... g. Gnutella, KaZaA) and structured networks ..

1
Phenix Supporting Resilient Low-Diameter
Peer-to-Peer TopologiesRita H. Wouhaybi, and
Andrew T. Campbell

• Antonis Papadogiannakis

2
Outline

• Introduction
• Phenix Algorithm Description
• Simulation and Evaluation
• Experimental Results
• Conclusion

3
Introduction

• P2P networks are mainly unstructured with no
  specific topology
• Resilient networks their performance does not
  affect from network dynamics (nodes joining and
  leaving, node failure and network attacks)
• Low diameter networks low average distance
  between nodes, good performance, fast response
  time
• Diameter average shortest path between two nodes
• There are two classes of P2P networks
  unstructured networks with better resilience
  (e.g. Gnutella, KaZaA) and structured networks
  with better performance (e.g. Chord, CAN)

4
Unstructured VS Structured networks
5
Phenix A P2P Algorithm

• Neither structured nor unstructured networks
  offer both good performance and resilience
• Phenix algorithm constructs low-diameter
  resilient topologies so it offers both
  performance and resiliency
• Does not impose structure but it create some
  order instead of total randomness
• Low diameter by creating topology of nodes whose
  degree distribution follows a power-law
• Phenix algorithm is fully distributed and does
  not require any central server
• Even in targeted attacks Phenix preserves low
  diameter by efficiently rearrange the nodes
  connectivity with low cost

6
Main Design Goals of Phenix

• To construct low-diameter graphs for fast
  response times and small number of hops between
  nodes
• To maintain low-diameter topologies under
  conditions where nodes join/leave the network and
  under malicious conditions where nodes attacked
  and removed from network
• To implement the algorithm fully distributed
  without the need of any central server (also
  without supernodes or ultrapeers as in KaZaA
  and Gnutella v0.6) as it is vulnerable in attacks
  and malicious nodes
• To support the peer connectivity generally so a
  wide variety of applications can use this network

7
Phenix Algorithm Description

• Outline
• Power-Law Properties
• Phenix Algorithm design
• Network resiliency
• Preferential Nodes

8
Power-Law Properties (1/2)

• Power-law (or scale-free) networks their degree
  distribution follows a power law, p(K)K-? ,
  where Kdegree, p(K)the number of nodes with
  degree K and ? is the exponent, in most
  networks it tends to be close to 2
• This means that in power-law networks many nodes
  have low degree and few nodes have a very high
  degree
• These high connected nodes act as hubs for the
  rest nodes
• In Phenix nodes with degree higher than the
  average emerge as preferred nodes
• Every new node that joins the network wants to
  connect to a preferred node (with high degree)
  for better visibility
• This approach guarantees power-law for degree
  distribution

9
Power-Law Properties (2/2)

• Power-law networks have a low diameter and they
  can grow while maintaining a low diameter
  (scale-free)
• Large diameters cause more network traffic or
  degraded performance if lower radius search is
  chosen (tradeoff)
• Phenix constructs P2P topologies that follows a
  power-law for its node degree distribution and
  leads to low diameter

10
Phenix Algorithm Design (1/2)

• Algorithm for node i joins the network
• connect_to_network(i)
• obtain Ghost,i from host cache server
• divide Ghost,i into Grandom,i and Gfriends,i
• let s be the size of Gfriends,i
• Gcandidates,i Ø
• for (x0 xlts x)
• send M0 where M0ltsourcei,
  destGfriends,ix, typeping, TTL1, hops0gt
• Gcandidates,i Gcandidates,i U Gneighborsx
  x sends a pong to i with its neighbors
• Gfriends,ix sends a M1 ping message to its
  neighbors with sourcei, hops1 and TTL0 and
  each neighbor j adds i to a Gj list for a period
  of time t
• Gpreferred,i g1, g2, , gp sorted(
  Gcandidates,i ) sort by appearance frequency
• create connection with all nodes in Gi
  Grandom,i U Gpreferred,i

11
Phenix Algorithm Design (2/2)

• for (every m that belongs in Gpreferred,i)
• if (i belongs in Gm) cm
• if (cm?) creates backward connection
• cm cm - ?
• Gbackward,mGbackward,m U i at most
  din,m/? backward connections
• Gpreferred,i Gpreferred,i m
• Ghighly_preferred,i Ghighly_preferred,i m
  
• list of neighbors Gi Grandom,i,
  Gpreferred,i, Ghighly_preferred,i, Gbackward,i
• Example

12
Network Resiliency

• Power-law networks often collapse under targeted
  attacks in nodes with high degrees (network
  partitioning)
• Guidelines for resiliency
• Hide the identity of high connected nodes
• Node maintenance, rearrange connections under
  attack
• Assume that attacker can force a node to drop out
  of network (e.g. DOS attack) when it knows the
  nodes IP
• Goal of resilience in Phenix is a network graph
  close to a strongly connected graph as possible

13
Hiding Node Identities

• Three mechanisms for limiting the knowledge of a
  malicious user for the network connections graph
• When a node i sends a ping message M0 the
  receiver sends a M1 ping message to neighbors and
  they add i to their Lj list (black list) for a
  period of time. If i sends ping again (crawling
  capture graph state) it will be in the list and
  no pong will be sent back. This will slow the
  crawl progress
• Discard any ping message with TTL greater than 1
• Backward connections are not included in pong
  messages in order to protect possible
  preferential status for this node. Only the
  subset Goutside_worldGrandom, Gpreferred,
  Ghighly_preferred is included

14
Node Maintenance Mechanism (1/3)

• A state probing mechanism for node failure or
  attack cases
• The number of neighbors of a node i (hi) is
  hi hir hip hib , where hir,
  hip, hib represent random, preferential (standard
  and highly) and backward neighbors
• If hir hip lt threshold, node i runs a
  maintenance procedure
• If a node leaves gracefully it informs neighbors
  but if it leaves forcefully a neighbor node can
  be informed only through probing
• Probing message M2ltsourcei, typeping, TTL0,
  hops0gt is send to all neighbors by a node i
  waiting for response in a timeout if neighbor is
  alive

15
Node Maintenance Mechanism (2/3)

• Number of neighbors before node maintenance is
  where dri(tn), dpi(tn), dbi(tn) are the
  number of random, preferential and backward
  neighbors lost since the last node maintenance
• After the node maintenance we will have
• where uri(tn), upi(tn) are the numbers of new
  nodes added randomly and preferentially
• Ratio of preferential and random neighbors for a
  node i where ai(t0)1

16
Node Maintenance Mechanism (3/3)

• The updates on neighbors is performed as below
• where is the average number of
  preferential nodes dropped out over the last l
  cycles and µp is the expected value of neighbors
  disappeared in 1 cycle
• The final number of neighbors is

17
Preferential Nodes (1/2)

• Phenix encourages the use of nodes with higher
  degree than the average (preferred nodes)
• If µ is the average number of neighbors a new
  node will connect to µ/2 nodes from Grandom,i and
  to µ/2 nodes from Gcandidates,i that appears most
  (Gpreferred,i) since ai(t0)1
• The probability that a node appears at least
  twice (preferred node) is
• where mµ/2 and N the number of nodes in the
  network.
• Since µ/Nlt1 it follows

18
Preferential Nodes (2/2)

• Probability that a preferred node appears (a node
  that appears at least twice in candidates list)
  versus the average number of neighbors for
  different values of N (number of nodes in the
  initial network)

19
Simulation and Evaluation

• Results from implementation of Phenix algorithm
  in a simulation environment based on Java
  software
• Power-Law Analysis
• Attack Analysis

20
Power-Law Analysis

• Degree distribution for a network with 1,000
  nodes and for a network with 100,000 nodes on a
  log-log scale shows the emerging of power-law in
  Phenix system

21
Attack Analysis (1/2)

• Three different types of attacks
• Modest attack a user that acquires host cache
  information and candidates list like a normal
  user and then attacks to the nodes that appears
  most, removing them from the network
• Group Type I attack add a number of nodes to
  network that only point to each other for
  increasing the possibility to emerge as preferred
  nodes and then create anomalies and suddenly
  disconnect all at the same time for partitioning
  the network
• Group Type II attack add a number of nodes to
  network that behaves like normal nodes and then
  create anomalies and suddenly disconnect all at
  the same time for partitioning the network
• Last two attacks are possible as network is open
  without any authentication or authorization

22
Attack Analysis (2/2)

• Simulations in network with 2000 nodes (starting
  with 20), each node chooses a number of neighbors
  between 5 and 8
• Metric percentage of unique reachable nodes in
  the network vs. the number of hops (TTL)
• Comparison between a random network (Gnutella
  v0.6) and Phenix network under attack

23
Modest Attach Analysis
24
Group Attack Analysis
25
Type I Attack Analysis
26
Type II Attack Analysis
27
Attack Analysis in Different Networks

• Same simulations for hybrid attacks in network of
  20,000 nodes and 2,000 nodes
• TTL increment does not improve reachability after
  a value

28
Giant Component

• Giant component the largest portion of network
  that remains strongly connected under attacks
• Metric percentage of nodes in giant component
  vs. percentage of malicious users (group attack)

29
Alpha behavior

• a parameter contributes in creating highly
  connected nodes when it decreases, so it helps
  for fast recovery
• Simulation with hybrid attack 10 Group Type I
  and 20 Group Type II, a behavior studied

30
Experimental Results

• Phenix implementation in a real Internet-wide
  environment on the PlanetLab testbed
• Experiments in 81 PlanetLab nodes
• Implementation
• Degree Distribution Experiments
• Targeted Attacks Experiments

31
Implementation

• Modifying the JTella API, based on Gnutella v0.6,
  for Phenix needs (instead of Gnutellas random
  topology)
• Each node consists of two layers
• First layer implements Phenix algorithm and
  consists of two types of connections, one that
  waits incoming connections from other nodes and
  sends/receives ping messages and an other for
  Phenix outgoing connections
• Second layer is used for experimental purposes,
  for monitoring connections and controls the node
  (join/remove to the network)

32
Degree Distribution Experiments

• Network started with 10 nodes connected randomly
  and every new node get a list of 4 nodes. min3
  and max4 as bounds for neighbors (out-degree)
• Out-degree (number of neighbors) distribution
  examined

33
Targeted Attacks Experiments

• Three of the nodes with high degree (with 5, 10
  and 18 connections) removed from the system, and
  the time for recovery using node maintenance was
  examined
• Results gives a fast recovery (for most nodes
  less than a sec) and new (final) network consists
  of four new highly connected nodes ensuring
  low-diameter

34
Conclusion (1/2)

• Phenix designed fully distributed in order to
  create low-diameter and resilient P2P topologies
• Phenix supports high performance in terms of
  low-diameter and fast response times, is robust
  to attacks and resilient to network dynamics
  (joins/leaves, failures, attacks)
• Rise in number of security attacks makes the need
  for resilient networks (with also good
  performance) necessary
• In simulations section node maintenance didnt
  consider. Using the mechanism of node maintenance
  the network can recover from group attacks with
  90 malicious nodes
• Phenix seems to have very good response to
  attacks that assumed in this paper
• Sophisticated attacks used in the paper for
  simulations, but there are also many other attacks

35
Conclusion (2/2)

• Much future work
• Authentication or authorization for extra
  security
• Sharing the black lists with higher layer
  protocols
• It is not possible for any node to handle any
  traffic, so many nodes would refuse to be highly
  connected
• Choosing the neighbors geographically, using
  response times
• More extensive experiments in larger scale
• Phenix only constructs effective topologies for
  P2P networks. There is no proposal for other
  operations of Phenix P2P system, e.g. any smart
  query technique for searching in these topologies
• The experiments done in this work (using 81
  nodes) was in a small scale for real P2P systems
  (with thousands nodes)

36
Thanks!

• Thanks for listening
• Merry Christmas and happy 2005!