This Article 
 Bibliographic References 
 Add to: 
Mitigating Denial-of-Service Attacks on the Chord Overlay Network: A Location Hiding Approach
April 2009 (vol. 20 no. 4)
pp. 512-527
Mudhakar Srivatsa, IBM T.J. Watson Research Center, Hawthorne
Ling Liu, Georgia Institute of Technology, Atlanta
Serverless distributed computing has received significant attention from both the industry and the research community. Among the most popular applications are the wide area network file systems, exemplified by CFS, Farsite and OceanStore. These file systems store files on a large collection of untrusted nodes that form an overlay network. They use cryptographic techniques to maintain file confidentiality and integrity from malicious nodes. Unfortunately, cryptographic techniques cannot protect a file holder from a Denial-of-Service (DoS) or a host compromise attack. Hence, most of these distributed file systems are vulnerable to targeted file attacks, wherein an adversary attempts to attack a small (chosen) set of files by attacking the nodes that host them. This paper presents LocationGuard − a location hiding technique for securing overlay file storage systems from targeted file attacks. LocationGuard has three essential components: (i) location key, (ii) routing guard, a secure algorithm that protects accesses to a file in the overlay network given its location key, and (iii) a set of location inference guards. Our experimental results quantify the overhead of employing LocationGuard and demonstrate its effectiveness against DoS attacks, host compromise attacks and various location inference attacks.

[1] A. Adya, W. Bolosky, M. Castro, G. Cermak, R. Chaiken, J.R. Douceur, J. Howell, J.R. Lorch, M. Theimer, and R.P. Wattenhofer, “Farsite: Federated, Available and Reliable Storage for an Incompletely Trusted Environment,” Proc. Fifth Symp. Operating Systems Design and Implementation (OSDI), 2002.
[2] M. Atallah, K. Frikken, and M. Blanton, “Dynamic and Efficient Key Management for Access Hierarchies,” Proc. 12th ACM Conf. Computer and Comm. Security (CCS), 2005.
[3] M.J. Atallah, M. Blanton, and K.B. Frikken, “Incorporating Temporal Capabilities in Existing Key Management Schemes,” Proc. 12th European Symp. Research in Computer Security (ESORICS), 2007.
[4] J.K.B. Zhao and A. Joseph, “Tapestry: An Infrastructure for Fault-Tolerance Wide-Area Location and Routing,” Technical Report UCB/CSD-01-1141, Univ. of California, Berkeley, 2001.
[5] E. Cohen and D. Jefferson, “Protection in the Hydra Operating System,” Proc. Fifth ACM Symp. Operating System Principles (SOSP), 1975.
[6] F. Dabek, M.F. Kaashoek, D. Karger, R. Morris, and I. Stoica, “Wide-Area Cooperative Storage with CFS,” Proc. 18th ACM Symp. Operating System Principles (SOSP '01), Oct. 2001.
[7] R. Droms, Dynamic Host Configuration Protocol, IETF RFC 2131,, 2008.
[8] D. Eastlake and P. Jones, US Secure Hash Algorithm I, IETF RFC 3174,, 2001.
[9] Aspectj Compiler, Eclipse, http://eclipse.orgaspectj, 2008.
[10] Data Encryption Standard (DES), FIPS, , 2008.
[11] The Gnutella Home Page, Gnutella, http:/, 2008.
[12] E.J. Goh, H. Shacham, N. Modadugu, and D. Boneh, “SiRiUS: Securing Remote Untrusted Storage,” Proc. 10th Ann. Network and Distributed System Security Symp. (NDSS), 2003.
[13] T. Jaeger and A.D. Rubin, “Preserving Integrity in Remote File Location and Retrieval,” Proc. Ann. Network and Distributed System Security Symp. (NDSS), 1996.
[14] A. Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure Overlay Services,” Proc. ACM SIGCOMM, 2002.
[15] H. Krawczyk, M. Bellare, and R. Canetti, HMAC: Keyed-Hashing for Message Authentication, IETF RFC 2104,, 2008.
[16] J. Kubiatowics, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao, “OceanStore: An Architecture for Global-Scale Persistent Storage,” Proc. Ninth Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS '00), Nov. 2000.
[17] The Caesar Cipher, MathWorld, http:/, 2008.
[18] Shannon Entropy, MathWorld, http://mathworld.wolfram.comEntropy.html , 2008.
[19] AES: Advanced Encryption Standard, NIST,, 2008.
[20] OpenSSL, OpenSSL, http:/, 2008.
[21] OpenSSL, Timing-Based Attacks on RSA Keys, http://www.openssl. org/newssecadv_20030317.txt , 2008.
[22] S. Rafaeli and D. Hutchison, “A Survey of Key Management for Secure Group Communication,” J. ACM Computing Surveys, vol. 35, no. 3, 2003.
[23] S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker, “A Scalable Content-Addressable Network,” Proc. ACM SIGCOMM '01, Aug. 2001.
[24] R. Rivest, The MD5 Message-Digest Algorithm, IETF RFC 1321, http://www.ietf. org/rfcrfc1321.txt, 1992.
[25] A. Rowstron and P. Druschel, “Pastry: Scalable, Distributed Object Location and Routing for Large-Scale Peer-to-Peer Systems,” Proc. 18th IFIP/ACM Int'l Conf. Distributed Systems Platforms (Middleware '01), Nov. 2001.
[26] A. Singh and M. Srivatsa, “Apoidea: Decentralized P2P Web Crawling,” Proc. SIGIR Workshop Distributed Information Retrieval, 2003.
[27] M. Srivatsa and L. Liu, “Vulnerabilities and Security Issues in Structured Overlay Networks: A Quantitative Analysis,” Proc. 20th Ann. Computer Security Applications Conf. (ACSAC), 2004.
[28] M. Srivatsa and L. Liu, “Countering Targeted File Attacks Using Location Keys,” Proc. 14th USENIX Security Symp. (USENIX), 2005.
[29] I. Stoica, R. Morris, D. Karger, M. Kaashoek, and H. Balakrishnan, “Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications,” Proc. ACM SIGCOMM '01, Aug. 2001.
[30] L. Xiong and L. Liu, “Peertrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities,” IEEE Trans. Knowledge and Data Eng., vol. 16, no. 7, July 2004.

Index Terms:
Network Protocols, Distributed Systems, Security and Privacy Protection
Mudhakar Srivatsa, Ling Liu, "Mitigating Denial-of-Service Attacks on the Chord Overlay Network: A Location Hiding Approach," IEEE Transactions on Parallel and Distributed Systems, vol. 20, no. 4, pp. 512-527, April 2009, doi:10.1109/TPDS.2008.125
Usage of this product signifies your acceptance of the Terms of Use.