P2P routing table poisoning: A quorum-based sanitizing approach
Introduction
The P2P paradigm utilizes decentralized coordination to provide scalability and fault tolerance, which naturally leads to its wide applicability in diverse data dissemination and data discovery applications such as file sharing, multimedia streaming, machine-to-machine communication, IoT and many others (Steinheimer et al, 2013, Wu et al, 2011). In order to support scalability and low overheads in P2P networks, the design practices typically result in partitioned groups where a peer has only a partial view of the network as obtained from its neighboring peers.
However, the aforementioned design practices render P2P networks susceptible to various attacks, e.g., routing table poisoning, which is an inherent part of composite attacks such as Eclipse (EA), Sybil, flooding and publishing attacks (Douceur, 2002, Germanus et al, 2014, Kohnen et al, 2009, Li et al, 2014, Locher et al, 2010, Singh et al, 2006). While the fault tolerance aspect ensures correct operation even for high rates of random peer failures, the disruptions inserted into the peers routing tables (RT) as a form of Routing Table Poisoning (RTP) result in significant degradation of the network services. Notably, using a detailed simulation study, we demonstrate the significant RTP impact of up to 65% message loss. Moreover, we illustrate how the propagation of malicious RT information about the victim peers of RTP attacks further facilitates launching Eclipse, Sybil and other aforementioned attacks.
The existence of RTP attacks and the resulting degradation have received attention (Cholez et al, 2013, Lin et al, 2010, Urdaneta et al, 2011). A considerable variety of proposed countermeasures (Castro et al, 2002, Koo et al, 2012, Lee et al, 2012, Li, Chen, 2008, Rottondi et al, 2015, Stoica et al, 2001) exists, yet these techniques entail one or more of the following inefficiency drawbacks: (i) They are only applicable for a specific P2P protocol, i.e., the countermeasure mechanisms are specifically tailored according to a single P2P protocol specifications. (ii) They are effective against a single form of RTP attack. Hence, countermeasures show no resiliency once the attack is modified. (iii) They typically require a central entity that coordinates the detection, monitoring, and decisions about malicious peers. However, in practice, the system's services are degraded as the overlay's fully distributed architecture is compromised. (iv) They often rely on cryptographic schemes, which can then constrain communication between lightweight peers to necessitate enhanced computing.
Aiming toward finding a general solution to overcome the aforementioned deficiencies, we explored a detection and sanitizing scheme in Ismail et al. as a countermeasure against a single attack variant of Localized Attacks (LAs). We build upon the basic notions of providing anonymous detection from our proposed mechanism in Ismail et al. to develop a generalized attack handling approach applicable to multiple attack models and overlays.
In the course of our previous work, we develop an adaptable RTP attack mitigation approach that overcomes the aforementioned deficiencies. We propose a protocol-independent, fully distributed, simple and effective detection and overlay-sanitizing mechanism.
As a mean of an adaptable mitigation, we make use of a majority voting based detection in order to detect inconsistencies in RTs. The detection mechanism shows high accuracy with detection rates of up to 90% even for 20% malicious peers attacking. The sanitizing mechanism is triggered by initiating a quorum of peers in order to unveil the inconsistencies stemming from RTP attacks. Once the quorum investigates and accordingly declares finding malicious RT entries, the sanitizing mechanism informs other peers in order to let them reliably remove the RT information inserted by the suspected malicious peer.
Overall, our contributions span (i) demonstrating the high impact of RTP attacks on benign peers RTs and the overall network's service provision, and (ii) proposing a novel quorum based sanitizing mechanism that efficiently removes malicious peers and propagates information about their identity while providing anonymity and scalability.
The rest of the paper is organized as follows: Section 2 presents the technical background along with related work. Section 3 provides the system model and defines the concepts underlying the attacker model (Section 4), the detection mechanism (Section 5) and the proposed sanitizing mechanism (Section 6). The attack severity, mitigation efficiency, and detection rates are evaluated in Section 7.
Section snippets
Related work: typical attacks & mitigation approaches
Given the diverse set of applications that utilize the P2P functionality, a corresponding variety of attack types exists threatening the operations and reliability of P2P services. However, as routing constitutes a core P2P functionality, naturally most threats stem from deliberate attempts to compromise the peers routing tables with malicious information. Consequently, the launching of RT attacks on P2P networks has attracted considerable research interest.
While a variety of countermeasures
System model
This section presents the system model used for the evaluation of our approach. Utilizing the established models from Ismail et al, 2016, Ismail et al, 2015, it consists of an overlay model along with a P2P protocol abstraction that includes descriptions of the lookup mechanism.
Routing table poisoning (RTP)
In this section, we present the fundamentals of launching an RTP attack that targets inserting and propagating malicious entries in benign peers RT. The proposed attack model constitutes the basis for evaluating the proposed sanitizing mechanism.
In order to validate the effectiveness and applicability of the sanitizing mechanism in various RTP attack scenarios, we consider a sophisticated general attack model that (i) is not only applicable for a specific P2P protocol and topology, (ii) does
Detection mechanism
We now introduce the detection mechanisms used locally by each peer to suspect other peers based on the received lookup replies. In order to detect lookup inconsistencies, we propose a modified lookup mechanism in Ismail et al. (2015) where peers are able to gather more than a single reply.
The lookup initiator can detect inconsistencies through comparing the set of received replies according to (i) the consent of the replying peers' location with the lookup protocol specifications, (ii) the
Sanitizing mechanism (SM)
In this section we present the sanitizing mechanism. Prior to the operation of SM, the detector proposes a set of suspected peers according to their lookup replies as discussed in Section 5. Afterwards, the SM is invoked to investigate and thus, reach a decision about the suspected peers. Consequently, the SM executes a removal procedure for suspected peers identified malicious to sanitize the benign peers RT.
Unlike the detector which is operated locally by each peer, the SM is executed as a
Evaluation
This section assesses the effectiveness of SM as a countermeasure for RTP attacks launched with the set of the proposed adversarial behaviors. The target is to evaluate the severity of RTP attacks on the overlay's reliability and the imposed perturbations resulting from poisoning RT entries. Consequently, SM is evaluated in terms of reliability enhancements, imposed overhead on the network and malicious removal ratio from benign peers RT.
In order to do so, two experiments are conducted. The
Conclusions & future work
RTP attacks pose a significant threat to P2P networks as reliability is severely degraded to cause service impairments. As a countermeasure, we have proposed a distributed sanitizing mechanism based on reaching a consensus once a peer is suspected over the lookup process by the DMV based detector. The proposed sanitizing mechanism eliminates more than 90% of the malicious entries from the peers RTs, and successfully restores the benign state of the overlay as the lookup success rate increases
Hatem Ismail is currently a PhD student at DEEDS group in the Department of Computer Science at Technische Universitt of Darmstadt, Germany. His research interest includes P2P attacks evaluation, mitigation and performance enhancement techniques.
References (49)
- et al.
Distributed agreement in dynamic peer-to-peer networks
J Comput Syst Sci
(2015) - et al.
U-Sphere: strengthening scalable flat-name routing for decentralized networks
Comput Netw
(2015) - et al.
OverSim: a flexible overlay network simulation framework
(2007) - et al.
Comparative analysis of concurrent fault-tolerance techniques for real-time applications
(1991) Curve25519: new Diffie–Hellman speed records
(2006)- et al.
Practical Byzantine fault tolerance
(1999) - et al.
Practical Byzantine fault tolerance and proactive recovery
ACM Trans Comput Syst (TOCS)
(2002) - et al.
Secure routing for structured peer-to-peer overlay networks
(2002) - et al.
Detection and mitigation of localized attacks in a widely deployed P2P network
Peer-to-Peer Netw Appl
(2013) - et al.
SybilInfer: detecting Sybil nodes using social networks
(2009)
The Sybil attack
The impact of routing attacks on pastry-based P2P online social networks
The consensus problem in unreliable distributed systems
Susceptibility analysis of structured P2P systems to localized eclipse attacks
Mitigating eclipse attacks in peer-to-peer networks
PASS: an address space slicing framework for P2P eclipse attack mitigation
New approach to improve the generalized byzantine agreement problem
Int J Comput Theory Eng
Malicious peers eviction for P2P overlays
Detecting and mitigating P2P eclipse attacks
A critical analysis of P2P communication, security concerns and solutions
Int J Appl Eng Res
HALO: high-assurance locate for distributed hash tables
Conducting and optimizing eclipse attacks in the Kad peer-to-peer network
A DDoS attack by flooding normal control messages in Kad P2P networks
Advanced node insertion attack with availability falsification in Kademlia-based P2P networks
Cited by (0)
Hatem Ismail is currently a PhD student at DEEDS group in the Department of Computer Science at Technische Universitt of Darmstadt, Germany. His research interest includes P2P attacks evaluation, mitigation and performance enhancement techniques.
Daniel Germanus obtained his PhD from TU Darmstadt, Germany. His research interests include P2P network resiliency and critical information infrastructures. Currently, he is a researcher at ENX Association.
Neeraj Suri received his PhD from the University of Massachusetts at Amherst and is a Chair Professor at the Technische Universitt of Darmstadt, Germany. His research addresses the design, analysis, and assessment of trustworthy cloud services.