ABSTRACT
Overlay networks are widely used to deploy functionality at edge nodes without changing network routers. Each node in an overlay network maintains pointers to a set of neighbor nodes. These pointers are used both to maintain the overlay and to implement application functionality, for example, to locate content stored by overlay nodes. If an attacker controls a large fraction of the neighbors of correct nodes, it can "eclipse" correct nodes and prevent correct overlay operation. This Eclipse attack is more general than the Sybil attack. Attackers can use a Sybil attack to launch an Eclipse attack by inventing a large number of seemingly distinct overlay nodes. However, defenses against Sybil attacks do not prevent Eclipse attacks because attackers may manipulate the overlay maintenance algorithm to mount an Eclipse attack. This paper discusses the impact of the Eclipse attack on several types of overlay and it proposes a novel defense that prevents the attack by bounding the degree of overlay nodes. Our defense can be applied to any overlay and it enables secure implementations of overlay optimizations that choose neighbors according to metrics like proximity. We present preliminary results that demonstrate the importance of defending against the Eclipse attack and show that our defense is effective.
- S. Banerjee, B. Bhattacharjee, and C. Kommareddy. Scalable Application Layer Multicast. In Proceedings of ACM SIGCOMM, Aug. 2002. Google ScholarDigital Library
- Bittorrent, 2004. http://bitconjurer.org/BitTorrent/.Google Scholar
- M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach. Secure routing for structured peer-to-peer overlay networks. In Proc. OSDI 2002, Boston, MA, Dec. 2002. Google ScholarDigital Library
- M. Castro, P. Druschel, Y. C. Hu, and A. Rowstron. Exploiting network proximity in peer-to-peer overlay networks. Technical Report MSR-TR-2002-82, Microsoft Research, May 2002.Google Scholar
- Y. Chawathe, S. Ratnasamy, L. Breslau, N. Lanham, and S. Shenker. Making Gnutella-like P2P systems scalable. In ACM SIGCOMM, Aug. 2003. Google ScholarDigital Library
- J. R. Douceur. The Sybil Attack. In Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, Massachusetts, Mar. 2002. Google ScholarDigital Library
- M. J. Freedman, E. Sit, J. Cates, and R. Morris. Tarzan: A Peer-to-Peer Anonymizing Network Layer. In Proceedings of IPTPS '02, Cambridge, Massachusetts, Mar. 2002. Google ScholarDigital Library
- The Gnutella protocol specification, 2000. http://dss.clip2.com/GnutellaProtocol04.pdf.Google Scholar
- K. P. Gummadi, R. Gummadi, S. D. Gribble, S. Ratnasamy, S. Shenker, and I. Stoica. The impact of DHT routing geometry on resilience and proximity. In ACM SIGCOMM, Aug. 2003. Google ScholarDigital Library
- K. Hildrum and J. Kubiatowicz. Asymptotically Efficient Approaches to Fault-Tolerance in Peer-to-Peer Networks. In 17th International Symposium on Distributed Computing, Oct. 2003.Google ScholarCross Ref
- Y. hua Chu, S. G. Rao, and H. Zhang. A Case For End System Multicast. In Proc. of ACM Sigmetrics, pages 1--12, Santa Clara, CA, June 2000. Google ScholarDigital Library
- J. Jannotti, D. K. Gifford, K. L. Johnson, M. F. Kaashoek, and J. W. O'Toole. Overcast: Reliable multicasting with an overlay network. In Proc. OSDI 2000, San Diego, California, 2000. Google ScholarDigital Library
- KaZaa. http://www.kazaa.com/.Google Scholar
- A. Mislove, G. Oberoi, A. Post, C. Reis, P. Druschel, and D. S. Wallach. AP3: Anonymization of Group Communication. In ACM SIGOPS European Workshop, Sept. 2004. Google ScholarDigital Library
- MSPastry. http://research.microsoft.com/~antr/Pastry.Google Scholar
- OverNet, 2004. http://www.overnet.com/.Google Scholar
- S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker. A scalable content-addressable network. In SIGCOMM, Aug. 2001. Google ScholarDigital Library
- S. Ratnasamy, S. Shenker, and I. Stoica. Routing algorithms for DHTs: Some open questions. In IPTPS, Mar. 2002. Google ScholarDigital Library
- M. K. Reiter and A. D. Rubin. Anonymous Web transactions with Crowds. Communications of the ACM, 42(2):32--48, Feb. 1999. Google ScholarDigital Library
- A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In IFIP/ACM Middleware, Nov. 2001. Google ScholarDigital Library
- A. Singh. Secure proximity aware routing. In 1st IRIS Workshop, Aug. 2003.Google Scholar
- I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. In ACM SIGCOMM, Aug. 2001. Google ScholarDigital Library
- E. Zegura, K. Calvert, and S. Bhattacharjee. How to model an internetwork. In INFOCOM96, San Francisco, California, 1996. Google ScholarDigital Library
- B. Y. Zhao, J. D. Kubiatowicz, and A. D. Joseph. Tapestry: An Infrastructure for Fault-Resilient Wide-area Location and Routing. Technical Report UCB-CSD-01-1141, U. C. Berkeley, Apr. 2001. Google ScholarDigital Library
Recommendations
Defending P2Ps from Overlay Flooding-based DDoS
ICPP '07: Proceedings of the 2007 International Conference on Parallel Processingflooding-based search mechanism is often used in unstructured P2P systems. Although a flooding-based search mechanism is simple and easy to implement, it is vulnerable to overlay distributed denial-of-service (DDoS) attacks. Most previous security ...
Mitigation of Sybil Attacks in Structured P2P Overlay Networks
SKG '12: Proceedings of the 2012 Eighth International Conference on Semantics, Knowledge and GridsSybils, i.e., the bane of malicious identities under a common control entity, are commonly controlled by an attacker. In Sybil attack, a single malicious user forges multiple fake identities and pretends to be multiple, distinct physical node in the ...
Defending against flooding-based distributed denial-of-service attacks: a tutorial
Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its ...
Comments