X-Vine: Secure and Pseudonymous Routing Using Social Networks

Distributed hash tables suffer from several security and privacy vulnerabilities, including the problem of Sybil attacks. Existing social network-based solutions to mitigate the Sybil attacks in DHT routing have a high state requirement and do not provide an adequate level of privacy. For instance, such techniques require a user to reveal their social network contacts. We design X-Vine, a protection mechanism for distributed hash tables that operates entirely by communicating over social network links. As with traditional peer-to-peer systems, X-Vine provides robustness, scalability, and a platform for innovation. The use of social network links for communication helps protect participant privacy and adds a new dimension of trust absent from previous designs. X-Vine is resilient to denial of service via Sybil attacks, and in fact is the first Sybil defense that requires only a logarithmic amount of state per node, making it suitable for large-scale and dynamic settings. X-Vine also helps protect the privacy of users social network contacts and keeps their IP addresses hidden from those outside of their social circle, providing a basis for pseudonymous communication. We first evaluate our design with analysis and simulations, using several real world large-scale social networking topologies. We show that the constraints of X-Vine allow the insertion of only a logarithmic number of Sybil identities per attack edge; we show this mitigates the impact of malicious attacks while not affecting the performance of honest nodes. Moreover, our algorithms are efficient, maintain low stretch, and avoid hot spots in the network. We validate our design with a PlanetLab implementation and a Facebook plugin.

[1]  Jun Wang,et al.  TRIBLER: a social‐based peer‐to‐peer system , 2008, IPTPS.

[2]  Eric Brewer,et al.  Anonymous routing in structured peer-to-peer overlays , 2005 .

[3]  H. Niedermayer,et al.  Accountable Internet Protocol , 2009 .

[4]  Tadayoshi Kohno,et al.  Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs , 2008, USENIX Security Symposium.

[5]  Dan S. Wallach,et al.  A Survey of Peer-to-Peer Security Issues , 2002, ISSS.

[6]  Hector Garcia-Molina,et al.  SPROUT: P2P Routing with Social Networks , 2004, EDBT Workshops.

[7]  Mirco Musolesi,et al.  Sensing meets mobile social networks: the design, implementation and evaluation of the CenceMe application , 2008, SenSys '08.

[8]  Apu Kapadia,et al.  Halo: High-Assurance Locate for Distributed Hash Tables , 2008, NDSS.

[9]  Prateek Mittal,et al.  In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems , 2010, CCS '10.

[10]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[11]  Krishna P. Gummadi,et al.  On the evolution of user interaction in Facebook , 2009, WOSN '09.

[12]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[13]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[14]  Andrew S. Tanenbaum,et al.  Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System , 2004, Security Protocols Workshop.

[15]  David Mazières,et al.  Self-certifying file system , 2000 .

[16]  Nicholas Hopper,et al.  Scalable onion routing with torsk , 2009, CCS.

[17]  Giuseppe Ciaccio,et al.  Improving Sender Anonymity in a Structured Overlay with Imprecise Routing , 2006, Privacy Enhancing Technologies.

[18]  Brian Neil Levine,et al.  Strengthening forensic investigations of child pornography on P2P networks , 2010, Co-NEXT '10.

[19]  Ion Stoica,et al.  ROFL: routing on flat labels , 2006, SIGCOMM '06.

[20]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[21]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[22]  Nicholas Hopper,et al.  Membership-concealing overlay networks , 2009, CCS.

[23]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[24]  Thomas F. La Porta,et al.  Limiting Sybil Attacks in Structured P2P Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[25]  Krishna P. Gummadi,et al.  Ostra: Leveraging Trust to Thwart Unwanted Communication , 2008, NSDI.

[26]  Lakshminarayanan Subramanian,et al.  Sybil-Resilient Online Content Voting , 2009, NSDI.

[27]  Shishir Nagaraja,et al.  Anonymity in the Wild: Mixes on Unstructured Networks , 2007, Privacy Enhancing Technologies.

[28]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[29]  Yongdae Kim,et al.  Attacking the Kad network , 2008, SecureComm.

[30]  Antony I. T. Rowstron,et al.  Virtual ring routing: network routing inspired by DHTs , 2006, SIGCOMM.

[31]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[32]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[33]  N. Meyers,et al.  H = W. , 1964, Proceedings of the National Academy of Sciences of the United States of America.

[34]  Eric Gilbert,et al.  Predicting tie strength with social media , 2009, CHI.

[35]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[36]  Thomas E. Anderson,et al.  Privacy-preserving P2P data sharing with OneSwarm , 2010, SIGCOMM '10.

[37]  Dirk Grunwald,et al.  BitStalker: Accurately and efficiently monitoring bittorrent traffic , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[38]  Li Xiaoming,et al.  Maze: a social peer-to-peer network , 2004, IEEE International Conference on E-Commerce Technology for Dynamic E-Business.

[39]  Stefan Richter,et al.  NISAN: network information service for anonymization networks , 2009, CCS.

[40]  Prateek Mittal,et al.  ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies , 2009, CCS.

[41]  David Mazières,et al.  Democratizing Content Publication with Coral , 2004, NSDI.

[42]  Jinyang Li,et al.  Unblocking the Internet : Social networks foil censors , 2009 .

[43]  Eddie Kohler,et al.  Events Can Make Sense , 2007, USENIX Annual Technical Conference.

[44]  Ben Y. Zhao,et al.  User interactions in social networks and their implications , 2009, EuroSys '09.

[45]  Prateek Mittal,et al.  Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems , 2012, TSEC.

[46]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[47]  Shriram K. Vasudevan,et al.  Sybil Guard: Defending Against Sybil Attacks via Social Networks , 2010 .

[48]  Chris Lesniewski-Laas,et al.  A Sybil-proof one-hop DHT , 2008, SocialNets '08.

[49]  Christian Grothoff,et al.  Routing in the Dark: Pitch Black , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[50]  Brent Waters,et al.  Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs , 2010, NDSS.

[51]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[52]  Ian T. Foster,et al.  Mapping the Gnutella Network , 2002, IEEE Internet Comput..

[53]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[54]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[55]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[56]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[57]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[58]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[59]  Aziz Mohaisen,et al.  Measuring the mixing time of social graphs , 2010, IMC '10.

[60]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[61]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[62]  Calton Pu,et al.  Reverse Social Engineering Attacks in Online Social Networks , 2011, DIMVA.