MIS1000309

advertisement
MIS: Malicious Nodes Identification Scheme
Network-Coding-Based Peer-to-Peer Streaming
Qiyan Wang, Long Vu, Klara Nahrstedt, Himanshu Khurana
Department of Computer Science
University of Illinois at Urbana‐Champaign
IEEE INFOCOM 2010
Outlines
•
•
•
•
Introduction
MIS: Malicious Node Identification Scheme
Simulation Results
Conclusion
Network Coding
• New paradigm of routing:
– Packet mixing at intermediate nodes
A
Traditional routing : store-and-forward
A
= f(
,
,
)
Network coding
• Benefits:
– Maximum throughput, robustness to link failure, energy efficiency …
• Applications:
– Multicast/broadcast, wireless unicast, P2P streaming, P2P file distributing …
2
Network Coding in P2P Streaming Networks
3
• Benefits of network
coding in P2P streaming:
–
–
–
–
Higher playback quality
Shorter buffering delays
Minimal bandwidth
Better resilience to peer
dynamics
A
D
G
Video stream
…
S
E
B
H
…
C
F
Segment [b1, b2, … , bm]
3
Pollution Attacks in Network Coding
4
• Malicious nodes inject corrupted blocks.
A
D
G
Video stream
…
S
B
…
C
Segment [b1, b2, … , bm]
E
H
Pollution rapidly
spreads over the
network!
F
Failure to decode the
original blocks!
4
The Pollution Attack
• Attacker joins an ongoing video channel
• Attacker advertises it has a large
number of chunks
• When neighbors request chunks,
attacker sends bogus chunks
• Receiver plays back bogus chunks
• Each receiver may further forward the
polluted chunks
P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming:
Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.
6
Peer
Peer
request
Peer
Polluter
Peer
Peer
Peer
Peer
7
Existing Defense Strategy:
5
• Checking corrupted blocks at the runtime
– Too computationally costly for real‐time streaming
A
D
G
Video stream
…
S
B
…
C
Segment [b1, b2, … , bm]
E
H
Drop corrupted
blocks at the
runtime
F
5
Pollution Defense Strategy
• Blacklist
• Traffic Encryption
• Chunk Signing
– Use PKI
– Every video source has public-private key pair
– Source uses private key to sign the chunks
– Receiver uses public key of source to verify
integrity of chunk
P. Dhungel, X. Hei, K. W. Ross, N. Saxena, “The Pollution Attack in P2P Live Video Streaming:
Measurement Results and Defenses,” Sigcomm P2P-TV Workshop, Kyoto, 2007.
9
The Idea of MIS (Malicious Identification
Scheme)
• Optimal online efficiency:
– We don’t check corrupted blocks at the runtime
(before decoding).
• Fundamental limit on pollution attacks:
– Instead, we identify malicious nodes whenever
pollution attacks take place.
– We “permanently” remove the identified
malicious nodes from the overlay, so that the
system is free from pollution attacks in the
future.
6
MIS (Malicious node Identification
Scheme)
D
A
H
M
B
E
I
L
S‐server
C
F
G
J
K
7
MIS (Malicious node Identification
Scheme)
• Infected nodes: I, J, K, M, L
D
A
H
M
B
E
I
L
S‐server
C
F
G
J
K
8
MIS (Malicious node Identification
Scheme)
• Detect the existence of pollution attacks based on
the content of decoded original blocks.
D
A
B
E
Alert (with the sequence
number of the segment,
a time stamp, the
reporting node’s ID)
M
H
I
L
S‐server
C
F
G
J
K
9
MIS (Malicious node Identification
Scheme)
• S‐server generates a random checksum for the
polluted segment.
• S‐server disseminates the checksum to the overlay.
D
A
H
M
B
E
I
L
S‐server
C
F
J
Checksum
G
K
10
MIS (Malicious node Identification
Scheme)
• The checksum can help the infected node (K, or I) to
find out which neighbor (J, or F) has sent him a
corrupted block.
D
A
H
M
B
E
I
L
S‐server
C
F
J
Checksum
G
K
11
MIS (Malicious node Identification
Scheme)
• The Infected node (K, or I) reports the discovered suspicious
neighbors (J, or F) to the M‐server, and forwards the
checksum to the reported suspicious neighbors (J, or F).
D
A
H
M‐server
M
B
S‐server
C
E
F
G
I
F is suspicious
L
J
J is suspicious
K
J
F
Suspicious
node list
(SNL)
12
MIS (Malicious node Identification
Scheme)
• With the received checksum, an innocent suspicious node (J)
can find another suspicious node (F), but the malicious node
(F) cannot.
D
A
H
M‐server
M
B
E
I
L
S‐server
C
F
G
J
F is suspicious
K
J
F
Suspicious
node list
(SNL)
13
MIS – Security Guarantees
• Correctness
– A malicious node cannot deny having sent a corrupted
block or disparage any innocent node.
• Guarantee
– When a suspicious node is reported, an evidence is shown to
the M-server to demonstrate that this reported node has
indeed sent out a corrupted block.
• Approaches
– Public-key signature scheme
• Let each node sign the block it sends out using a public-key
signature scheme, and the signature associated with the block can
be used as the evidence.
• This approach requires applying public key signature on each
transmitted block, introducing substantial computational delays due
to the expensive signature generation and verification.
– Non-repudiation transmission protocol
Fig. 2: An example to illustrate network coding in P2P streaming. Each segment consists of m =
2 blocks, and each block has d = 3 codewords. Peer X receives two coded blocks e1,i, e2,i in Si
from the S-server, and produces a new coded block e3,i for peer Y .
Non-Repudiation Transmission Protocol
X: the suspicious node
Y: the reporting node
λ=6
δ=3
Downstream
neighbor
Upstream
neighbor
e
Verify evidence with γ2 , γ4, γ5
Non-Repudiation Transmission Protocol
• Table I lists the probabilities that a malicious party succeeds in our
protocol under several sample parameter selections.
• Prob X (or Prob Y) – the probability that a malicious X (or Y )
succeeds. The space overhead includes Φ(e) and Seq(e) (one
byte for Seq(e)).
0 ≤ θ ≤ λ- δ
Evaluation
• Simulation based on real PPLive overlays obtained in
our previous work [TOMCCAP’09]
– The overlay contains 1600, or 4000 nodes
– Malicious nodes are picked at random
– Each segment consists of 32 blocks, and each block has 256
codewords in GF(256)
– Time taken to identify malicious nodes is less than 6 seconds
[TOMCCAP’09] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang “Understanding the Overlay Characteristics
of a Large‐scale Peer‐to‐Peer IPTV system”, ACM TOMCCAP, 2009.
Comparison
• Online computational times: MIS (5‐10us), Null‐key (1‐2us),
MAC‐based (2ms), Homomorphic signatures or hashes (> 1s).
• Per‐block communication overhead: MIS (22B),
Homomorphic signatures or hashes (128‐256B), Null‐key and
MAC‐based (>256B).
17
Conclusions
• We propose a novel scheme (MIS) to limit
network-coding pollution attacks by
identifying malicious nodes.
• MIS can fully satisfy the requirements of
P2P live streaming systems.
• MIS has high computational efficiency, small
space overhead, and the capability of
handling a large number of corrupted blocks
and malicious nodes.
References
•
•
•
•
•
•
•
[5] M. Krohn, M. Freeman, and D. Mazieres, “On-the-fly Verification of Rateless
Erase Codes for Efficient Content Distribution”, in Proc. IEEE Symp. on Security
and Privacy (Oakland), 2004.
[6] C. Gkantsidis, and P. R. Rodriguez, “Cooperative Security for Network
Coding File Distribution”, in Proc. of IEEE INFOCOM, 2005.
[7] Q. Li, D.-M. Chiu, and J. C. S. Lui, “On the Practical and Security Issues of
Batch Content Distribution Via Network Coding”, in Proc. of IEEE International
Conference on Network Protocols (ICNP’06), 2006.
[9] Z. Yu, Y. Wei, B. Ramkumar, and Y. Guan, “An Efficient Signature-based
Scheme for Securing Network Coding against Pollution Attacks”, in Proc. IEEE
INFOCOM, 2008.
[10] E. Kehdi, and B. Li, “Null Keys: Limiting Malicious Attacks Via Null Space
Properties of Network Coding”, in Proc. of IEEE INFOCOM, 2009.
[11] Z. Yu, Y. Wei, B. Ramkumar, Y. Guan, “An Efficient Scheme for Securing
XOR Network Coding against Pollution Attacks”, IEEE INFOCOM, 2009.
[16] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang, “Understanding the Overlay
Characteristics of a Large-scale Peer-to-Peer IPTV System”, ACM Transactions
on Multimedia Computing, Communications and Applications (TOMCCAP),
2009.
Related Works
• Homomorphic signatures or hashes [Krohn04, Gkantsidis05, Li06,
Charles06, Yu08, Boneh09]
– It’s computationally expensive to verify/generate the signature
for each packet at each hop.
• Null‐key based on the property of null space [Kehdi09]
– Verification key needs to be repeatedly distributed.
• MAC‐based scheme [Yu09]
– Substantial communication overheads are introduced.
• Error‐correction codes [Jaggi07, Kotter07]
– Achievable throughput is determined by the power of the
adversary
• Combining homomorphic MAC and TESLA [Dong09]
– It introduces authentication delay and is suspicious to DoS
attacks.
Download