Copyright © 2008 The Institute of Electronics, Information and Communication Engineers
Regular Section -- Papers -- Application Information Security |
Random Visitor: Defense against Identity Attacks in P2P Networks*
1 The authors are with the Electronics and Telecommunications Research Institute (ETRI), Daejeon 305–700, Korea. E-mail: gjb{at}etri.re.kr, 2 The author is with the faculty of Chung-Ang University, Seoul 156–756, Korea.
Various advantages of cooperative peer-to-peer networks are strongly counterbalanced by the open nature of a distributed, serverless network. In such networks, it is relatively easy for an attacker to launch various attacks such as misrouting, corrupting, or dropping messages as a result of a successful identifier forgery. The impact of an identifier forgery is particularly severe because the whole network can be compromised by attacks such as Sybil or Eclipse. In this paper, we present an identifier authentication mechanism called random visitor, which uses one or more randomly selected peers as delegates of identity proof. Our scheme uses identity-based cryptography and identity ownership proof mechanisms collectively to create multiple, cryptographically protected indirect bindings between two peers, instantly when needed, through the delegates. Because of these bindings, an attacker cannot achieve an identifier forgery related attack against interacting peers without breaking the bindings. Therefore, our mechanism limits the possibility of identifier forgery attacks efficiently by disabling an attacker's ability to break the binding. The design rationale and framework details are presented. A security analysis shows that our scheme is strong enough against identifier related attacks and that the strength increases if there are many peers (more than several thousand) in the network.
Key Words: peer-to-peer, overlay network, security, identifier authentication, random visitor, identity-based cryptography
Manuscript received April 9, 2007. Manuscript revised October 18, 2007.
* Preliminary version of this work was presented at WISA 2006. This research was partly supported by the MIC (Ministry of Information and Communication), Korea, under the HNRC – ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Assessment), the Chung-Ang University Excellent Researcher Grant in 2007, and the IT R&D program of MIC/IITA [2005-S-090-03, Development of P2P Network Security Technology based on Wired/Wireless IPv6 Network].
Reference
[1] D. Anderson, "SETI@home," in Peer-to-Peer: Harnessing the Benefit of a Disruptive Technology, ed. A. Oram, O'Reilly & Associates, Sebastopol, CA, 2001. [2] S.M. Larson, C.D. Snow, M. Shirts, and V.S. Pande, "FOLDING@home and GENOME@home: Using distributed computing to tackle previously intractable problems in computational biology," Computational Genomics, 2002. [3] J. Miller, "Jabber: Conversational technologies," in Peer-to-Peer: Harnessing the Benefits of a Disruptive Technology, ed. A. Oram, pp.77–88, O'Reilly & Associates, Sebastopol, CA, 2001. [4] Networks. [5] G. Kan, "Gnutella," in Peer-to-Peer: Harnessing the Benefit of a Disruptive Technology, ed. A. Oram, O'Reilly & Associates, Sebastopol, CA, 2001. [6] N. Hemming, "Kazaa," available: www.kazaa.com [7] C. Shirky, "Listening to napster," in Peer-to-Peer: Harnessing the Benefit of a Disruptive Technology, ed. A. Oram, O'Reilly & Associates, Sebastopol, CA, 2001. [8] Skype available: www.skype.com [9] S.A. Baset and H. Schulzrinne, "An analysis of the skype peer-to-peer internel telephony protocol," Tech. Rep. CUCS-039-04, Computer Science Department, Columbia University, 2004. [10] M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D.S. Wallach, "Secure routing for structured peer-to-peer overlay networks," SIGOPS Oper. Syst. Rev., vol.36, no.SI, pp.299–314, 2002. [11] J. Douceur, "The sybil attack," Proc. 1st International Peer-To-Peer Systems Workshop (IPTPS), pp.251–260, Cambridge, MA, 2002. [12] A. Shamir, "Identity-based cryptosystems and signature schemes," Proc. CRYPTO 84 on Advances in Cryptology, pp.47–53, Springer-Verlag New York, Santa Barbara, CA, 1985. [13] C. Cocks, "An identity based encryption scheme based on quadratic residues," Proc. 8th IMA International Conference on Cryptography and Coding, pp.360–363, Springer-Verlag, 2001. [14] D. Boneh and M. Franklin, "Identity-based encryption from the weil pairing," SIAM J. Comput., vol.32, no.3, pp.586–615, 2003. [15] L. Martin, "Identity-based encryption: A closer look," ISSA J., pp.22–24, 2005. [16] G. O'Shea and M. Roe, "Child-proof authentication for MIPv6 (CAM)," SIGCOMM Comput. Commun. Rev., vol.31, no.2, pp.4–8, 2001. [17] T. Aura, "Cryptographically generated addresses (CGA)," RFC 3972, IETF, 2005. [18] G. Montenegro and C. Castelluccia, "Statistically unique and cryptographically verifiable (SUCV) identifiers and addresses," Proc. Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, 2002. [19] J. Gu, J. Nah, C. Chae, J. Lee, and J. Jang, "Random visitor: a defense against identity attacks in overlay networks," Proc. 7th International Workshop on Information Security Applications (WISA), pp.601–615, Jeju, Korea, 2006. [20] S. Ratnasamy, I. Stoica, and S. Shenker, "Routing algorithms for DHTs: Some open questions," Proc. First International Workshop on Peer–to–Peer Systems (IPTPS), ed. P. Druschel, M.F. Kaashoek, and A.I.T. Rowstron, Lecture Notes in Computer Science, vol.2429, pp.45–52, Springer, 2002. [21] S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Schenker, "A scalable content-addressable network," Proc. 2001 conference on Applications, technologies, architectures, and protocols for computer communications, pp.161–172, ACM Press, San Diego, California, United States, 2001. [22] I. Stoica, R. Morris, D. Liben-Nowell, D.R. Karger, M.F. Kaashoek, F. Dabek, and H. Balakrishnan, "Chord: A scalable peer-to-peer lookup protocol for internet applications," IEEE/ACM Trans. Netw., vol.11, no.1, pp.17–32, 2003. [23] A. Rowstron and P. Druschel, "Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems," Proc. IFIP/ACM International Conference on Distributed Systems Platforms (Middleware), pp.329–350, 2001. [24] B.Y. Zhao, L. Huang, J. Stribling, S.C. Rhea, A.D. Joseph, and J.D. Kubiatowicz, "Tapestry: A resilient global-scale overlay for service deployment," IEEE J. Sel. Areas Commun., vol.22, no.1, pp.41–53, 2004. [25] L. Gong, "JXTA: A network programming environment," IEEE Internet Computing, vol.5, no.3, pp.88–95, 2001. 613610. [26] T. Dengler and Others, "JXTA v2.0 protocols specification," Tech. Rep., Sun Microsystems, 2001. [27] L. Ganesh and B.Y. Zhao, "Identity theft protection in structured overlays," Proc. 1st Workshop on Secure Network Protocols (NPSec), Boston, MA, 2005. [28] T. Condie, V. Kacholia, S. Sank, J.M. Hellerstein, and P. Maniatis, "Induced churn as shelter from routing-table poisoning," Proc. Network and Distributed System Security Symposium (NDSS), 2006. [29] A. Singh, M. Castro, A. Rowstron, and P. Druschel, "Defending against eclipse attacks on overlay networks," Proc. 11th ACM SIGOPS European Workshop, Leuven, Belgium, 2004. [30] J. Risson and T. Moors, "Survey of research towards robust peer-to-peer networks: Search methods," Tech. Rep. UNSW-EE-P2P-1-1, University of New South Wales, Sept. 2004. [31] E. Sit and R. Morris, "Security considerations for peer-to-peer distributed hash tables," Proc. 1st International Workshop on Peer-to-Peer Systems (IPTPS), 2002. [32] X. Zeng, R. Bagrodia, and M. Gerla, "GloMoSim: A library for parallel simulation of large-scale wireless networks," Proc. Workshop on Parallel and Distributed Simulation, pp.154–161, 1998. [33] H. Rowaihy, W. Enck, P. McDaniel, and T.L. Porta, "Limiting sybil attacks in structured peer-to-peer networks," Tech. Rep. NAS-TR-0017-2005, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, July 2005. [34] G. Danezis, C. Lesniewski-Laas, M.F. Kaashoek, and R. Anderson, "Sybil-resistant DHT routing," Proc. 10th European Symposium On Research In Computer Security, 2005. [35] J. Dinger and H. Hartenstein, "Defending the sybil attack in p2p networks: Taxonomy, challenges, and a proposal for self-registration," Proc. First International Conference on Availability, Reliability and Security (ARES), pp.756–763, 2006. [36] S. [37] E. Okamoto and K. Tanaka, "Key distribution system based on identification information," IEEE J. Sel. Areas Commun., vol.7, no.4, pp.481–485, 1989. [38] W. Diffie and M.E. Hellman, "New directions in cryptography," IEEE Trans. Inf. Theory, vol.22, no.6, pp.644–654, 1976. [39] W. Mao, Modern cryptography: theory and practice, Prentice Hall PTR, Upper Saddle River, NJ, 2004. [40] M. Mambo, K. Usuda, and E. Okamoto, "Proxy signatures: Delegation of the power to sign messages," IEICE Trans. Fundamentals, vol.E79-A, no.9, pp.1338–1354, Sept. 1996. [41] F. Dabek, B. Zhao, P. Druschel, J. Kubiatowicz, and I. Stoica, "Towards a common API for structured peer-to-peer overlays," Proc. 2nd International Workshop on Peer-to-Peer Systems (IPTPS), Berkeley, CA, 2003. [42] K. Aberer, L.O. Alima, A. Ghodsi, S. Girdzijauskas, M. Hauswirth, and S. Haridi, "The essence of P2P: A reference architecture for overlay networks," Proc. 5th IEEE International Conference on Peer-to-Peer Computing, Konstanz, Germany, 2005. [43] K.S. Trivedi, Probability and statistics with reliability, queuing, and computer science applications, 2nd ed., Wiley, New York, 2002. [44] W. Du, J. Deng, Y.S. Han, P.K. Varshney, J. Katz, and A. Khalili, "A pairwise key predistribution scheme for wireless sensor networks," ACM Trans. Inf. Syst. Secur., vol.8, no.2, pp.228–258, 2005. [45] H. Chan, A. Perrig, and D. Song, "Random key predistribution schemes for sensor networks," 2003. [46] Crypto++ Available: http://www.cryptopp.com/ [47] GMP, "GNU Multiple Precision Arithmetic Library," available: http://www.swox.com/gmp
apkun, J.P. Hubaux, and L. Buttyán, "Mobility helps peer-to-peer security," IEEE Trans. Mobile Computing, vol.5, no.1, pp.43–51, 2006.
CiteULike 
Connotea 
Del.icio.us What's this?
This Article 
Abstract
Full Text (PDF)
Alert me when this article is cited
Alert me if a correction is posted
Services
Email this article to a friend
Similar articles in this journal
Alert me to new issues of the journal
Add to My Personal Archive
Download to citation manager
Request Permissions
Google Scholar
Articles by GU, J.
Articles by PARK, S.
Social Bookmarking
What's this?