Baruch Awerbuch
ABSTRACT
The problem of scalable and robust distributed data storage has recently attracted a lot of attention. A common approach in the area of peer-to-peer systems has been to use a distributed hash table (or DHT). DHTs are based on the concept of virtual space. Peers and data items are mapped to points in that space, and local-control rules are used to decide, based on these virtual locations, how to interconnect the peers and how to map the data to the peers.DHTs are known to be highly scalable and easy to update as peers enter and leave the system. It is relatively easy to extend the DHT concept so that a constant fraction of faulty peers can be handled without any problems, but handling adversarial peers is very challenging. The biggest threats appear to be join-leave attacks (i.e., adaptive join-leave behavior by the adversarial peers) and attacks on the data management level (i.e., adaptive insert and lookup attacks by the adversarial peers) against which no provably robust mechanisms are known so far. Join-leave attacks, for example, may be used to isolate honest peers in the system, and attacks on the data management level may be used to create a high load-imbalance, seriously degrading the correctness and scalability of the system.We show, on a high level, that both of these threats can be handled in a scalable manner, even if a constant fraction of the peers in the system is adversarial, demonstrating that open systems for scalable distributed data storage that are robust against even massive adversarial behavior are feasible.
- H. Alt, T. Hagerup, K. Mehlhorn, and F.P. Preparata. Deterministic simulation of idealized parallel computers on more realistic ones. SIAM Journal on Computing, 16:808--835, 1987. Google Scholar
Digital Library
- J. Aspnes and G. Shah. Skip graphs. In Proc. of the 14th ACM Symp. on Discrete Algorithms (SODA), pages 384--393, 2003. Google ScholarDigital Library
- B. Awerbuch and C. Scheideler. Group Spreading: A protocol for provably secure distributed name service. In Proc. of the 31st International Colloquium on Automata, Languages and Programming (ICALP), 2004.Google ScholarCross Ref
- M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. Wallach. Security for structured peer-to-peer overlay networks. In Proc. of the 5th Usenix Symp. on Operating Systems Design and Implementation (OSDI), 2002. Google ScholarDigital Library
- M. Castro and B. Liskov. Practical Byzantine fault tolerance. In Proc. of the 2nd Usenix Symp. on Operating Systems Design and Implementation (OSDI), 1999. Google ScholarDigital Library
- S. Crosby and D. Wallach. Denial of service via algorithmic complexity attacks. In Usenix Security, 2003. Google ScholarDigital Library
- M. Dietzfelbinger and F. Meyer auf der Heide. Simple, efficient shared memory simulations. In Proc. of the 5 ACM Symp. on Parallel Algorithms and Architectures (SPAA), pages 110--119, 1993. Google ScholarDigital Library
- J. R. Douceur. The sybil attack. In Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS), 2002. Google ScholarDigital Library
- P. Druschel and A. Rowstron. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proc. of the 18th IFIP/ACM International Conference on Distributed Systems Platforms (Middleware 2001), 2001. Google ScholarDigital Library
- D. Dubhashi and A. Panconesi. Concentration of measure for the analysis of randomized algorithms. Unpublished manuscript, accessible via http://www.cs.unibo.it/~pancones/papers.html, October 20 1998.Google Scholar
- A. Fiat, J. Saia, and M. Young. Making Chord robust to Byzantine attacks. In Proc. of the European Symposium on Algorithms (ESA), 2005. Google ScholarDigital Library
- R. Gennaro, Y. Ishai, E. Kushilevitz, and T. Rabin. The round complexity of verifiable secret sharing and secure multicast. In Proc. of the 33rd ACM Symp. on Theory of Computing (STOC), pages 580--589, 2001. Google ScholarDigital Library
- K.T. Herley and G. Bilardi. Deterministic simulations of PRAMs on bounded degree networks. SIAM Journal on Computing, 23:276--292, 1994. Google ScholarDigital Library
- D. Karger, E. Lehman, T. Leighton, M. Levine, D. Lewin, and R. Panigrahi. Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the World Wide Web. In 29th ACM Symp. on Theory of Computing (STOC), pages 654--663, 1997. Google ScholarDigital Library
- F. Kuhn, S. Schmid, and R. Wattenhofer. A self-repairing peer-to-peer system resilient to dynamic adversarial churn. In Proc. of the 4th International Workshop on Peer-to-Peer Systems (IPTPS), 2005. Google ScholarDigital Library
- F. Luccio, A. Pietracaprina, and G. Pucci. A new scheme for the deterministic simulation of PRAMs in VLSI. Algorithmica, 5:529--544, 1990.Google ScholarCross Ref
- McDiarmid. Concentration. In M. Habib, C. McDiarmid, J. Ramirez-Alfonsin, and B. Reed, editors, Probabilistic Methods for Algorithmic Discrete Mathematics, pages 195--247. Springer Verlag, Berlin, 1998.Google ScholarCross Ref
- K. Mehlhorn and U. Vishkin. Randomized and deterministic simulations of PRAMs by parallel machines with restricted granularity of parallel mamories. Acta Informatica, 21:339--374, 1984. Google ScholarDigital Library
- M. Naor and U.Wieder. Novel architectures for P2P applications: the continuous-discrete approach. In Proc. of the 15th ACM Symp. on Parallel Algorithms and Architectures (SPAA), 2003. Google ScholarDigital Library
- S. Nielson, S. Crosby, and D. Wallach. Kill the messenger: A taxonomy of rational attacks. In Proc. of the 4th International Workshop on Peer-to-Peer Systems (IPTPS), 2005. Google ScholarDigital Library
- V.N. Padmanabhan and K. Sripanidkulchai. The case for cooperative networking. In Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS), 2002. Google ScholarDigital Library
- G. Plaxton, R. Rajaraman, and A.W. Richa. Accessing nearby copies of replicated objects in a distributed environment. In Proc. of the 9th ACM Symp. on Parallel Algorithms and Architectures (SPAA), pages 311--320, 1997. Google ScholarDigital Library
- S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker. A scalable content-addressable network. In Proc. of the ACM SIGCOMM '01, 2001. Google ScholarDigital Library
- S. Rhea, D. Geels, T. Roscoe, and J. Kubiatowicz. Handling churn in a DHT. In USENIX Annual Technical Conference, 2004. Google ScholarDigital Library
- J. Saia, A. Fiat, S. Gribble, A. Karlin, and S. Saroiu. Dynamically fault-tolerant content addressable networks. In Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS), 2002. Google ScholarDigital Library
- C. Scheideler. How to spread adversarial nodes? Rotate! In Proc. of the 37th ACM Symp. on Theory of Computing (STOC), pages 704--713, 2005. Google ScholarDigital Library
- A. Singh, M. Castro, A. Rowstron, and P. Druschel. Defending against Eclipse attacks on overlay networks. In Proc. of the 11th ACM SIGOPS European Workshop, 2004. Google ScholarDigital Library
- E. Sit and R. Morris. Security considerations for peer-to-peer distributed hash tables. In Proc. of 1st International Workshop on Peer-to-Peer Systems (IPTPS), 2002. Google ScholarDigital Library
- M. Srivatsa and L. Liu. Vulnerabilities and security threats in structured overlay networks: A quantitative analysis. In Proc. of the 20th IEEE Computer Security Applications Conference (ACSAC), 2004. Google ScholarDigital Library
- T. Stading, P. Maniatis, and M. Baker. Peer-to-peer caching schemes to address flash crowds. In Proc. of the 1st International Workshop on Peer-to-Peer Systems (IPTPS), 2002. Google ScholarDigital Library
- A. Stavron, D. Rubenstein, and S. Sahn. A lightweight robust P2P system to handle flash crowds. In Proc. of the IEEE Intl. Conf. on Network Protocols (ICNP), 2002. Google ScholarDigital Library
- I. Stoica, R. Morris, D. Karger, M.F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. In Proc. of the ACM SIGCOMM '01, 2001. See also http://www.pdos.lcs.mit.edu/chord/. Google ScholarDigital Library
- E. Upfal and A. Wigderson. How to share memory in a distributed system. Journal of the ACM, 34:116--127, 1987. Google ScholarDigital Library
- B.Y. Zhao, J. Kubiatowicz, and A. Joseph. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical report, UCB/CSD-01-1141, University of California at Berkeley, 2001. See also http://www.cs.berkeley.edu/~ravenben/tapestry. Google ScholarDigital Library
Index Terms
- Towards a scalable and robust DHT
Recommendations
A survey of DHT security techniques
Peer-to-peer networks based on distributed hash tables (DHTs) have received considerable attention ever since their introduction in 2001. Unfortunately, DHT-based systems have been shown to be notoriously difficult to protect against security attacks. ...
EPDKS: an efficient proximity-based distributed K-ary structured overlay network
PDCS '07: Proceedings of the 19th IASTED International Conference on Parallel and Distributed Computing and SystemsStructured peer-to-peer overlay networks provide a means for interconnecting a large set of computing nodes called peers in a distributed, scalable and self-organizing manner. Typically in such systems, each peer maintains contact information about a ...
Towards a Scalable and Robust DHT
Special Issue: Symposium on Parallelism in Algorithms and Architectures 2006; Guest Editors: Robert Kleinberg and Christian ScheidelerThe problem of scalable and robust distributed data storage has recently attracted a lot of attention. A common approach in the area of peer-to-peer systems has been to use a distributed hash table (or DHT). DHTs are based on the concept of virtual ...
Comments