Detection and mitigation of localized attacks in a widely deployed P2P network

Several large scale P2P networks operating on the Internet are based on a Distributed Hash Table. These networks offer valuable services, but they all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, distributed denial of service, pollution, etc.). While several attacks and attack scenarios have been documented, few studies have measured the actual deployment of such attacks and none of the documented countermeasures have been tested for compatibility with an already deployed network. In this article, we focus on the KAD network. Based on large scale monitoring campaigns, we show that the world-wide deployed KAD network suffers large number of suspicious insertions around shared contents and we quantify them. To cope with these peers, we propose a new efficient protection algorithm based on analyzing the distribution of the peers’ ID found around an entry after a DHT lookup. We evaluate our solution and show that it detects the most efficient configurations of inserted peers with a very small false-negative rate, and that the countermeasures successfully filter almost all the suspicious peers. We demonstrate the direct applicability of our approach by implementing and testing our solution in real P2P networks.

[1]  Taoufik En-Najjary,et al.  Exploiting KAD: possible uses and misuses , 2007, CCRV.

[2]  Olivier Festor,et al.  Efficient DHT attack mitigation through peers' ID distribution , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW).

[3]  Tadayoshi Kohno,et al.  Challenges and Directions for Monitoring P2P File Sharing Networks - or - Why My Printer Received a DMCA Takedown Notice , 2008, HotSec.

[4]  Keith W. Ross,et al.  The Index Poisoning Attack in P2P File Sharing Systems , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[5]  Zhoujun Li,et al.  ID repetition in Kad , 2009, 2009 IEEE Ninth International Conference on Peer-to-Peer Computing.

[6]  Julien Bourgeois,et al.  International workshop on hot topics in Peer-to-Peer systems - HOTP2P , 2009, 2009 IEEE International Symposium on Parallel & Distributed Processing.

[7]  Michael Kohnen,et al.  Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network , 2009, Networking.

[8]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[9]  Olivier Festor,et al.  Monitoring and Controlling Content Access in KAD , 2010, 2010 IEEE International Conference on Communications.

[10]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[11]  Walid Dabbous,et al.  Spying the World from Your Laptop: Identifying and Profiling Content Providers and Big Downloaders in BitTorrent , 2010, LEET.

[12]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[13]  George Varghese,et al.  Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications , 2001, SIGCOMM 2001.

[14]  Olivier Festor,et al.  When KAD Meets BitTorrent - Building a Stronger P2P Network , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.

[15]  Thomas F. La Porta,et al.  Limiting Sybil Attacks in Structured P2P Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[16]  Valérie Viet Triem Tong,et al.  A Sybil-Resistant Admission Control Coupling SybilGuard with Distributed Certification , 2008, 2008 IEEE 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[17]  Sonia Fahmy,et al.  Omnify: Investigating the Visibility and Effectiveness of Copyright Monitors , 2011, PAM.

[18]  Keith W. Ross,et al.  Exploiting P2P systems for DDoS attacks , 2006, InfoScale '06.

[19]  Olivier Festor,et al.  Evaluation of Sybil Attacks Protection Schemes in KAD , 2009, AIMS.

[20]  F. James Rohlf,et al.  Biometry: The Principles and Practice of Statistics in Biological Research , 1969 .

[21]  Yongdae Kim,et al.  Attacking the Kad network , 2008, SecureComm.

[22]  Pablo Rodriguez,et al.  Monitoring the Bittorrent Monitors: A Bird's Eye View , 2009, PAM.

[23]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[24]  Daniel Stutzbach,et al.  Large-scale monitoring of DHT traffic , 2009, IPTPS.

[25]  Sokal Rr,et al.  Biometry: the principles and practice of statistics in biological research 2nd edition. , 1981 .

[26]  Shriram K. Vasudevan,et al.  Sybil Guard: Defending Against Sybil Attacks via Social Networks , 2010 .

[27]  Miguel Castro,et al.  Defending against eclipse attacks on overlay networks , 2004, EW 11.

[28]  Hannes Hartenstein,et al.  Defending the Sybil attack in P2P networks: taxonomy, challenges, and a proposal for self-registration , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[29]  Taoufik En-Najjary,et al.  A global view of kad , 2007, IMC '07.

[30]  Stefan Schmid,et al.  Poisoning the Kad Network , 2010, ICDCN.