REVIEW: Secure routing for structured peer-to-peer overlay networks

REVIEW: Secure routing for structured peer-to-peer overlay networks

The paper discusses security in structured peer-to-peer systems. It
identifies attacks in which malicious nodes can prevent correct delivery
of messages (by dropping, corrupting, misrouting messages or acting as its
destination) and proposes and evaluates techniques to prevent such
attacks. It notes that although peer-to-peer networks are resilient to
failure they are vulnerable to attacks by malicious nodes and that the
widespread use of open peer-to-peer systems makes this vulnerability more
important.

The paper presents an exhaustive identification of vulnerabilities of
various types and proposes solutions. Among the identified vulnerabilities
include:
-If an attacker can choose nodeIds then he can compromise the system. The
attacker can partition the network if it controls two complete and
disjoint sets of neightbours, can target specific nodes by carefully
choosing a nodeId such that the victim's access to the network goes
through the attacker (infected routing tables), as well such attackers can
also control target objects. The proposed solution is by issuing certified
nodeIds by a set of trusted certification authorities. nodeId certificates
are signed by the CAs which provide a public key that can also be used for
for data encryption. CAs public keys must be known by all.

-An attacker can gain control of objects by obtaining a large number of
legitimate nodeIds, thus having the ability to delete, corrupt and control
access to objects - the Sybil attack. The prpoposed solutions include the
use of economic tools (charging monetary fees per certificate) as a
technique to prevent an attacker from obtaining certificates and,
alternatively, bind nodeIds to real world identity.

-Previous nodeId assignments assumed that new nodes choose Ids randomly or
compute Ids by hashing IP which, an assumption which leads to
vulnerability as the attacker has the ability to choose non-random Ids or
IP addresses which hashes to desired Id.

It is also identified that attackers can also epxloit the network by
controlling faulty nodes, to send resposes from the attacker. To further
worsen the vulnerabilities, attackers can also update routing tables to
point to faulty nodes. A proposed solution is the use of constraints in
routing tables.

The paper also demonstrated how half of nodes compromised in 1M nodes
network reduces the probability of message delivery to near zero.

Negatively, however, using the proposed certification approach means that
changes in IP address require that nodes obtain new certificates, which
can be costly in terms overhead or difficult in the case of offline CAs.
Certified nodeIds would not work well with CAN as in this system nodes
change Ids frequently, whenever a new node joins the network. Furthermore,
implementing certification authorities imposes a hierachy into the system
in which the CAs represent easy taregts for denial of service attacks,
which can result in shutdown of the entire network. Certification schemes
also fail to prevent an attacker from controlling a large portion of the
network in small networks.
Received on Thu Nov 17 2005 - 10:51:21 EST