论文信息 - Vulnerabilities and security threats in structured overlay networks: a quantitative analysis

Vulnerabilities and security threats in structured overlay networks: a quantitative analysis

A number of recent applications have been built on distributed hash tables (DHTs) based overlay networks. Almost all DHT-based schemes employ a tight deterministic data placement and ID mapping schemes. This feature on one hand provides assurance on location of data if it exists, within a bounded number of hops, and on the other hand, opens doors for malicious nodes to lodge attacks that can potentially thwart the functionality of the overlay network. This paper studies several serious security threats in DHT-based systems through two targeted attacks at the overlay network's protocol layer. The first attack explores the routing anomalies that can be caused by malicious nodes returning incorrect lookup routes. The second attack targets the ID mapping scheme. We disclose that the malicious nodes can target any specific data item in the system; and corrupt/modify the data item to its favor. For each of these attacks, we provide quantitative analysis to estimate the extent of damage that can be caused by the attack; followed by experimental validation and defenses to guard the overlay networks from such attacks.

Mudhakar Srivatsa | Ling Liu | Ling Liu | M. Srivatsa

[1] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[2] Ben Y. Zhao,et al. OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[3] Ben Y. Zhao,et al. An Infrastructure for Fault-tolerant Wide-area Location and Routing , 2001 .

[4] Mark Handley,et al. A scalable content-addressable network , 2001, SIGCOMM '01.

[5] David R. Karger,et al. Wide-area cooperative storage with CFS , 2001, SOSP.

[6] Antony I. T. Rowstron,et al. Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[7] Robert Morris,et al. Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[8] David R. Karger,et al. Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[9] John R. Douceur,et al. The Sybil Attack , 2002, IPTPS.

[10] Robert Tappan Morris,et al. Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[11] Miguel Castro,et al. Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[12] Miguel Castro,et al. Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.