Embed Size (px)
Citation preview
1
Making Contribution-Aware P2P Systems Robust to Collusion Attacks Using Bandwidth
Puzzles
Vyas Sekar, Carnegie Mellon UniversityJoint work with
Michael Reiter, Chad Spensky, UNC Chapel-HillZhenghao Zhang, Florida State
2
Peer-Assisted Content Distribution
Peers upload data to other peersReduces cost of server deployment
Increases scalability
Incentives for users to contribute upload capacity ?
3
Contribution Awareness for P2P
Alice earns “credits” from Bob
for uploading
Premium content
Server-assistDownloads
Priority service
Freq. flyerdiscounts
Alice exchanges “credits”
for rewardsDo you see an obvious problem here ?
4
Collusion Attack
✕
Premium content
Server-assistDownloads
Priority service
Freq. flyerdiscounts
Defeats the purpose of contribution-awareness
Not just hypothetical Observed in real deployments!e.g., Lian et al, ICDCS 07
How can we mitigate such collusion attacks?Bandwidth Puzzles
5
Outline
• Collusion in Contribution-Aware P2P
• High-Level Idea
• Design and Analysis
• Implementation and Evaluation
6
Key Idea 1: Proof of Content Transfer
1. Bob w
ants
to credit A
lice
2.Prove
that
you
really hav
e the file!
3. Approve transaction3.
Cre
dit A
lice
Logically centralizedverifier with
access to contente.g., Content Owner, CDN node in P2P-CDN
Streaming Server
Puzzle tied to content.Easy, if you have it
Difficult, if you dont
7
One obvious problem with this idea..
1. Bob w
ants
to credit A
lice
2.Prove
that
you
really hav
e the file!
3. Approve transaction3.
Cre
dit A
lice
Bob doesn’t have the file
Forwards puzzle to Alice; Alice solves puzzle for Bob!
8
Key idea 2: Simultaneous Puzzles
Prove th
at yo
u
really hav
e the file! Prove that you
really have the file!
Bob doesn’t have the file
Forwards puzzle to Alice; Alice solves puzzle for Bob!✕Alice has limited compute resources
9
Outline
• Collusion in Contribution-Aware P2P
• High-Level Idea
• Design and Analysis
• Implementation and Evaluation
10
Puzzle Requirements
Prove th
at yo
u
really hav
e the file! Prove that you
really have the file!
Doesn’t have file Has the file
Low generation costLow verification costTunable puzzle difficulty
Low communication cost
Difficult for Bob Relatively easy for Alice
“Personalized”: Puzzles don’t Help each other
11
Basic Puzzle Construction
….
content, filesize = n bitsSecurity parameters: L, k
Generate L index sets, |L|=kIndexSet {i | i rand(n)}
Pick l* rand(L)
h* Hash( content[IndexSet l* ])
Send h*, IndexSets to Bob
Bob needs to return< l*, IndexSet l*>Within time T
GenerateIndexSets = O(kL)
Overhead to send= O( kL log n)
12
Efficient Puzzle Construction
….
content, filesize = n bitsSecurity parameters: L, k, κ
Generate L index sets, |L|=kIndexSet {i | i rand(n)}
Pick l* rand(L)
h* Hash( content[IndexSet l* ])
Send h*, IndexSets to Bob
Bob needs to return< l*, IndexSet l*>Within time T
PRFs: f1 :{1..L} {0,1}κ
f2 :{1..k} {1..n}
K1 Rand( {0,1}κ )
Pick l* rand(L)K2 f1 K1 (l*)str* content[f2 K2 (1)]|| … ||content[f2 K2(k)] Compute h* Hash(str* )
Send K1, h* to Bob
Generation time independent of L
Communication costs independent of L ,k
13
Security Analysis
ContentOracle
HashOracle Verifier sends P puzzles
to a set of A adversaries
Need to answer puzzles within T seconds
Can make “A qhash “ queries
Each makes “qpost “ more
queries
Make“A qpre“queries
Models how many bits need to be transferred
Captures computeconstraints
Bound the expected number of puzzles that these “A” adversaries can solve, given: n (filesize), P (#puzzles), qhash (#hash queries), qpre (#file bits before), qpost (#file bits after)
Equivalently, what is the minimum qpost required to solve P puzzles.
Key Implication: Can set parameters to ensure that qpost = Ω(n)
14
An Example of the Theorem
15
Outline
• Collusion in Contribution-Aware P2P
• High-Level Idea
• Design and Analysis
• Implementation and Evaluation
16
Implementing Bandwidth Puzzles
• Media streaming using RTP– Jave, jlibrtip implementation
• AES for PRF, SHA-256 for Hash
• What we evaluate …– Client heterogeneity– Impact on application performance– Verifier Scaling– Effect of packet loss
17
Simple Verifier handles > 10000 clients
Take Away: 75 %ile CPU is largely invariant as #clients increases
18
Impact on application performance
Take Away: App performance is unaffected by puzzles
19
Simulating a P2P streaming system
• Streaming model similar to Splitstream– Stream divided into stripes– More stripes greater quality
• Contribution-awareness (Maze, [ICDCS 07])– Peer requests prioritized by “points” earned– 1.5 points for 1MB upload, -1 point for download
• Attack Model: Sybil-like– Fake identities generate fake transactions – Boosts score improves attacker performance
20
Benefits of puzzles via simulation
Take Aways: Honest clients unaffected; Attackers don’t gain!
21
Some caveats ..
• Assumes files are incompressible– Not that big a deal; e.g., MPEG, DivX already pretty compressed
• Cannot exactly pinpoint who has file/doesn’t
• “Invisible” colluders– Get file, “leave” system– Not a problem in streaming system ..
• Setting puzzle threshold ..– 7x worst case allowed; can try memory bound?
22
Summary• P2P Incentives Contribution-Awareness Collusion
– Strategic attackers can game system and deny service to honest users
• Mitigate collusion via Bandwidth Puzzles– Puzzle solution tied to content– Simultaneity to prevent shared solving– Forces bandwidth spending @ misbehaving nodes
• Easy and practical– Unoptimized implementation handles > 10000 clients– Doesn’t affect application
• Immediate performance benefits– Insulates honest clients from strategic attackers– Deters attackers by limiting scope for gaming the system
