A Security Framework for Service Overlays: Operating in the Presence of Compromised Nodes

In this paper we explore an important issue for many overlay networks the presence of compromised nodes and how they affect the operation of the system. In overlay networks, compromised nodes can drop, delay or in other ways subvert user traffic and break protocols required for the successful operation of the system. We take a game theoretic approach to model the characteristics of a compromised node and an altruistic legitimate node who wishes to identify the compromised node. We first prove that the damage that can be done by the attacker has an upper bound. We then describe the operation of the system that can operate in the presence of compromised nodes by enforcing this upper bound on attacker damage.

[1]  K. J. Ray Liu,et al.  Game Theoretic Analysis of Cooperation Stimulation and Security in Autonomous Mobile Ad Hoc Networks , 2007, IEEE Transactions on Mobile Computing.

[2]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[3]  Kevin S. Bauer,et al.  Towards Robust Overlay Networks : Enhancing Adaptivity Mechanisms with Byzantine-Resilience , 2006 .

[4]  Robbert van Renesse,et al.  Fireflies: scalable support for intrusion-tolerant network overlays , 2006, EuroSys.

[5]  Andreas Terzis,et al.  1-800-OVERLAYS: using overlay networks to improve VoIP quality , 2005, NOSSDAV '05.

[6]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2006, SIGCOMM.

[7]  David M. Kreps,et al.  Reputation and imperfect information , 1982 .

[8]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[9]  Kamil Saraç,et al.  ODON: An On-Demand Security Overlay for Mission-Critical Applications , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[10]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[11]  Miguel Castro,et al.  Defending against eclipse attacks on overlay networks , 2004, EW 11.

[12]  Elaine Shi,et al.  OverDoSe: A Generic DDoS Protection Service Using an Overlay Network , 2006 .

[13]  C. V. Ramamoorthy,et al.  Knowledge and Data Engineering , 1989, IEEE Trans. Knowl. Data Eng..

[14]  Venkata N. Padmanabhan,et al.  SureMail: Notification Overlay for Email Reliability , 2005 .

[15]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[16]  Zhe Wang,et al.  CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups , 2004, OSDI.

[17]  Krishna P. Gummadi,et al.  Improving the Reliability of Internet Paths with One-hop Source Routing , 2004, OSDI.

[18]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[19]  Kamil Sarac,et al.  FONet : A Federated Overlay Network for DoS Defense in the Internet ( A Position Paper ) , 2005 .

[20]  Libin Yang,et al.  Preventing dropping packets attack in sensor networks: A game theory approach , 2008, Wuhan University Journal of Natural Sciences.

[21]  Kevin R. Fall,et al.  Ns: notes and documentation , 1997 .