Myrmic : Secure and Robust DHT Routing

A distributed hash table such as Chord attempts to build a persistent store from a network of (possibly unstable) peer nodes. There has been a great deal of work on making DHTs robust to environmental interference (such as membership churn, transient routing failures and high CPU load) but con siderably less work on implementing DHTs that are secure againstadversarialbehavior designed to cause DHT failure. In this paper, we introduceMyrmic, a novel DHT routing protocol designed to be robust against adversarial interfe rence. A key feature distinguishing Myrmic from other DHT implementationsis a root verification protocolthat allows anyone to verify that the node responding to a query for key k is indeed the “correct” holder of the key. We give analytical results showing that even when a large fraction of nodes, for example 30%, cooperate to adversarially interfere with query routing, Myrmic finds uncorrupted roots in expected logarithmic time, and confirm these results with simulation s of 1000 nodes. Finally, we implement the proposed protocol and evaluate it through experimentation with 120 nodes on PlanetLab in order to measure wide area network performance. All of these results suggest that Myrmic provides stronger robustness guarantees while incurring minimal ne twork and CPU overhead.

[1]  Emin Gün Sirer,et al.  The design and implementation of a next generation name service for the internet , 2004, SIGCOMM '04.

[2]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[3]  David Mazières,et al.  Democratizing Content Publication with Coral , 2004, NSDI.

[4]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[5]  Ross J. Anderson,et al.  Programming Satan's Computer , 1995, Computer Science Today.

[6]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[7]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[8]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[9]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[10]  Antony I. T. Rowstron,et al.  Squirrel: a decentralized peer-to-peer web cache , 2002, PODC '02.

[11]  Miguel Castro,et al.  Defending against eclipse attacks on overlay networks , 2004, EW 11.

[12]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[13]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[14]  Helen J. Wang,et al.  An evaluation of scalable application-level multicast built using peer-to-peer overlays , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[15]  N. Lynch,et al.  Atomic Data Access in Content Addressable Networks A Position Paper , 2002 .

[16]  John Kubiatowicz,et al.  Handling churn in a DHT , 2004 .

[17]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[18]  John Ioannidis,et al.  A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP) , 2004, TSEC.

[19]  Robert Tappan Morris,et al.  Comparing the Performance of Distributed Hash Tables Under Churn , 2004, IPTPS.

[20]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[21]  Robert Tappan Morris,et al.  Designing a DHT for Low Latency and High Throughput , 2004, NSDI.

[22]  Ben Y. Zhao,et al.  Tapestry: a resilient global-scale overlay for service deployment , 2004, IEEE Journal on Selected Areas in Communications.

[23]  Miguel Castro,et al.  SplitStream: high-bandwidth multicast in cooperative environments , 2003, SOSP '03.

[24]  Amos Fiat,et al.  Making Chord Robust to Byzantine Attacks , 2005, ESA.

[25]  Hector Garcia-Molina,et al.  DHT Routing Using Social Links , 2004, IPTPS.

[26]  John Kubiatowicz,et al.  Asymptotically Efficient Approaches to Fault-Tolerance in Peer-to-Peer Networks , 2003, DISC.

[27]  Robert Tappan Morris,et al.  Ivy: a read/write peer-to-peer file system , 2002, OSDI '02.

[28]  Antony I. T. Rowstron,et al.  Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility , 2001, SOSP.

[29]  Joseph M. Hellerstein,et al.  Induced Churn as Shelter from Routing-Table Poisoning , 2006, NDSS.

[30]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[31]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[32]  Peng Wang,et al.  Robust Accounting in Decentralized P2P Storage Systems , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[33]  Brighten Godfrey,et al.  OpenDHT: a public DHT service and its uses , 2005, SIGCOMM '05.

[34]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[35]  Zhe Wang,et al.  CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups , 2004, OSDI.

[36]  Ion Stoica,et al.  Non-Transitive Connectivity and DHTs , 2005, WORLDS.

[37]  B. Cohen,et al.  Incentives Build Robustness in Bit-Torrent , 2003 .

[38]  Amos Fiat,et al.  Censorship resistant peer-to-peer content addressable networks , 2002, SODA '02.

[39]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[40]  D RubinAviel,et al.  A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP) , 2004 .

[41]  Stefan Saroiu,et al.  Dynamically Fault-Tolerant Content Addressable Networks , 2002, IPTPS.

[42]  Christian Scheideler,et al.  How to spread adversarial nodes?: rotate! , 2005, STOC '05.

[43]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[44]  Miguel Castro,et al.  Performance and dependability of structured peer-to-peer overlays , 2004, International Conference on Dependable Systems and Networks, 2004.