Towards Scalable and Robust Overlay Networks Christian Scheideler Institut für Informatik...
-
Upload
sylvia-gordon -
Category
Documents
-
view
215 -
download
0
Transcript of Towards Scalable and Robust Overlay Networks Christian Scheideler Institut für Informatik...
Towards Scalable and Robust Overlay Networks
Christian Scheideler
Institut für Informatik
Technische Universität München
Baruch Awerbuch
Dept. of Computer Science
Johns Hopkins University
Motivation
• Peer-to-peer systems have attracted a lot of attention in recent years
• Many structured peer-to-peer systems use overlay networks based on virtual space
Example
Chord:
• Each peer assigned to (pseudo-)random point in [0,1)
• Each peer at point x connects to peers closest to x+1/2, x+1/4, x+1/8,…(mod 1)
0 1
Basic Goals
Scalability:
• Network has (poly-)logarithmic diameter
• Peers have (poly-)logarithmic degree
• Join/leave require (poly-)logarithmic work
Robustness:
• Network robust against insider and outsider attacks (minimal goal: honest peers form single connected component)
Join-Leave Attacks
In open peer-to-peer systems
Goal: make abuse of join and leave operations hard
• peers may frequently join and leave• not all peers are honest/reliable
Join-Leave Model
• n honest peers• n adversarial peers, <1
Operations:• Join(v): peer v joins the system• Leave(v): peer v leaves the system
Goal: maintain scalability and robustness for any sequence of polynomially many rejoin (leave+join) requests
Join-Leave Model
Goal: maintain scalability and robustness for any sequence of polynomially many rejoin (leave+join) requests
Adversary can decide adaptively which peer (honest or adversarial) has to rejoin
Rejoin(v1) Rejoin(v2) Rejoin(v3) Rejoin(v4)time
More specific goal
• n honest peers, n adversarial peers
• every peer has point in [0,1) (Chord)
For any interval I ½ [0,1) of size (c log n)/n:
• Balancing condition: (log n) peers in I
• Majority condition: honest peers in majority
0 1I
c log n / n
How to satisfy conditions?
(1) use pseudo-random (cryptographic) hash function to map peers to points in [0,1)
• randomly distributes honest peers• does not randomly distribute adversarial peers
How to satisfy conditions?
(2) map peers to random points in [0,1)
How to satisfy conditions?
(3) Group spreading [AS04]:
• Map peers to random points in [0,1)
• Limit lifetime of peers
Too expensive!
Only adversarial peers rejoin
• Rule that works: k-cuckoo rule [AS06]
evict k/n-region
n honest n adversarial
< 1-1/k
Rejoin: leave and join via k-cuckoo rule
Limitation of k-cuckoo rule
• Only works for any sequence of rejoin requests of adversarial peers.
• Does not work for any sequence of rejoin requests.
Local Load Balancing
• Works quite effectively to maintain overlay network if all peers are honest [KSW05]
Random Filling/Flipping
• Fill position of leaving peer with random peer• Flip k/n-region of leaving peer with random k/n-region
Random-Neighbor-Flipping
• Flip random among c log n neighboring k/n-regions with random k/n-region
flip
Analysisdifficult!
k-cuckoo&flip rule
• Join: as before (k-cuckoo rule)
• Leave: random k/n-region among c log n neighboring
k/n-regions, empty & flip it with random k/n-region
n honest n adversarial
flip
Rejoin viak-cuckoo rule
Main Result
Theorem: For any constants and k with <1/4-(2 log k+1)/k, the cuckoo&flip rule satisfies the balancing and majority conditions for a poly number of rejoin requests, w.h.p.
Proof:via several worst-case high-concentration results for honest and adversarial peers
Conclusions
Algorithmic solutions are possible to counter join-leave attacks with constant factor overhead
Concurrent join-leave operations: fine with rate limit enforced by peers
Massive departure of adversarial peers: not a problem due to balancing condition
Conclusions
Problem: strategy is high-level and only covers legal attacks on overlay network (resp. DoS attacks on one honest node at a time)
Low-level protocols:• Most critical issue is random number gen.• Low-level protocol for that in [AS06b]
(works – unlike VSS - for public channels)
Conclusions
Problem: strategy is high-level and only covers legal attacks on overlay network (resp. DoS attacks on one honest node at a time)
Illegal attacks:• Biggest problem low-level DoS attacks• Only oblivious or relatively weak adaptive
attackers can be handled so far
Questions?