Preserving Peer Replicas By Rate-Limited Sampled Voting

1
Preserving Peer Replicas By Rate-Limited Sampled
Voting

• Petros Maniatis et. al.
• Presented by Linh Ngo

2
1. Introduction

• LOCKSS (Lots Of Copies Keep Stuff Safe)
• Based on physical document system
• Advantages
• independent, low-cost, persistent web caches
  for library systems
• Disadvantages
• does not scale adequately
• insufficiently resistant to attack
• New peer-to-peer opinion poll protocol
• - Address these scaling and attack resistance
  issues

3
2. Design Principles

• Features
• Cheap to build and maintain
• Need not to operate quickly
• Function properly for decades
• Design principles
• Cheap storage is unreliable
• No long-term secrets
• Use inertia
• Avoid third-party reputation
• Reduce predictability
• Intrusion detection is intrinsic
• Assume a strong adversary

4
3. LOCKSS System

• Preserve access to the material
• Collect the materials
• Distribute by acting as a limited proxy cache
• Preserve by cooperating with other caches
• Cooperation between caches
• Participate in opinion polls in a peer-to-peer
  network to ensure content authenticity and
  integrity of archival units (AUs)
• Advantages
• Defend against free-loading and theft
• Built from low-cost, unreliable technology
• Require little administration
• No need for off-line backups

5
4. The New Opinion Poll Protocol

• A population of peers preserving a copy of a
  single AU
• Malign
• Loyal
• Damaged loyal with damaged AU
• Healthy loyal with correct AU
• Goal
• High probability that loyal peers in the healthy
  state despite failures and attacks
• Low probability that a powerful adversary can
  damage without detection

6

• Periodic poll called by a LOCKSS peer
• Landslide win
• Landslide loss
• Inconclusive
• Roles for participating peers
• Poll initiator
• Poll participant/voter
• Inner circle decides the outcome of the poll
• Outer circle performs discovery for future inner
  circle

7

• System parameters
• A maximum number of discredited challenges
  allowed in a poll
• C Proportion of the ref list refreshed using
  friends
• D Maximum number of votes allowed to be in the
  minority
• E Maximum age of unused ref list entries
• I Number of outer circle nomination per inner
  circle member
• N Number of inner-circle peers invited into a
  poll
• Q Number of valid inner votes required to
  conclude a poll successfully (quorum )
• R Mean interval between 2 successive poll by a
  peer on the same AU
• L Number of loyal voters in the inner circle
• M Number of malign voters in the inner circle
• V Number of inner-circle peers whose vote is
  received and valid

8

• 4.1 Detailed Description
• 4.1.1. Bootstrapping
• Friend list -gt Reference list
• Set refresh timer
• 4.1.2. Poll initiation
• Poll message
• Poll ID, DH Public Key
• Remove (discredited)
• Negative poll challenges
• Overtime
• Multiple poll challenges with conflicting msg
• Number of discredited gt A
• Local spoofer alarm

9

• 4.1.3. Poll effort
• Each voter with affirmative Poll Challenge
  message
• Poll Proof PollID, poll effort proof
• poll effort proof
• poll identifier
• potential voters challenge
• Also send Poll Proof to voters with negative PC
  message
• Wait for Nominate messages
• 4.1.4. Outer circle invitation
• Based on Nominate messages from its inner circle
  poll participants
• Same process as inner circle votes.

10

• 4.1.5. Vote Verification
• invalid
• valid but disagreeing
• valid but agreeing
• 4.1.6. Vote Tabulation
• if V gt Q
• Agreeing votes are no more than D landslide loss
• Agreeing votes are at least V D landslide win
• Agreeing votes are more than D but fewer than
  V-D inconclusive, raise alarm.

11

• 4.1.7. Repair
• RepairRequest to one of the disagreeing inner
  circle voters
• Repair message returned
• Checks for consistency and re-tabulates result
• Valid Repair message more than D but less than
  V-D inconclusive
• 4.1.8. Reference List Update
• Remove all Q peers
• disagreeing inner circle peers
• enough randomly chosen agreeing inner circle
  peers
• - peers that have not voted in the last E polls

12

• 4.1.8. (cont.)
• Insert
• all outer circle peers whose votes were agreeing
  and valid
• randomly chosen entries from friend list up to a
  factor of C
• Inconclusive poll reference list
• 4.1.9. Poll Solicitation
• PollChallenge message
• PollID, DH Public Key, challenge, YES/NO
• Set effort timer to wait for PollProof
• 4.1.10. Poll Effort Verification
• Verify
• Nominate if success
• Construct vote
• 4.1.11. Vote Construction
• Hash AU interleaved with provable computational
  effort
• bogus content if doesnt want to vote

13

• 4.1.12. Repair Solicitation
• RepairRequest message from poll initiator
• if poll initiator agreed in the past
• Repair message Poll identifier, voters copy
  of AU
• (possible enhancement RepairRequest also
  includes the hash of the initiators AU divided
  into blocks.)
• 4.1.13. Alarms
• inconclusive poll alarm
• local spoofing alarm
• inter-poll interval alarm

14

• 4.2. Protocol Analysis
• Requirement
• prevent the adversary from gaining a foothold in
  a poll initiators reference list
• make it expensive for the adversary to waster
  another peers resource
• make the adversarys attacks detectable fast
• 4.2.1. Effort Sizing
• Requirements
• adjustable cost
• effort measurable in the same units as the cost
  it adjusts
• the cost of generating effort must be greater
  than the cost of verifying it

15

• 4.2.1 (cont)
• Memory Bound Function Cause the generator of a
  proof to incur an amount of case misses and thus
  RAM accesses (Rosenthal 1)
• 4.2.2. Timeliness of Effort
• Supplying vote
• Removed regularly after a poll
• Any peer must sustain a minimum rate of
  expenditure of effort to stay in the system
• 4.2.3 Rate Limiting
• The rate at which an attack can make progress is
  limited by the smaller of the adversarys efforts
  and the efforts of his victims.

16

• 4.2.4 Reference List Churning
• not depend entirely on a fixed set of peers
• friend list is less malign than the outer circle
• 4.2.5 Obfuscation of Protocol State
• Encrypt everything
• All peers invited into a poll go through the
  motions of protocol to prevent traffic analysis
• 4.2.6 Alarm
• Raising an alarm is expensive
• All damage, malign, and compromised peers are
  removed

17
5. Adversary Analysis

• 5.1 Adversary Capabilities
• Total information awareness
• Perfect work balancing
• Perfect digital preservation
• Local eavesdropping
• Local spoofing
• Stealth
• Unconstrained identities
• Exploitation of common peer vulnerabilities
• Complete parameter knowledge

18

• 5.2 Adversary Attacks
• Stealth modification
• Nuisance
• Attrition
• Theft
• Free-loading
• 5.3 Attack Techniques
• Adversary foothold in a reference list
• Delayed commitment
• Peer profiling
• Session hijacking

19

• 5.4 Stealth Modification Attack Strategy
• Goals
• Changing the consensus of the target AU
• Remaining undetected
• Two phases attack
• Lurk seeking to build a foothold in loyal peers
  reference lists
• Attack causing malign peers to vote and repair
  using either the correct of bad version of AU as
  needed
• Vulnerable Polls
• ML gt Q
• M gt L
• L lt D
• Defenses
• An enormous amount of effort required to build
  trust
• Attacks have to wait on rate of polls

20
6. Simulation

• 6.1 Simulation Environment
• Narses Java-based discrete event simulator
• Simulation of LOCKSS network for up to 30
  simulated years
• Random bandwidth (1, 5, 10, 100Mbps) between
  nodes
• Initial population of 1000 peers
• AU 120 seconds to hash
• Initiator
• 800 seconds/peer to generate PollProof
• 240 seconds/peer to verify Vote
• Voter
• 200 seconds to verify PollProof
• 600 seconds to generate Vote
• Estimate of 6 hours per poll

21

• 6.2 Simulated Loyal Peers
• Simple state machines implementing LOCKSS
  protocol in section 4
• Random undetected errors
• 6.3 Simulated Adversary
• Multi-homed node
• As many NIC as number of IP addresses
• As many CPU as number of nodes
• Simulation assumed that take over is completed
  with some percentage of peers are corrupted
• All protocol parameters are known
• No eavesdropping
• No hijacking poll session

22
7. Results
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28

• 8. Related Work
• Bimodal Multicast, Freenet, FreeHaven, Eternity
  Service
• Intermemory, CFS, Oceanstore, PAST, Tangler
• 9. Future Work
• Deploy implementation
• Enhance malign model
• Enhance adversary strategies

29
Reference

• Maniatis, P. et al. Preserving Peer Replicas By
  Rate-Limited Sampled Voting. ACM. SOSP03 44-59
• Rosenthal, D. On The Cost Distribution of A
  Memory Bound Function. http//arxiv.org/abs/cs.CR/
  0311005. April 22, 2004