Limiting Duplicate Identities in Distributed Systems - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Limiting Duplicate Identities in Distributed Systems

Description:

Limiting Duplicate Identities in Distributed Systems Elliot Jaffe, Dahlia Malkhi, Elan Pavlov The Hebrew University of Jerusalem Presented at Future Directions in ... – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 24
Provided by: ElliotDa9
Category:

less

Transcript and Presenter's Notes

Title: Limiting Duplicate Identities in Distributed Systems


1
Limiting Duplicate Identities in Distributed
Systems
  • Elliot Jaffe, Dahlia Malkhi, Elan Pavlov
  • The Hebrew University of Jerusalem
  • Presented at
  • Future Directions in Distributed Computing
  • Survivability Obstacles and Solutions
  • Bertinoro, Italy, June 23-25 2004

2
Things to come
  1. What are Self-Replication attacks
  2. Why Trust systems are not sufficient
  3. How to leverage routing to allocate IDs
  4. Defenses against self-replication attacks

3
Sample System
  • Peers join and leave the system at will
  • System performs work by distributing operations
    between peers
  • Peer(s) should not be able to hijack the system
  • Results should be safe under a threshold of
    colluding nodes

4
Attack Mode
  • What if
  • The number of bad peers is unbounded
  • Bad peers could collude at no cost
  • How would this effect the system?

5
How-to collude for free
  • Self-Replication attacks
  • A single node A sequentially joins the system
    multiple times, creating virtual identities
    A1..An
  • All these identities share data
  • Unbounded number of identities over time
  • Instant zero cost collusion
  • The Sybil Attack Douceur 2002

6
What is Survivability?
  • Availability of System and its Data
  • Distributed Control and Confidentiality

7
Availability
  • Typical System
  • P2P File Sharing
  • Attacks
  • Directed DOS attacks on key components
  • Preventing access to data
  • Delivering corrupted data

8
Availability Defenses
  • Trust Relationships
  • Damiano, di Vimercati, Paraboschi 2002
    Reputation based resources
  • Kamar, Schlosser, Garcia-Molina 2003 EigenTrust
    Reputation Management
  • Singh, Liu 2003 TrustMe Management of Trust
    Relationships

9
Trust Example
C
  • B,C,D interact successfully with A
  • E wants to talk to A
  • E asks around about A
  • B,C,D report positive experience
  • E talks directly to A

B
A?
D
A?
A?
A
A - OK
A - OK
A - OK
E
10
Trust Based Defenses
  • Trust is based on past performance
  • Anonymity is important
  • Hide ownership of files
  • Hide targets from DOS attacks
  • Multiple identities
  • influence trust values
  • hide source of corrupt files

11
Distributed Control and Confidentiality
  • Distributed Key Escrow, Secure Storage
  • Eternity, OceanStore, Farsite
  • Attacks
  • Directed DOS attacks on key components
  • Preventing access to data
  • Delivering corrupted data
  • Exposure of confidential data

12
Secret Storing Defenses
  • Trust based approaches
  • provide integrity but not confidentiality
  • there is no way to assign reputation to lurkers
  • We need to use a pro-active approach to identify
    self-replicated nodes

13
Background Cryptographic Challenges
  • First Proposed in 1975 by Merkle
  • Bounded by available resources
  • Since a node can physically perform at most C
    challenges, a self-replicated node will fail one
    or more challenges

14
Basic Model
  • Every node has limited resources
  • May be static or renewable
  • Node can solve C challenges in time T
  • Full Mesh connectivity

15
Simple Approach
C 2
1 A challenges B
C
2 B challenges A
B
D
Limits identities
2
Limits In/Out Degree
1
Repeat Challenge every T time
E
A
Assumes interactions gtgt T
Does not require global revocation
F
H
G
16
Probabilistic Approach
C 2
Every T, Choose a random node to challenge
C
B
D
Limits identities
Repeat Challenge every T time
E
A
Requires global revocation
A
F
H
G
17
Routable Identities
  • Address is a routing ticket
  • Routing paths define and limit the available ID
    space
  • Attempted IDs outside of the scope are not
    routable

18
Routable Addresses Examples
  • Internet
  • Class C 192.168.5.
  • 128 Routable addresses
  • Ad Hoc Networks
  • Paths through network
  • Defines how packets are routed

19
Sisyphus Approach
C
Setup 1. Choose ID as Routable Address
B
A?
D
A?
2. Hash to find Vouchers
A?
  • Runtime
  • A wants to talk to E
  • E asks As vouchers about A
  • Vouchers challenge A
  • A solves challenges
  • Vouchers maintain certificate
  • E talks directly to A

A
A - OK
A - OK
A - OK
E
ID(A) XYZZX
H1(ID(A)) B H2(ID(A)) C H3(ID(A)) D
20
Sisyphus
  • No limit to in/out degree of interaction
  • Does not require a revocation service
  • Self-replication nodes fail challenges

21
Sisyphus Issues
  • How do you identify actual vouching nodes based
    on hash value?
  • Values do not correspond to actual nodes!
  • Requires a weakly trusted component
  • ID is defined by Routable Address
  • Realistic

22
Summary
  • Self-Replication attacks
  • Trust systems are not sufficient
  • Leverage routing to defining IDs
  • Defense against self-replication attacks

23
Thank you
Write a Comment
User Comments (0)
About PowerShow.com