Secure routing for structured peer-to-peer overlay networks

Structured peer-to-peer overlay networks provide a substrate for the construction of large-scale, decentralized applications, including distributed storage, group communication, and content distribution. These overlays are highly resilient; they can route messages correctly even when a large fraction of the nodes crash or the network partitions. But current overlays are not secure; even a small fraction of malicious nodes can prevent correct message delivery throughout the overlay. This problem is particularly serious in open peer-to-peer systems, where many diverse, autonomous parties without preexisting trust relationships wish to pool their resources. This paper studies attacks aimed at preventing correct message delivery in structured peer-to-peer overlays and presents defenses to these attacks. We describe and evaluate techniques that allow nodes to join the overlay, to maintain routing state, and to forward messages securely in the presence of malicious nodes.

[1]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[2]  Maurice Herlihy,et al.  Axioms for concurrent objects , 1987, POPL '87.

[3]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[4]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[5]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[6]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .

[7]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[8]  H. Federrath Freenet : A Distributed Anonymous Information Storage and Retrieval System in Designing Privacy Enhancing Technologies , 2001 .

[9]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[10]  Ben Y. Zhao,et al.  An Infrastructure for Fault-tolerant Wide-area Location and Routing , 2001 .

[11]  Andy Oram,et al.  Peer-to-Peer: Harnessing the Power of Disruptive Technologies , 2001 .

[12]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[13]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[14]  Steve M. Bellovin,et al.  Security aspects of napster and gnutella , 2001 .

[15]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[16]  Antony I. T. Rowstron,et al.  Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility , 2001, SOSP.

[17]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[18]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[19]  Ben Y. Zhao,et al.  Tapestry: An Infrastructure for Fault-tolerant Wide-area Location and , 2001 .

[20]  John R. Douceur The Sybil Attack , 2002, IPTPS.

[21]  Nancy A. Lynch,et al.  Atomic Data Access in Distributed Hash Tables , 2002, IPTPS.

[22]  N. Lynch,et al.  Atomic Data Access in Content Addressable Networks A Position Paper , 2002 .

[23]  Peter Druschel,et al.  Exploiting network proximity in peer-to-peer overlay networks , 2002 .

[24]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.