DenialofService Resilience in PeertoPeer Systems

1
Denial-of-Service Resilience in Peer-to-Peer
Systems

• D. Dumitriu, E. Knightly, A. Kuzmanovic, I.
  Stoica and W. Zwaenepoel
  
• Presenter Yan Gao

2
Outline

• Background
• P2P File Sharing
• DoS Scenario
• File-targeted DoS attacks
• Network-targeted DoS attacks
• Model
• Simulation Study

3
Gnutella Overview

• Peer-to-peer indexing and searching service
• Built on top of an unstructured overlay network
• Two level hierarchy
• Peer-to-peer point-to-point file downloading
  using HTTP
  
• P2P file sharing application on top of an overlay
  network
  
• Nodes maintain open TCP connections
• Messages are broadcasted (flooded) or
  back-propagated

4
Gnutella -unstructured p2p system

• A given file can be stored at any node
• Original version used scoped flooding to locate a
  file
  
• flexible and robust, not scalable
• Two-level hierarchy (KaZaA)
• Leaf nodes supernodes
• Hierarchy p2p systems are scalable than the
  original one

5
Freenet-unstructured p2p network

• Aim-to provide anonymity and censorship
  resistance
  
• Each file is assigned a unique ID by hashing the
  file content
  
• Each node maintains a routing table
• Insert
• The file is routed according to its ID and stored
  at all nodes along the path
  
• Retrieve
• The file is copied along the path from the source
  to the requester
  
• It is hard to locate all copies of a specific
  file
  
• Trying to locate a file will result in the file
  being copied at even more nodes

6
Structured p2p networks

• Partition a global ID space across all nodes
• Each node-for a chunk of the ID space
• Each file is associated with a unique ID
• A file can be stored at an arbitrary node
• Efficient in locating such a node
• Given an ID, find the node responsible for that
  ID
  
• Find the node responsible for a given ID by
  contacting only O(logN) nodes
  
• Example CAN, Chord, Pastry, Tapestry, Kademlia

7
Structellahybrid proposal

• Use flooding to locate files, but in a more
  efficient way
  
• Use the underlying structure of Pastry to send no
  more than one flood message per virtual link
  
• Reduce the flooding cost by a factor of k
• Note This paper assume that the replies are sent
  back to the requester using the Pastry routing
  protocol.

8
Outline

• Background
• P2P File Sharing
• DoS Scenario
• File-targeted DoS attacks
• Network-targeted DoS attacks
• Model
• Simulation Study

9
File-targeted DoS attacks - pollution attacks

• Malicious node advertises a corrupted file, and
  eventually distributes this copy
  
• The p2p network topology does not play a role in
  the effectiveness
  
• The user-behavior factors determine the spread of
  polluted files
  
• Willingness to share files
• Speediness in removing corrupted files
• Persistence in downloading files under attack
• Attack against a single file
• Attacker wants to prevent spread of file

10
Attack Model

• Attacker responds to queries for a particular
  file
  
• Replies with a very high bandwidth and low
  waiting time, to be attractive
  
• Serves fake content for the file
• Requires relatively large resources
• Attacker serves 10 of file

11
Analytical Model Spreading Content
12
Spreading polluted and good copies
13
Non-cooperative users
14
Effect of User Persistence
Here it is!
15
Counterstrategy Parallel Download
16
File-targeted DoS attacks

• System is really quite vulnerable
• Attacker, however, requires large resources to
  mount the attack
  
• FYI, there is evidence that these pollution
  attacks are being carried out

17
Network-targeted DoS attacks

• Directed against unstructured p2p networks like
  Gnutella or Kazaa
  
• Attack against whole p2p network
• Attacker wants to significantly reduce system
  goodput

18
System model

• Two phase user-system interaction
• Query
• User sends query for particular file
• Responses are received and stored
• Download
• One or more responses are selected based on
  policy
  
• Downloads are initiated

19
Attacker Strategy

• False content attack
• Respond to all queries pointing to self
• Modify all replies and redirect to self
• Serve bad files
• Slow node attack
• Modify all replies and redirect to slowest nodes,
  advertising high speed for them.

20
Client Strategy

• Download peer selection policy
• Best
• by expected download time
• Random
• Redundant best
• File chunking
• Reputation systems
• Detection

21
Network-targeted DoS attacks

• Again, systems are very vulnerable
• Again, attackers require quite large resources to
  mount attack
  
• Random selection counterstrategy effective
• However, it prevents selection of high bandwidth
  peers
  
• Non-attack performance is significantly reduced

22
Outline

• Background
• P2P File Sharing
• DoS Scenario
• File-targeted DoS attacks
• Network-targeted DoS attacks
• Model
• Simulation Study

23
Supernodes and hierarchy
24
Long paths for anonymity
25
Power-law topologies
26
Outline

• Background
• P2P File Sharing
• Gnutella
• DoS Scenario
• System model
• Attacker strategy
• Client strategy
• Model
• Simulation Study

27
Simulation Preliminaries

• Discrete event simulation
• Two peer classes
• Leaf nodes (80) 56Kb to 1Mb
• Supernodes (20) 1Mb to 10Mb
• Asymmetric bandwidth
• Upstream ¼ of downstream
• Zipf file distribution
• TCP max-min fairness

28
Baseline Experiments
Baseline attack
29
System Factors

• Overlay structure and hierarchy

30
System Factors

• Path length

31
Victim counter strategies

• Random redundant downloads
• 1 or more in parallel
• Lowers base performance VERY MUCH
• Much less vulnerable to attack
• Best redundant download
• Best N by estimated time in parallel
• Lowers base performance
• Moves system breaking point far out

32
Conclusions

• File-targeted attacks are inefficient in
  cooperative p2p environment
  
• It is insufficient to only transmit false info to
  launch an attack in p2p networks
  
• Structured p2p systems are more resilient than
  hierarchical p2p systems
  
• System goodput degrades tremendously with the
  number of malicious nodes in both cases
  
• Reputation systems are largely ineffective
• Randomization techniques are indeed able to
  transform the systems resilience from a
  devastating hyperexponential scaling to a more
  resilient linear scaling

33

• Thank you!