatia
A Survey of Solutions to the Sybil Attack
Sybil-resistant DHT routing
Proceedings of the Tenth European Symposium on Research in Computer Security (ESORICS), September 12th--14th, 2005, Milan, Italy
Secure routing for structured peer-to-peer overlay networks
Proceedings of Fifth Usenix Symposium on Operating Systems Design and Implementation, Boston, MA, USA
SybilGuard: Defending against Sybil attacks via social networks
Proceedings of the IEEE/ACM Transactions on Networking, Pisa, Italy
Induced Churn as Shelter from Routing-Table Poisoning
Proceedings of the Thirteen Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA
The Sybil attack in sensor networks: Analysis and defenses
Proceedings of the Third Symposium on Information Processing in Sensor Networks (IPSN), Berkeley, CA, USA
Limiting Sybil attacks in structured peer-to-peer networks
Proceedings of the Twenty-sixth IEEE International Conference on Computer Communications (INFOCOM), May 6th--12th, 2007, Anchorage, AK, USA
Computational Puzzles as Sybil Defenses
Proceedings of the Sixth IEEE International Conference on Peer-to-Peer Computing, September 6th--8th, 2006, Cambridge, UK
Cited by (29)
Kadabra: Adapting Kademlia for the Decentralized Web
2024, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)Sybil attack detection algorithm for power communication network based on edge clustering
2022, Shenyang Gongye Daxue Xuebao/Journal of Shenyang University of TechnologyA Proxy Re-Encryption Approach to Secure Data Sharing in the Internet of Things Based on Blockchain
2022, IEEE Systems Journal
Riccardo Pecori received the 3-year program degree in Telecommunications Engineering on October 2004, “cum laude”, from University of Parma. On July 2007, he got the Master’s degree in Telecommunications Engineering “cum laude”, discussing a thesis entitled “Development of a Statistical Technique for Recognizing Applications over IP Networks”, awarded as a finalist in the Laurea degree awards competition from the Institute of Engineers of Perugia in December 2008. Since April 2008 to December 2008 he has been a recipient of a CNIT scholarship for the TERIT (TElecommunications Research in ITaly) project for the Multimedia Services and Networks theme. In 2010 he was also a teaching lecturer for the “Telecommunications Networks” e-learning course at University of Parma and commissioner for the “Telecommunications” and “Telecommunications Networks” at the Engineering School of eCAMPUS University. In 2011 he got his Ph.D. from the Information Engineering Department of the University of Parma and became adjunct professor of “Telecommunication Networks” at eCAMPUS University and since February 2014 also of “Telecommunications Didactics”. Since September 2014 he is adjunct professor also of “IT Security” and “Network Security” at eCAMPUS University and adjunct professor of “Informatics” and “Computer Science” at the Department of Veterinary Medicine of the University of Parma. Since May 2015 he is Assistant Professor of Information Technology at eCAMPUS University and Associate Researcher at the Information Engineering Department of the University of Parma.