Article

Defending against eclipse attacks on overlay networks

Authors:

Peter Druschel,

Antony RowstronAuthors Info & Claims

EW 11: Proceedings of the 11th workshop on ACM SIGOPS European workshop

Pages 21 - es

https://doi.org/10.1145/1133572.1133613

Published: 19 September 2004 Publication History

Abstract

Overlay networks are widely used to deploy functionality at edge nodes without changing network routers. Each node in an overlay network maintains pointers to a set of neighbor nodes. These pointers are used both to maintain the overlay and to implement application functionality, for example, to locate content stored by overlay nodes. If an attacker controls a large fraction of the neighbors of correct nodes, it can "eclipse" correct nodes and prevent correct overlay operation. This Eclipse attack is more general than the Sybil attack. Attackers can use a Sybil attack to launch an Eclipse attack by inventing a large number of seemingly distinct overlay nodes. However, defenses against Sybil attacks do not prevent Eclipse attacks because attackers may manipulate the overlay maintenance algorithm to mount an Eclipse attack. This paper discusses the impact of the Eclipse attack on several types of overlay and it proposes a novel defense that prevents the attack by bounding the degree of overlay nodes. Our defense can be applied to any overlay and it enables secure implementations of overlay optimizations that choose neighbors according to metrics like proximity. We present preliminary results that demonstrate the importance of defending against the Eclipse attack and show that our defense is effective.

References

[1]

S. Banerjee, B. Bhattacharjee, and C. Kommareddy. Scalable Application Layer Multicast. In Proceedings of ACM SIGCOMM, Aug. 2002.

Digital Library

[2]

Bittorrent, 2004. http://bitconjurer.org/BitTorrent/.

[3]

M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach. Secure routing for structured peer-to-peer overlay networks. In Proc. OSDI 2002, Boston, MA, Dec. 2002.

Digital Library

[4]

M. Castro, P. Druschel, Y. C. Hu, and A. Rowstron. Exploiting network proximity in peer-to-peer overlay networks. Technical Report MSR-TR-2002-82, Microsoft Research, May 2002.

[5]

Y. Chawathe, S. Ratnasamy, L. Breslau, N. Lanham, and S. Shenker. Making Gnutella-like P2P systems scalable. In ACM SIGCOMM, Aug. 2003.

Digital Library

[6]

J. R. Douceur. The Sybil Attack. In Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), Cambridge, Massachusetts, Mar. 2002.

Digital Library

[7]

M. J. Freedman, E. Sit, J. Cates, and R. Morris. Tarzan: A Peer-to-Peer Anonymizing Network Layer. In Proceedings of IPTPS '02, Cambridge, Massachusetts, Mar. 2002.

Digital Library

[8]

The Gnutella protocol specification, 2000. http://dss.clip2.com/GnutellaProtocol04.pdf.

[9]

K. P. Gummadi, R. Gummadi, S. D. Gribble, S. Ratnasamy, S. Shenker, and I. Stoica. The impact of DHT routing geometry on resilience and proximity. In ACM SIGCOMM, Aug. 2003.

Digital Library

[10]

K. Hildrum and J. Kubiatowicz. Asymptotically Efficient Approaches to Fault-Tolerance in Peer-to-Peer Networks. In 17th International Symposium on Distributed Computing, Oct. 2003.

[11]

Y. hua Chu, S. G. Rao, and H. Zhang. A Case For End System Multicast. In Proc. of ACM Sigmetrics, pages 1--12, Santa Clara, CA, June 2000.

Digital Library

[12]

J. Jannotti, D. K. Gifford, K. L. Johnson, M. F. Kaashoek, and J. W. O'Toole. Overcast: Reliable multicasting with an overlay network. In Proc. OSDI 2000, San Diego, California, 2000.

Digital Library

[13]

KaZaa. http://www.kazaa.com/.

[14]

A. Mislove, G. Oberoi, A. Post, C. Reis, P. Druschel, and D. S. Wallach. AP3: Anonymization of Group Communication. In ACM SIGOPS European Workshop, Sept. 2004.

Digital Library

[15]

MSPastry. http://research.microsoft.com/~antr/Pastry.

[16]

OverNet, 2004. http://www.overnet.com/.

[17]

S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker. A scalable content-addressable network. In SIGCOMM, Aug. 2001.

Digital Library

[18]

S. Ratnasamy, S. Shenker, and I. Stoica. Routing algorithms for DHTs: Some open questions. In IPTPS, Mar. 2002.

Digital Library

[19]

M. K. Reiter and A. D. Rubin. Anonymous Web transactions with Crowds. Communications of the ACM, 42(2):32--48, Feb. 1999.

Digital Library

[20]

A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In IFIP/ACM Middleware, Nov. 2001.

Digital Library

[21]

A. Singh. Secure proximity aware routing. In 1st IRIS Workshop, Aug. 2003.

[22]

I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. In ACM SIGCOMM, Aug. 2001.

Digital Library

[23]

E. Zegura, K. Calvert, and S. Bhattacharjee. How to model an internetwork. In INFOCOM96, San Francisco, California, 1996.

Digital Library

[24]

B. Y. Zhao, J. D. Kubiatowicz, and A. D. Joseph. Tapestry: An Infrastructure for Fault-Resilient Wide-area Location and Routing. Technical Report UCB-CSD-01-1141, U. C. Berkeley, Apr. 2001.

Digital Library

Cited By

Cholez TIgnat C(2024)Sybil Attack Strikes Again: Denying Content Access in IPFS with a Single ComputerProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664482(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664482
Shi RCheng RHan BCheng YChen S(2024)A Closer Look into IPFS: Accessibility, Content, and PerformanceProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36560158:2(1-31)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3656015
Tang SAlowaisheq EMi XChen YWang XDou Y(2024)Stealthy Peers: Understanding Security and Privacy Risks of Peer-Assisted Video Streaming2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00041(324-337)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00041
Show More Cited By

Recommendations

Defending P2Ps from Overlay Flooding-based DDoS
ICPP '07: Proceedings of the 2007 International Conference on Parallel Processing

flooding-based search mechanism is often used in unstructured P2P systems. Although a flooding-based search mechanism is simple and easy to implement, it is vulnerable to overlay distributed denial-of-service (DDoS) attacks. Most previous security ...
Mitigation of Sybil Attacks in Structured P2P Overlay Networks
SKG '12: Proceedings of the 2012 Eighth International Conference on Semantics, Knowledge and Grids

Sybils, i.e., the bane of malicious identities under a common control entity, are commonly controlled by an attacker. In Sybil attack, a single malicious user forges multiple fake identities and pretends to be multiple, distinct physical node in the ...
Defending against flooding-based distributed denial-of-service attacks: a tutorial

Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EW 11: Proceedings of the 11th workshop on ACM SIGOPS European workshop

September 2004

214 pages

ISBN:9781450378079

DOI:10.1145/1133572

General Chair:
Yolande Berbers
K. U. Leuven, Leuven (Heverlee), Belgium
,
Program Chair:
Miguel Castro
Microsoft Research Ltd., Cambridge, UK

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 September 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

EW04

Sponsor:

SIGOPS

EW04: ACM SIGOPS European Workshop 2004

September 19 - 22, 2004

Leuven, Belgium

Acceptance Rates

EW 11 Paper Acceptance Rate 37 of 37 submissions, 100%;

Overall Acceptance Rate 37 of 37 submissions, 100%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

117
Total Citations
View Citations
683
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Cholez TIgnat C(2024)Sybil Attack Strikes Again: Denying Content Access in IPFS with a Single ComputerProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664482(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664482
Shi RCheng RHan BCheng YChen S(2024)A Closer Look into IPFS: Accessibility, Content, and PerformanceProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36560158:2(1-31)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3656015
Tang SAlowaisheq EMi XChen YWang XDou Y(2024)Stealthy Peers: Understanding Security and Privacy Risks of Peer-Assisted Video Streaming2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00041(324-337)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00041
Salzano FPareschi R(2023)Enhancing blockchain security through natural language processing and real-time monitoringInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2023.2272280(1-16)Online publication date: 6-Nov-2023
https://doi.org/10.1080/17445760.2023.2272280
Neu JSridhar SYang LTse DAlizadeh MHerlihy MNarula N(2022)Longest Chain Consensus Under Bandwidth ConstraintProceedings of the 4th ACM Conference on Advances in Financial Technologies10.1145/3558535.3559777(126-147)Online publication date: 19-Sep-2022
https://dl.acm.org/doi/10.1145/3558535.3559777
Balduf LHenningsen SFlorian MRust SScheuermann B(2022)Monitoring Data Requests in Decentralized Data Storage Systems: A Case Study of IPFS2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS54860.2022.00069(658-668)Online publication date: Jul-2022
https://doi.org/10.1109/ICDCS54860.2022.00069
Rahmani LMinarsch DWard JDignum FLomuscio AEndriss UNowé A(2021)Peer-to-peer Autonomous Agent Communication NetworkProceedings of the 20th International Conference on Autonomous Agents and MultiAgent Systems10.5555/3463952.3464073(1037-1045)Online publication date: 3-May-2021
https://dl.acm.org/doi/10.5555/3463952.3464073
Aslam STošić AMrissa M(2021)Secure and Privacy-Aware Blockchain Design: Requirements, Challenges and SolutionsJournal of Cybersecurity and Privacy10.3390/jcp10100091:1(164-194)Online publication date: 14-Mar-2021
https://doi.org/10.3390/jcp1010009
Brotsis SLimniotis KBendiab GKolokotronis NShiaeles S(2021)On the suitability of blockchain platforms for IoT applications: Architectures, security, privacy, and performanceComputer Networks10.1016/j.comnet.2021.108005191(108005)Online publication date: May-2021
https://doi.org/10.1016/j.comnet.2021.108005
van der Linde ALeitão JPreguiça N(2020)Practical client-side replicationProceedings of the VLDB Endowment10.14778/3407790.340784713:12(2590-2605)Online publication date: 1-Jul-2020
https://dl.acm.org/doi/10.14778/3407790.3407847
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents