Preserving Peer Preserving Peer Replicas By Rate-Replicas By Rate-

Limited Sampled VotingLimited Sampled Voting

Petros Maniatis et. al.Petros Maniatis et. al.

Presented by Linh NgoPresented by Linh Ngo

1. Introduction1. Introduction

LOCKSS (Lots Of Copies Keep Stuff Safe):LOCKSS (Lots Of Copies Keep Stuff Safe):

- Based on physical document systemBased on physical document system- Advantages: Advantages:

+ independent, low-cost, persistent web caches for + independent, low-cost, persistent web caches for library systemslibrary systems

- Disadvantages: Disadvantages:

+ does not scale adequately+ does not scale adequately

+ insufficiently resistant to attack+ insufficiently resistant to attack

New peer-to-peer opinion poll protocol:New peer-to-peer opinion poll protocol:

- Address these scaling and attack resistance issues- Address these scaling and attack resistance issues

2. Design Principles2. Design Principles

Features:Features:- Cheap to build and maintainCheap to build and maintain- Need not to operate quicklyNeed not to operate quickly- Function properly for decadesFunction properly for decades

Design principles:Design principles:- Cheap storage is unreliableCheap storage is unreliable- No long-term secretsNo long-term secrets- Use inertiaUse inertia- Avoid third-party reputationAvoid third-party reputation- Reduce predictabilityReduce predictability- Intrusion detection is intrinsicIntrusion detection is intrinsic- Assume a strong adversaryAssume a strong adversary

3. LOCKSS System3. LOCKSS System

Preserve access to the material:Preserve access to the material:- CollectCollect the materials the materials- DistributeDistribute by acting as a limited proxy cache by acting as a limited proxy cache- PreservePreserve by cooperating with other caches by cooperating with other caches

Cooperation between caches: Cooperation between caches: Participate in “opinion polls” in a peer-to-peer network to ensure Participate in “opinion polls” in a peer-to-peer network to ensure content content authenticityauthenticity and and integrity integrity of of archival unitsarchival units (AUs) (AUs)

Advantages:Advantages:- Defend against free-loading and theftDefend against free-loading and theft- Built from low-cost, unreliable technologyBuilt from low-cost, unreliable technology- Require little administrationRequire little administration- No need for off-line backupsNo need for off-line backups

4. The New Opinion Poll Protocol4. The New Opinion Poll Protocol

A population of peers preserving a copy of a single AU:A population of peers preserving a copy of a single AU:- MalignMalign- LoyalLoyal- Damaged: loyal with damaged AUDamaged: loyal with damaged AU- Healthy: loyal with correct AUHealthy: loyal with correct AU

Goal:Goal: - High probability that loyal peers in the healthy state High probability that loyal peers in the healthy state

despite failures and attacksdespite failures and attacks- Low probability that a powerful adversary can damage Low probability that a powerful adversary can damage

without detectionwithout detection

Periodic poll called by a LOCKSS peer:Periodic poll called by a LOCKSS peer:- Landslide winLandslide win- Landslide lossLandslide loss- InconclusiveInconclusive

Roles for participating peers:Roles for participating peers:- Poll initiatorPoll initiator- Poll participant/voterPoll participant/voter- Inner circle: decides the outcome of the pollInner circle: decides the outcome of the poll- Outer circle: performs discovery for future inner circleOuter circle: performs discovery for future inner circle

System parameters:System parameters:

A: maximum number of discredited challenges allowed in a A: maximum number of discredited challenges allowed in a pollpoll

C: Proportion of the ref list refreshed using friendsC: Proportion of the ref list refreshed using friends

D: Maximum number of votes allowed to be in the minorityD: Maximum number of votes allowed to be in the minority

E: Maximum age of unused ref list entriesE: Maximum age of unused ref list entries

I: Number of outer circle nomination per inner circle memberI: Number of outer circle nomination per inner circle member

N: Number of inner-circle peers invited into a pollN: Number of inner-circle peers invited into a poll

Q: Number of valid inner votes required to conclude a poll Q: Number of valid inner votes required to conclude a poll successfully (quorum )successfully (quorum )

R: Mean interval between 2 successive poll by a peer on the R: Mean interval between 2 successive poll by a peer on the same AUsame AU

L: Number of loyal voters in the inner circleL: Number of loyal voters in the inner circle

M: Number of malign voters in the inner circleM: Number of malign voters in the inner circle

V: Number of inner-circle peers whose vote is received and V: Number of inner-circle peers whose vote is received and validvalid

4.1 Detailed Description:4.1 Detailed Description:

4.1.1. Bootstrapping:4.1.1. Bootstrapping:- Friend list -> Reference listFriend list -> Reference list- Set refresh timerSet refresh timer

4.1.2. Poll initiation:4.1.2. Poll initiation:

Poll message:Poll message:

[Poll ID, DH Public Key][Poll ID, DH Public Key]

Remove (Remove (discrediteddiscredited):):- Negative poll challengesNegative poll challenges- OvertimeOvertime- Multiple poll challenges Multiple poll challenges

with conflicting msgwith conflicting msg

Number of discredited > A:Number of discredited > A:

Local spoofer alarmLocal spoofer alarm

4.1.3. Poll effort:4.1.3. Poll effort:

Each voter with affirmative Each voter with affirmative Poll Challenge message:Poll Challenge message:

Poll Proof: [PollID, Poll Proof: [PollID, poll effort poll effort proofproof]]

poll effort proofpoll effort proof::- poll identifierpoll identifier- potential voter’s challengepotential voter’s challenge

Also send Poll Proof to voters Also send Poll Proof to voters with negative PC messagewith negative PC message

Wait for Wait for NominateNominate messages messages

4.1.4. Outer circle invitation:4.1.4. Outer circle invitation:

Based on Based on NominateNominate messages messages from its inner circle poll from its inner circle poll participantsparticipants

Same process as inner circle Same process as inner circle votes.votes.

4.1.5. Vote Verification:4.1.5. Vote Verification:- invalidinvalid- valid but disagreeingvalid but disagreeing- valid but agreeingvalid but agreeing

4.1.6. Vote Tabulation:4.1.6. Vote Tabulation:

if V > Q:if V > Q:- Agreeing votes are no more Agreeing votes are no more

than D: landslide lossthan D: landslide loss- Agreeing votes are at least Agreeing votes are at least

V – D: landslide winV – D: landslide win- Agreeing votes are more Agreeing votes are more

than D but fewer than V-D: than D but fewer than V-D: inconclusive, raise alarm.inconclusive, raise alarm.

4.1.7. Repair:4.1.7. Repair:- RepairRequestRepairRequest to one of the to one of the

disagreeing inner circle disagreeing inner circle votersvoters

- RepairRepair message returned message returned- Checks for consistency and Checks for consistency and

re-tabulates resultre-tabulates result- Valid Valid RepairRepair message more message more

than D but less than V-D: than D but less than V-D: inconclusiveinconclusive

4.1.8. Reference List Update: 4.1.8. Reference List Update: Remove all Q peers:Remove all Q peers:- disagreeing inner circle disagreeing inner circle

peerspeers- enough randomly chosen enough randomly chosen

agreeing inner circle peersagreeing inner circle peers- peers that have not voted in - peers that have not voted in

the last E pollsthe last E polls

4.1.8. (cont.):4.1.8. (cont.):Insert:Insert:- all outer circle peers whose votes were agreeing and validall outer circle peers whose votes were agreeing and valid- randomly chosen entries from friend list up to a factor of Crandomly chosen entries from friend list up to a factor of CInconclusive poll: reference listInconclusive poll: reference list

4.1.9. Poll Solicitation: 4.1.9. Poll Solicitation: PollChallenge message:PollChallenge message:[PollID, DH Public Key, challenge, YES/NO][PollID, DH Public Key, challenge, YES/NO]Set Set efforteffort timer to wait for timer to wait for PollProofPollProof

4.1.10. Poll Effort Verification:4.1.10. Poll Effort Verification:- VerifyVerify- Nominate if successNominate if success- Construct voteConstruct vote

4.1.11. Vote Construction:4.1.11. Vote Construction:- Hash AU interleaved with provable computational effortHash AU interleaved with provable computational effort- bogus content if doesn’t want to votebogus content if doesn’t want to vote

4.1.12. Repair Solicitation:4.1.12. Repair Solicitation:- RepairRequestRepairRequest message from poll initiator message from poll initiator- if poll initiator agreed in the past: if poll initiator agreed in the past:

Repair message = [Poll identifier, voter’s copy of Repair message = [Poll identifier, voter’s copy of AU]AU]

(possible enhancement: RepairRequest also includes the hash (possible enhancement: RepairRequest also includes the hash of the initiator’s AU divided into blocks.)of the initiator’s AU divided into blocks.)

4.1.13. Alarms:4.1.13. Alarms:- inconclusive poll alarminconclusive poll alarm- local spoofing alarmlocal spoofing alarm- inter-poll interval alarminter-poll interval alarm

4.2. Protocol Analysis:4.2. Protocol Analysis:

Requirement:Requirement:- prevent the adversary from gaining a foothold in a poll prevent the adversary from gaining a foothold in a poll

initiator’s reference listinitiator’s reference list- make it expensive for the adversary to waster another make it expensive for the adversary to waster another

peer’s resourcepeer’s resource- make the adversary’s attacks detectable fastmake the adversary’s attacks detectable fast

4.2.1. Effort Sizing:4.2.1. Effort Sizing:

Requirements:Requirements:- adjustable costadjustable cost- effort measurable in the same units as the cost it adjustseffort measurable in the same units as the cost it adjusts- the cost of generating effort must be greater than the cost the cost of generating effort must be greater than the cost

of verifying itof verifying it

4.2.1 (cont)4.2.1 (cont)Memory Bound Function: Cause the generator of a proof to Memory Bound Function: Cause the generator of a proof to

incur an amount of case misses and thus RAM accesses incur an amount of case misses and thus RAM accesses (Rosenthal 1)(Rosenthal 1)

4.2.2. Timeliness of Effort:4.2.2. Timeliness of Effort:- Supplying voteSupplying vote- Removed regularly after a pollRemoved regularly after a pollAny peer must sustain a minimum rate of expenditure of effort Any peer must sustain a minimum rate of expenditure of effort

to stay in the systemto stay in the system

4.2.3 Rate Limiting:4.2.3 Rate Limiting:The rate at which an attack can make progress is limited by The rate at which an attack can make progress is limited by

the smaller of the adversary’s efforts and the efforts of his the smaller of the adversary’s efforts and the efforts of his victims.victims.

4.2.4 Reference List Churning:4.2.4 Reference List Churning:- not depend entirely on a fixed set of peersnot depend entirely on a fixed set of peers- friend list is less malign than the outer circlefriend list is less malign than the outer circle

4.2.5 Obfuscation of Protocol State:4.2.5 Obfuscation of Protocol State:- Encrypt everythingEncrypt everything- All peers invited into a poll go through the motions of All peers invited into a poll go through the motions of

protocol to prevent traffic analysisprotocol to prevent traffic analysis

4.2.6 Alarm:4.2.6 Alarm:- Raising an alarm is expensiveRaising an alarm is expensive- All damage, malign, and compromised peers are removedAll damage, malign, and compromised peers are removed

5. Adversary Analysis5. Adversary Analysis

5.1 Adversary Capabilities:5.1 Adversary Capabilities:- Total information awarenessTotal information awareness- Perfect work balancingPerfect work balancing- Perfect digital preservationPerfect digital preservation- Local eavesdroppingLocal eavesdropping- Local spoofingLocal spoofing- StealthStealth- Unconstrained identitiesUnconstrained identities- Exploitation of common peer vulnerabilitiesExploitation of common peer vulnerabilities- Complete parameter knowledgeComplete parameter knowledge

5.2 Adversary Attacks:5.2 Adversary Attacks:- Stealth modificationStealth modification- NuisanceNuisance- AttritionAttrition- TheftTheft- Free-loadingFree-loading

5.3 Attack Techniques:5.3 Attack Techniques:- Adversary foothold in a reference listAdversary foothold in a reference list- Delayed commitmentDelayed commitment- Peer profilingPeer profiling- Session hijackingSession hijacking

5.4 Stealth Modification Attack Strategy:5.4 Stealth Modification Attack Strategy:

Goals:Goals:- Changing the consensus of the target AUChanging the consensus of the target AU- Remaining undetectedRemaining undetected

Two phases attack:Two phases attack:

LurkLurk: seeking to build a foothold in loyal peers’ reference lists: seeking to build a foothold in loyal peers’ reference lists

AttackAttack: causing malign peers to vote and repair using either : causing malign peers to vote and repair using either the correct of bad version of AU as neededthe correct of bad version of AU as needed

Vulnerable Polls:Vulnerable Polls:- M+L >= QM+L >= Q- M > LM > L- L <= DL <= D

Defenses: Defenses: - An enormous amount of effort required to build trustAn enormous amount of effort required to build trust- Attacks have to wait on rate of pollsAttacks have to wait on rate of polls

6. Simulation6. Simulation

6.1 Simulation Environment:6.1 Simulation Environment:- Narses – Java-based discrete event simulatorNarses – Java-based discrete event simulator- Simulation of LOCKSS network for up to 30 simulated yearsSimulation of LOCKSS network for up to 30 simulated years- Random bandwidth (1, 5, 10, 100Mbps) between nodesRandom bandwidth (1, 5, 10, 100Mbps) between nodes- Initial population of 1000 peersInitial population of 1000 peers- AU: 120 seconds to hashAU: 120 seconds to hash

Initiator:Initiator:- 800 seconds/peer to generate PollProof800 seconds/peer to generate PollProof- 240 seconds/peer to verify Vote240 seconds/peer to verify Vote

Voter:Voter:- 200 seconds to verify PollProof200 seconds to verify PollProof- 600 seconds to generate Vote600 seconds to generate Vote

Estimate of 6 hours per pollEstimate of 6 hours per poll

6.2 Simulated Loyal Peers:6.2 Simulated Loyal Peers:

Simple state machines implementing LOCKSS protocol in Simple state machines implementing LOCKSS protocol in section 4section 4

Random undetected errorsRandom undetected errors

6.3 Simulated Adversary:6.3 Simulated Adversary:- Multi-homed nodeMulti-homed node- As many NIC as number of IP addressesAs many NIC as number of IP addresses- As many CPU as number of nodesAs many CPU as number of nodes- Simulation assumed that take over is completed with some Simulation assumed that take over is completed with some

percentage of peers are corruptedpercentage of peers are corrupted- All protocol parameters are knownAll protocol parameters are known- No eavesdroppingNo eavesdropping- No hijacking poll sessionNo hijacking poll session

7. Results7. Results

8. Related Work:8. Related Work:- Bimodal Multicast, Freenet, FreeHaven, Eternity ServiceBimodal Multicast, Freenet, FreeHaven, Eternity Service- Intermemory, CFS, Oceanstore, PAST, TanglerIntermemory, CFS, Oceanstore, PAST, Tangler

9. Future Work:9. Future Work:- Deploy implementationDeploy implementation- Enhance malign modelEnhance malign model- Enhance adversary strategiesEnhance adversary strategies

ReferenceReference

Maniatis, P. et al. Maniatis, P. et al. Preserving Peer Replicas By Rate-Limited Preserving Peer Replicas By Rate-Limited Sampled VotingSampled Voting. ACM. SOSP’03 44-59. ACM. SOSP’03 44-59

Rosenthal, D. Rosenthal, D. On The Cost Distribution of A Memory Bound On The Cost Distribution of A Memory Bound FunctionFunction. . http://arxiv.org/abs/cs.CR/0311005http://arxiv.org/abs/cs.CR/0311005. April 22, 2004. April 22, 2004