ABSTRACT
P2P systems are exposed to an unusually broad range of attacks. These include a spectrum of denial-of-service, or attrition, attacks from low-level packet flooding to high-level abuse of the peer communication protocol. We identify a set of defenses that systems can deploy against such attacks and potential synergies among them. We illustrate the application of these defenses in the context of the LOCKSS digital preservation system.
- M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately Hard, Memory-bound Functions. In Proceedings of the 10th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2003. Internet Society.Google Scholar
- A. Back. Hashcash - a denial of service counter measure, Aug 2002. http://www.hashcash.org/hashcash.pdf.Google Scholar
- D. J. Bernstein. Syn cookies. http://cr.yp.to/syncookies.html, 1996.Google Scholar
- M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach. Secure Routing for Structured Peer-to-Peer Overlay Networks. In Proceedings of the 5th Usenix Symposium on Operating Systems Design and Implementation, pages 299--314, Boston, MA, USA, Dec. 2002. Google ScholarDigital Library
- M. Castro and B. Liskov. Practical Byzantine Fault Tolerance. In Proceedings of the 3rd Symposium on Operating Systems Design and Implementation, pages 173--186, New Orleans, LA, USA, Feb. 1999. USENIX Association. Google ScholarDigital Library
- L. Cherkasova and P. Phaal. Session-Based Admission Control: A Mechanism for Peak Load Management of Commercial Web Sites. IEEE Transactions on Computers, 51(6):669--685, June 2002. Google ScholarDigital Library
- Computer Emergency Response Team. CERT Advisory CA-1996-21 TCP SYN Flooding Attacks. http://www.cert.org/advisories/CA-1996-21.html, Sept 1996.Google Scholar
- L. P. Cox and B. D. Noble. Samsara: Honor Among Thieves in Peer-to-Peer Storage. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 120--132, Bolton Landing, NY, USA, Oct. 2003. Google ScholarDigital Library
- S. Crosby and D. S. Wallach. Denial of Service via Algorithmic Complexity Attacks. In 12th USENIX Security Symposium, 2003. Google ScholarDigital Library
- N. Daswani and H. Garcia-Molina. Query-Flood DoS Attacks in Gnutella. In Proceedings of the ACM Conference on Computer and Communications Security, Nov. 2002. Google ScholarDigital Library
- J. Douceur. The Sybil Attack. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems, pages 251--260, Boston, MA, USA, Mar. 2002. Google ScholarDigital Library
- C. Dwork, A. Goldberg, and M. Naor. On Memory-Bound Functions for Fighting Spam. In 23rd Annual International Cryptology Conference, Santa Barbara, CA, USA, Aug. 2003.Google Scholar
- C. Dwork and M. Naor. Pricing via Processing. In 12nd Annual International Cryptology Conference, pages 139--147, Santa Barbara, CA, USA, Aug. 1992. Google ScholarDigital Library
- M. Feldman, K. Lai, I. Stoica, and J. Chuang. Robust Incentive Techniques For Peer-to-Peer Networks. In Proceedings of the 5th ACM conference on Electronic commerce, pages 102--111, New York, NY, USA, 2004. ACM Press. Google ScholarDigital Library
- S. Floyd and V. Jacobson. The Synchronization of Periodic Routing Messages. ACM Transactions on Networking, 2(2):122--136, 1994. Google ScholarDigital Library
- T. Giuli, P. Maniatis, M. Baker, D. S. H. Rosenthal, and M. Roussopoulos. Resisting Attrition Attacks on a Peer-to-Peer System. Technical Report arXiv:cs.CR/0405111, Computer Science Department, Stanford University, Stanford, CA, USA, May 2004.Google Scholar
- P. Golle and I. Mironov. Uncheatable Distributed Computations. In D. Naccache, editor, Proceedings of the RSA Conference, Cryptographers' track, volume 2020 of Lecture Notes in Computer Science, pages 425--440, San Francisco, CA, USA, Apr. 2001. Springer. Google ScholarDigital Library
- D. Kempe, J. Kleinberg, and E. Tardos. Maximizing the Spread of Influence Through a Social Network. In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 137--146. ACM Press, Aug. 2003. Google ScholarDigital Library
- A. D. Keromytis, V. Misra, and D. Rubenstein. SOS: Secure Overlay Services. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pages 61--72, 2002. Google ScholarDigital Library
- P. Maniatis, M. Roussopoulos, T. Giuli, D. S. H. Rosenthal, M. Baker, and Y. Muliadi. Preserving Peer Replicas By Rate-Limited Sampled Voting. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 44--59, Bolton Landing, NY, USA, Oct. 2003. Google ScholarDigital Library
- N. Michalakis, D.-M. Chiu, and D. S. H. Rosenthal. Long Term Data Resilience Using Opinion Polls. In 22nd IEEE International Performance Computing and Communications Conference, Phoenix, AZ, USA, Apr. 2003.Google Scholar
- R. M. Needham. Denial of Service. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 151--153. ACM Press, 1993. Google ScholarDigital Library
- S. Rhea, D. Geels, T. Roscoe, and J. Kubiatowicz. Handling Churn in a DHT. In Proceedings of the Usenix Annual Technical Conference, Boston, MA, USA, June 2004. Google ScholarDigital Library
- D. S. H. Rosenthal and V. Reich. Permanent Web Publishing. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pages 129--140, San Diego, CA, USA, June 2000. Google ScholarDigital Library
- A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for larg-scale peer-to-peer systems. In Proceedings of IFIP/ACM Middleware 2001, Heidelberg, Germany, Nov. 2001. Google ScholarDigital Library
- S. Saroiu, K. P. Gummadi, R. Dunn, S. D. Gribble, and H. M. Levy. An Analysis of Internet Content Delivery Systems. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, Boston, MA, USA, Dec. 2002. Google ScholarDigital Library
- A. Somayaji and S. Forrest. Automated Response Using System-Call Delays. In Proceedings of the 9th Usenix Security Symposium, Aug. 2000. Google ScholarDigital Library
- Spam Arrest, LLC. Take Control of your Inbox. http://spamarrest.com.Google Scholar
- D. Wallach. A Survey of Peer-to-Peer Security Issues. In International Symposium on Software Security, 2002. Google ScholarDigital Library
- M. Williamson. Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. In Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, Dec. 2002. Google ScholarDigital Library
- D. Xuan, S. Chellappan, X. Wang, and S. Wang. Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks. In Proceedings of the International Conference on Distributed Computing Systems, Tokyo, Japan, Mar. 2004. IEEE. Google ScholarDigital Library
- A. R. Yumerefendi and J. Chase. Trust but Verify: Accountability for Internet Services. In Proceedings of the 11th ACM SIGOPS European Workshop, Leuven, Belgium, Sept. 2004. ACM SIGOPS. Google ScholarDigital Library
- Impeding attrition attacks in P2P systems
Recommendations
Exploiting P2P systems for DDoS attacks
InfoScale '06: Proceedings of the 1st international conference on Scalable information systemsWhen a P2P system has millions of concurrently active peers, there is the risk that it could serve as a DDoS engine for attacks against a targeted host. In this paper we describe two approaches to creating a DDoS engine out of a P2P system: the first ...
Mitigation of Sybil Attacks in Structured P2P Overlay Networks
SKG '12: Proceedings of the 2012 Eighth International Conference on Semantics, Knowledge and GridsSybils, i.e., the bane of malicious identities under a common control entity, are commonly controlled by an attacker. In Sybil attack, a single malicious user forges multiple fake identities and pretends to be multiple, distinct physical node in the ...
Misusing unstructured p2p systems to perform dos attacks: the network that never forgets
ACNS'06: Proceedings of the 4th international conference on Applied Cryptography and Network SecurityUnstructured P2P systems have gained great popularity in recent years and are currently used by millions of users. One fundamental property of these systems is the lack of structure, which allows decentralized operation and makes it easy for new users ...
Comments