Making Peer-to-Peer Anonymous Routing Resilient to Failures
description
Transcript of Making Peer-to-Peer Anonymous Routing Resilient to Failures
![Page 1: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/1.jpg)
IPDPS 2007
Making Peer-to-Peer Anonymous Routing Resilient to Failures
Yingwu Zhu
Seattle University
http://fac-staff.seattleu.edu/zhuy
![Page 2: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/2.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 3: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/3.jpg)
IPDPS 2007
P2P Anonymous Routing
• Using P2P networks as an anonymizing network to achieve initiator/responder anonymity
• Using peer nodes as mixes or relay nodes to relay messages, tunneling communication for initiators/responders
• Many are based on Onion Routing – Layered encryption creates an Onion– Multi-hop routing: an anonymous message
represented by an Onion goes through a small number of mixes (strip the Onion)
![Page 4: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/4.jpg)
IPDPS 2007
P2P Anonymous Routing
• Why appealing?– A potentially large anonymity set offered by the
open set of peer nodes– Sidestep political background and local
jurisdiction issues due to the distribution of peer nodes
– Scalable compared to current static anonymizing networks which operate a small set of fixed mixes
– Ideal for hiding anonymous traffics due to communication patterns and heterogeneity of peer nodes’ locations
– More?...
![Page 5: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/5.jpg)
IPDPS 2007
P2P Anonymous Routing
• A big challenge: node churn in P2P networks
• Problems– Fragile and short-lived paths: node
failures disrupts anonymous paths/tunnels– Message loss and communication failures– Complicate path construction which is
expensive, i.e., usually incurs expensive asymmetric encryption/decryption
![Page 6: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/6.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 7: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/7.jpg)
IPDPS 2007
Research Problem
• Can we make P2P anonymous routing resilient to node failures?
• We are not alone!– Mix-base solutions– Multicast-based solutions
![Page 8: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/8.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 9: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/9.jpg)
IPDPS 2007
Current Solutions
• Mix-based– Use a group of peer nodes as a mix to
mask single mix node failures– The peer nodes in each group share
secrecy to encrypt/decrypt messages along the path
– E.g., TAP and Cashmere
![Page 10: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/10.jpg)
IPDPS 2007
Current Solutions
• Multicast-based– Initiators and responders join a group– Messages are multicasted to all group
members– Cover/noise traffics are used to gain
initiator/responder anonymity– Bandwidth overhead due to message
multicasting and cover traffics– E.g., P5, APFS, Hordes
![Page 11: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/11.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 12: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/12.jpg)
IPDPS 2007
Our Approach
• Based on a simple yet powerful idea– Resilience can be achieved by redundancy
• Rely on Onion routing– Layered encryption and multi-hop routing
• Techniques employed– Message redundancy by erasure coding– Path redundancy (coded messages are sent
over multiple disjoint paths)– Wise choice of peer nodes as mixes in each
single path
![Page 13: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/13.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 14: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/14.jpg)
IPDPS 2007
Erasure Coding
• Widely used in file & storage systems– Tradeoff between data availability and
storage cost
• Breaks a message M into n coded segments, each of length |M|/m
• m of n segments suffice to reconstruct M
• Redundancy r = n/m
![Page 15: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/15.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 16: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/16.jpg)
IPDPS 2007
Message and Path Redundancy
……
M1
Mk
Mn
M: original message Mi: coded segment with length of |M|/m, 1≤ i ≤ n
M1
Mk
Mn
M1
Mk
Mn
……
M1
Mk
Mn
Bob Alice
Onion Routing
Alice can reconstruct M upon the first m arrived coded segments
![Page 17: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/17.jpg)
IPDPS 2007
Allocation of Coded Segments
• Message M n coded segments with length of|M|/m, redundancy r = n/m
• k disjoint paths from Bob to Alice• Idea: equally distribute n segments over k paths (k ≤
n, assume k is a multiple of r for simplicity)• P(k) = Psuccess (Alice receives M)
= Prob(≥k/r paths succeed in message delivery)
Goal: maximize P(k) with respect to k and r
p = (pnode_availability)L
L: # of nodes in a path
![Page 18: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/18.jpg)
IPDPS 2007
Allocation of Coded Segments
Guideline to maximize routing resilience upon different node availabilities and message redundancy degrees
![Page 19: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/19.jpg)
IPDPS 2007
Validation of 3 Observations
Impact of different ks on success of routing under different node availabilities of 0.70, 0.86, and 0.95, where L = 3 and r = 2.
![Page 20: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/20.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 21: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/21.jpg)
IPDPS 2007
Wise Choice of Mixes• Problem
– Current mix-based protocols do NOT consider node lifetime when choosing mixes
– Random selection in mixes• Our goal
– Choose nodes that tend to live longer as mixes
– Improve path durability (prolong path lifetime)
• Challenge– Can we predict node lifetime?
![Page 22: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/22.jpg)
IPDPS 2007
Node Lifetime Distribution
Figure 1: Cumulative dist. of the measured Gnutella node lifetime dist. comparedwith a Pareto dist. with α=0.83 and β = 1560 sec.
![Page 23: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/23.jpg)
IPDPS 2007
Wise Choice of Mixes
• Based on the Pareto distribution– Prediction: Nodes that have stayed a long time
tend to stay longer in the system
• Each node gossips node liveness information they have learned
• Each node seeking anonymity makes mix choices to construct anonymous paths based on node liveness prediction
![Page 24: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/24.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 25: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/25.jpg)
IPDPS 2007
Experimental Setup
• Simulator built from P2psim 3.0 by MIT• Augment OneHop
– Membership management is essentially a hierarchical gossip protocol
– Learn node liveness information • Node lifetime dist. to simulate churn
– Pareto– Uniform– Exponential
![Page 26: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/26.jpg)
IPDPS 2007
Results
• Main results are omitted here. • Security analysis
– Similar to Onion Routing
• Please see paper for details
![Page 27: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/27.jpg)
IPDPS 2007
Impact of wise choice of mixes on path durability (the duration that a sender can successfully route messages to a destination
over 4 disjoint paths with redundancy degree of 4)
0
1
2
3
4
5
6
Pareto Uniform Exponential
Node lifetime dist.
Pat
h du
rabi
lity
impr
ovem
ent
![Page 28: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/28.jpg)
IPDPS 2007
Overview
• Background– P2P Anonymous
Routing– Research Problem– Current Solutions
• Our Approach– Erasure Coding– Message and Path
Redundancy– Wise Choice of Mixes
• Evaluation– Experimental Setup– Results
• Summary
![Page 29: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/29.jpg)
IPDPS 2007
Summary• Strike a balance between routing resilience
and bandwidth cost while preserving sender anonymity
• Message redundancy by erasure coding and path redundancy– Improve path construction and routing resilience– Tolerate up to path failures
• Choice of mixes based on node lifetime prediction– Based on Pareto dist.– Surprisingly, work very well for other dist. like
Uniform and Exponential dist. (significantly better than random selection)
• Bandwidth cost by erasure coding is modest
![Page 30: Making Peer-to-Peer Anonymous Routing Resilient to Failures](https://reader036.fdocuments.in/reader036/viewer/2022062305/56815141550346895dbf5f19/html5/thumbnails/30.jpg)
IPDPS 2007
Questions ?