Securing Structured Overlays Against Identity Attacks
Krishna P. N. Puttaswamy
Haitao Zheng
Ben Y. Zhao
IEEE Transactions on Parallel and Distributed Systems, Vol. 20, No. 10, Pgs 1487-1498, October 2009
[Full Text in PDF Format, 2MB]
Paper Abstract
Structured overlay networks can greatly simplify data storage and
management for a variety of distributed applications. Despite their
attractive features, these overlays remain vulnerable to the Identity
attack, where malicious nodes assume control of application components by
intercepting and hijacking key-based routing (KBR)
requests. Attackers can assume arbitrary application roles such as storage
node for a given file, or return falsified contents of an online shopper's
shopping cart. In this paper, we define a generalized form of the Identity
attack, and propose a light-weight detection and tracking system that
protects applications by redirecting traffic away from attackers. We
describe how this attack can be amplified by a Sybil or Eclipse attack, and
analyze the costs of performing such an attack. Finally, we present
measurements of a deployed overlay that show our techniques to be
significantly more light-weight than prior techniques, and highly effective
at detecting and avoiding both single node and colluding attacks under a
variety of conditions.