Ensuring Content Integrity for Untrusted Peer-to-Peer Content Distribution Networks

Many existing peer-to-peer content distribution networks (CDNs) such as Na Kika, CoralCDN, and CoDeeN are deployed on PlanetLab, a relatively trusted environment. But scaling them beyond this trusted boundary requires protecting against content corruption by untrusted replicas. This paper presents Repeat and Compare, a system for ensuring content integrity in untrusted peer-to-peer CDNs even when replicas dynamically generate content. Repeat and Compare detects misbehaving replicas through attestation records and sampled repeated execution. Attestation records, which are included in responses, cryptographically bind replicas to their code, inputs, and dynamically generated output. Clients then forward a fraction of these records to randomly selected replicas acting as verifiers. Verifiers, in turn, reliably identify misbehaving replicas by locally repeating response generation and comparing their results with the attestation records. We have implemented our system on top of Na Kika. We quantify its detection guarantees through probabilistic analysis and show through simulations that a small sample of forwarded records is sufficient to effectively and promptly cleanse a CDN, even if large fractions of replicas or verifiers are misbehaving.

[1]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[2]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[3]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[4]  Emin Gün Sirer,et al.  Experience with an Object Reputation System for Peer-to-Peer Filesharing , 2006, NSDI.

[5]  Jeffrey S. Chase,et al.  The role of accountability in dependable distributed systems , 2005 .

[6]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[7]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[8]  Ahmad-Reza Sadeghi,et al.  Towards multilateral secure digital rights distribution infrastructures , 2005, DRM '05.

[9]  Mary Baker,et al.  Narses: A Scalable Flow-Based Network Simulator , 2002, ArXiv.

[10]  Jeffrey S. Chase,et al.  Trust but verify: accountability for network services , 2004, EW 11.

[11]  Robert Grimm,et al.  Na Kika: Secure Service Execution and Composition in an Open Edge-Side Computing Network , 2006, NSDI.

[12]  David Mosberger,et al.  httperf—a tool for measuring web server performance , 1998, PERV.

[13]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[14]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[15]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[16]  Arnold L. Rosenberg,et al.  On the cost-ineffectiveness of redundancy in commercial P2P computing , 2005, CCS '05.

[17]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[18]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[19]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[20]  Henning Schulzrinne,et al.  DotSlash: Providing Dynamic Scalability to Web Applications with On-demand Distributed Query Result Caching , 2005 .

[21]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[22]  Weisong Shi,et al.  Tuxedo: A Peer-to-Peer Caching System , 2003, PDPTA.

[23]  Emin Gün Sirer,et al.  Nexus: a new operating system for trustworthy computing , 2005, SOSP '05.

[24]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[25]  Mary Baker,et al.  Preserving peer replicas by rate-limited sampled voting , 2003, SOSP '03.

[26]  Yuanyuan Zhou,et al.  Rx: treating bugs as allergies---a safe method to survive software failures , 2005, SOSP '05.

[27]  Dawn Xiaodong Song,et al.  SIA: secure information aggregation in sensor networks , 2003, SenSys '03.

[28]  Emin Gün Sirer,et al.  Meridian: a lightweight network location service without virtual coordinates , 2005, SIGCOMM '05.

[29]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[30]  Venugopalan Ramasubramanian,et al.  Optimal Resource Utilization in Content Distribution Networks , 2005 .

[31]  Robert Tappan Morris,et al.  Bandwidth-efficient management of DHT routing tables , 2005, NSDI.

[32]  Ben Y. Zhao,et al.  Tapestry: a resilient global-scale overlay for service deployment , 2004, IEEE Journal on Selected Areas in Communications.

[33]  Andreas Haeberlen,et al.  Efficient Replica Maintenance for Distributed Storage Systems , 2006, NSDI.

[34]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[35]  Krishna P. Gummadi,et al.  The impact of DHT routing geometry on resilience and proximity , 2003, SIGCOMM '03.

[36]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[37]  Hilarie K. Orman,et al.  Data integrity for mildly active content , 2001, Proceedings Third Annual International Workshop on Active Middleware Services.

[38]  David Mazières,et al.  Democratizing Content Publication with Coral , 2004, NSDI.

[39]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[40]  David Mazières,et al.  OASIS: Anycast for Any Service , 2006, NSDI.

[41]  Indranil Gupta,et al.  Kelips: Building an Efficient and Stable P2P DHT through Increased Memory and Background Overhead , 2003, IPTPS.

[42]  Larry L. Peterson,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation the Effectiveness of Request Redirection on Cdn Robustness , 2022 .

[43]  Roberto J. Bayardo,et al.  Merkle tree authentication of HTTP responses , 2005, WWW '05.

[44]  Antony I. T. Rowstron,et al.  Squirrel: a decentralized peer-to-peer web cache , 2002, PODC '02.

[45]  Geoffrey M. Voelker,et al.  Characterization of a Large Web Site Population with Implications for Content Delivery , 2004, WWW '04.

[46]  Andreas Haeberlen,et al.  The Case for Byzantine Fault Detection , 2006, HotDep.

[47]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[48]  Philip S. Yu,et al.  Cooperative Architectures and Algorithms for Discovery and Transcoding of Multi-Version Content , 2003, WCW.