Embed Size (px)
Citation preview
Towards Scalable and Robust Overlay Networks
Christian Scheideler
Institut für Informatik
Technische Universität München
Baruch Awerbuch
Dept. of Computer Science
Johns Hopkins University
Motivation
• Peer-to-peer systems have attracted a lot of attention in recent years
• Many structured peer-to-peer systems use overlay networks based on virtual space
Example
Chord:
• Each peer assigned to (pseudo-)random point in [0,1)
• Each peer at point x connects to peers closest to x+1/2, x+1/4, x+1/8,…(mod 1)
0 1
Basic Goals
Scalability:
• Network has (poly-)logarithmic diameter
• Peers have (poly-)logarithmic degree
• Join/leave require (poly-)logarithmic work
Robustness:
• Network robust against insider and outsider attacks (minimal goal: honest peers form single connected component)
Join-Leave Attacks
In open peer-to-peer systems
Goal: make abuse of join and leave operations hard
• peers may frequently join and leave• not all peers are honest/reliable
Join-Leave Model
• n honest peers• n adversarial peers, <1
Operations:• Join(v): peer v joins the system• Leave(v): peer v leaves the system
Goal: maintain scalability and robustness for any sequence of polynomially many rejoin (leave+join) requests
Join-Leave Model
Goal: maintain scalability and robustness for any sequence of polynomially many rejoin (leave+join) requests
Adversary can decide adaptively which peer (honest or adversarial) has to rejoin
Rejoin(v1) Rejoin(v2) Rejoin(v3) Rejoin(v4)time
More specific goal
• n honest peers, n adversarial peers
• every peer has point in [0,1) (Chord)
For any interval I ½ [0,1) of size (c log n)/n:
• Balancing condition: (log n) peers in I
• Majority condition: honest peers in majority
0 1I
c log n / n
How to satisfy conditions?
(1) use pseudo-random (cryptographic) hash function to map peers to points in [0,1)
• randomly distributes honest peers• does not randomly distribute adversarial peers
How to satisfy conditions?
(2) map peers to random points in [0,1)
How to satisfy conditions?
(3) Group spreading [AS04]:
• Map peers to random points in [0,1)
• Limit lifetime of peers
Too expensive!
Only adversarial peers rejoin
• Rule that works: k-cuckoo rule [AS06]
evict k/n-region
n honest n adversarial
< 1-1/k
Rejoin: leave and join via k-cuckoo rule
Limitation of k-cuckoo rule
• Only works for any sequence of rejoin requests of adversarial peers.
• Does not work for any sequence of rejoin requests.
Local Load Balancing
• Works quite effectively to maintain overlay network if all peers are honest [KSW05]
Random Filling/Flipping
• Fill position of leaving peer with random peer• Flip k/n-region of leaving peer with random k/n-region
Random-Neighbor-Flipping
• Flip random among c log n neighboring k/n-regions with random k/n-region
flip
Analysisdifficult!
k-cuckoo&flip rule
• Join: as before (k-cuckoo rule)
• Leave: random k/n-region among c log n neighboring
k/n-regions, empty & flip it with random k/n-region
n honest n adversarial
flip
Rejoin viak-cuckoo rule
Main Result
Theorem: For any constants and k with <1/4-(2 log k+1)/k, the cuckoo&flip rule satisfies the balancing and majority conditions for a poly number of rejoin requests, w.h.p.
Proof:via several worst-case high-concentration results for honest and adversarial peers
Conclusions
Algorithmic solutions are possible to counter join-leave attacks with constant factor overhead
Concurrent join-leave operations: fine with rate limit enforced by peers
Massive departure of adversarial peers: not a problem due to balancing condition
Conclusions
Problem: strategy is high-level and only covers legal attacks on overlay network (resp. DoS attacks on one honest node at a time)
Low-level protocols:• Most critical issue is random number gen.• Low-level protocol for that in [AS06b]
(works – unlike VSS - for public channels)
Conclusions
Problem: strategy is high-level and only covers legal attacks on overlay network (resp. DoS attacks on one honest node at a time)
Illegal attacks:• Biggest problem low-level DoS attacks• Only oblivious or relatively weak adaptive
attackers can be handled so far
Questions?
