Mitigating Eclipse attacks in Peer-To-Peer networks

Peer-to-Peer (P2P) protocols usage is proliferating for a variety of applications including time- and safety-critical ones. While the distributed design of P2P provides inherent fault tolerance to certain failures, the large-scale decentralized coordination exhibits various exploitable security threats. One of these key threats are Eclipse attacks, where a large fraction of malicious peers can surround, i.e., eclipse benign peers. Topology-aware localized Eclipse attacks (taLEAs) are a new class of such attacks that allows for highly efficient denial of service attacks with a small amount of malicious resources. Our contribution is twofold: First, we show the generic susceptibility of structured P2P protocols to taLEAs. Second, we propose a new lookup mechanism for the proactive and reactive detection and mitigation of such attacks. Our novel lookup mechanism complements the common deterministic lookup with randomized decisions in order to reduce the predictability of the lookup. We validate our proposed technique via extensive simulations, increasing the lookup success to 100% in many scenarios.

[1]  Stephen D. Wolthusen,et al.  Critical Infrastructure Protection , 2012, Lecture Notes in Computer Science.

[2]  Stefan Schmid,et al.  Poisoning the Kad Network , 2010, ICDCN.

[3]  S. Krause,et al.  OverSim: A Flexible Overlay Network Simulation Framework , 2007, 2007 IEEE Global Internet Symposium.

[4]  Nipun Bansal,et al.  Peer to Peer Networking and Applications , 2013 .

[5]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[6]  Olivier Festor,et al.  Evaluation of Sybil Attacks Protection Schemes in KAD , 2009, AIMS.

[7]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[8]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[9]  Guillaume Pierre,et al.  A survey of DHT security techniques , 2011, CSUR.

[10]  Yongdae Kim,et al.  Attacking the Kad network , 2008, SecureComm.

[11]  Olivier Festor,et al.  Detection and mitigation of localized attacks in a widely deployed P2P network , 2013, Peer Peer Netw. Appl..

[12]  Prateek Mittal,et al.  ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies , 2009, CCS.

[13]  Carl H. Hauser,et al.  Smart Generation and Transmission With Coherent, Real-Time Data , 2011, Proceedings of the IEEE.

[14]  Christian Grothoff,et al.  R5N: Randomized recursive routing for restricted-route networks , 2011, 2011 5th International Conference on Network and System Security.

[15]  Ingmar Baumgart,et al.  S/Kademlia: A practicable approach towards secure key-based routing , 2007, 2007 International Conference on Parallel and Distributed Systems.

[16]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[17]  Bernhard Heep R/Kademlia: Recursive and topology-aware overlay routing , 2010, 2010 Australasian Telecommunication Networks and Applications Conference.

[18]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[19]  Neeraj Suri,et al.  Susceptibility Analysis of Structured P2P Systems to Localized Eclipse Attacks , 2012, 2012 IEEE 31st Symposium on Reliable Distributed Systems.

[20]  György Pongor,et al.  OMNeT: Objective Modular Network Testbed , 1993, MASCOTS.

[21]  Zhoujun Li,et al.  ID repetition in Kad , 2009, 2009 IEEE Ninth International Conference on Peer-to-Peer Computing.

[22]  Michael Kohnen,et al.  Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network , 2009, Networking.

[23]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[24]  Ben Y. Zhao,et al.  Tapestry: a resilient global-scale overlay for service deployment , 2004, IEEE Journal on Selected Areas in Communications.

[25]  Taoufik En-Najjary,et al.  A global view of kad , 2007, IMC '07.

[26]  Jianer Chen,et al.  Parallel routing in hypercube networks with faulty nodes , 2001, Proceedings. Eighth International Conference on Parallel and Distributed Systems. ICPADS 2001.

[27]  Javier López,et al.  Overview of Critical Information Infrastructure Protection , 2012, Critical Infrastructure Protection.

[28]  Dmitri Loguinov,et al.  Modeling Heterogeneous User Churn and Local Resilience of Unstructured P2P Networks , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[29]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[30]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[31]  Nicholas Hopper,et al.  Balancing the shadows , 2010, WPES '10.

[32]  Taoufik En-Najjary,et al.  Exploiting KAD: possible uses and misuses , 2007, CCRV.