CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE
description
Transcript of CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE
![Page 1: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/1.jpg)
CASCADE: AN ATTACK-RESISTANT DHT
WITH MINIMAL HARD STATE
Alexander MohrMayank Mishra
State University of New York at Stony Brook
![Page 2: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/2.jpg)
Motivation
• Many P2P networks are not designed with attack-resistance in mind (Gnutella, Shareaza, eDonkey2k, Chord, CAN, Pastry, etc).
• Those that are attack-resistant generally are not as efficient (Freenet, RON, etc).
Let’s try for both in a sloppy DHT!
![Page 3: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/3.jpg)
Goals
• Guarantee that a resource in the network can be located (even if 90-95% peers are malicious).
• Make searches efficient with extensive caching.
• Empower users to have control over their searches.
![Page 4: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/4.jpg)
Object of search
Querying
Node Malicious Node
Non Malicious Node
Scenario
![Page 5: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/5.jpg)
Threat Model
• Underlying network is well-behaved.
• Nodes can be malicious or non-malicious.
• Malicious peers are Byzantine.– Co-ordinate amongst themselves.– May delay communication between non-
malicious peers.
![Page 6: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/6.jpg)
System Description
• Each node stores :– The keys that the node itself has inserted into the
DHT (its "published keys").– A subset of alive peers (its "neighbors").
• When queried for a key, a node :– Consults its list of published keys, – Responds with the associated value if it was present,– Returns its list of neighbors.
• Searching the network is an iterative breadth-first search.
![Page 7: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/7.jpg)
ClaimIf there exists any non-malicious path from a query originator to a peer publishing the search key, the search will eventually succeed!
![Page 8: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/8.jpg)
ClaimIf there exists any non-malicious path from a query originator to a peer publishing the search key, the search will eventually succeed!
But, we’ve said nothing about whether such a path is likely to exist!
![Page 9: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/9.jpg)
Open Question
• Can we guarantee that a non-malicious path will exist?
• Maybe: we’re not yet sure how feasible it is.– Secure Routing [Castro et al., 2002]– When choosing a new neighbor:
• Flood the network to obtain a list of all peers.• Pick one at random.
![Page 10: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/10.jpg)
Traffic Amplification Attacks
Traffic Amplifier
Networks like Gnutella Cascade
Message
• Iterative search prevents traffic amplification.
• More effort to search, but that might be good:
![Page 11: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/11.jpg)
Man-in-the-Middle Attacks
• There is no man in the middle.– Don’t have to trust what others say on
someone else’s behalf.
X
Y’
X’
Liar Liar
Y
Z
Y
X’
![Page 12: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/12.jpg)
State Exhaustion Attacks
• All per-query state is located on the querying node itself.
• No per-query state is maintained by the network.
![Page 13: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/13.jpg)
Caching and Performance
• Goal #2: Efficient search.
• Add passive caching:– Known-peers cache.– Results cache.– Query cache.
Caches are hints and are not required for correct operation!!
![Page 14: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/14.jpg)
Known Peers Cache
• Whenever you discover a peer, store:– Whom they were.– When you saw them.
• Save this cache between program runs to bootstrap.
• With directed searches, get there faster.
![Page 15: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/15.jpg)
Results Cache
• Store the results of your own searches:– What you found.– Where it was.– When you saw it.
• When a node asks you for a key that you previously found, tell it where and when!
![Page 16: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/16.jpg)
Query Cache
• When someone else queries you for a key, remember:– What they queried for.– Whom they were.– When they queried you.
• Also: tell them if anyone else is looking for the same key and when they were looking!
Like path-based replication, but passive!
![Page 17: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/17.jpg)
NODE Query Cache Results Cache
A - -
B A -
C - -
D - -
A queries for key x which is located at D.
ExampleA
BC
D
![Page 18: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/18.jpg)
NODE Query Cache Results Cache
A - -
B A -
C A -
D - -
ExampleA
BC
D
A queries for key x which is located at D.
![Page 19: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/19.jpg)
NODE Query Cache Results Cache
A - D
B A -
C A -
D A -
ExampleA
BC
D
A queries for key x which is located at D.
![Page 20: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/20.jpg)
Now E searches for key x .
E
Example
A
BC
D
B
NODE Query Cache Results Cache
A - D
B A -
C A -
D A -
E - -
![Page 21: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/21.jpg)
E
Example
DA
BC
B
NODE Query Cache Results Cache
A - D
B A,E -
C A -
D A -
E - -
E follows B’s query cache hint to A.
![Page 22: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/22.jpg)
NODE Query Cache Results Cache
A - D
B A,E -
C A -
D A,E -
E - D
E
Example
A
BC
D
B
E follows A’s result cache hint to D.
![Page 23: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/23.jpg)
Soft Structure
• It’s easy to add Chord-like structure!
• Responsibility cache:– Key-value pairs that are nearby in identifier
space.
• Structured neighbor list:– In addition to random neighbors, add
structured neighbors.
![Page 24: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/24.jpg)
Flexibility and Control
• The user is in control of the search process!!• Flexibility:
– The user may choose to trust a node and use its cached information (Fast Search).
– The user may NOT trust a peer’s cache and instead use a BFS (Reliable Search).
– Hybrids..
![Page 25: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/25.jpg)
Conclusion
• In the best case, Chord-like structure and caches allow very efficient search.
• In the worst case, a node can search more if it really cares about search results!
Dumb network, smart end-hosts!
![Page 26: CASCADE: AN ATTACK-RESISTANT DHT WITH MINIMAL HARD STATE](https://reader035.fdocuments.us/reader035/viewer/2022070406/5681406f550346895dabf04d/html5/thumbnails/26.jpg)
Future Work
• Ensure that non-malicious paths are likely to exist.
• Prevent other attacks on the system.– What are they?
• Quantify benefits of our caching schemes.