The Community for Technology Leaders
IEEE International Performance Computing and Communications Conference (2011)
Orlando, FL, USA
Nov. 17, 2011 to Nov. 19, 2011
ISBN: 978-1-4673-0010-0
pp: 1-8
Ren Zhang , Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing 100871, China
Jianyu Zhang , Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing 100871, China
Yuan Zhang , Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing 100871, China
Bingshuang Liu , Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing 100871, China
Yu Chen , Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing 100871, China
Nanhao Qin , Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing 100871, China
ABSTRACT
The security aspect of Distributed Hash Tables (DHT-s), the principal model for structured P2P networks, has received considerable attention from research community, and the eclipse attack is one of the most severe threats targeting DHTs. Most of currently effective defense mechanisms suffer from significant communication cost. In this paper we present a novel approach to address eclipse attacks -- making such attacks computationally infeasible. The backbone of our approach is a scheme for generating node IDs, which requires a user to solve a computational puzzle generated by her network parameters together with time-related information, in order for him to obtain a valid ID. Such procedure normally should be completed within a couple seconds of CPU time, and an ID can be easily verified for its validity. However, carrying out an eclipse attack on a specific key demands massive computing resources. We have evaluated our method by analyzing the cost of an attacker, using real-world data from BitTorrent, and the result is that it takes thousands of processors running day and night to find sufficient number of IDs. We also have simulated the computing cost of both benign users and attackers, and the outcome also supports the above claim. Unlike most existing defense mechanisms, for our method the induced communication cost and churn is negligible, and no centralized service is required.
INDEX TERMS
CITATION
Ren Zhang, Jianyu Zhang, Yuan Zhang, Bingshuang Liu, Yu Chen, Nanhao Qin, "Making eclipse attacks computationally infeasible in large-scale DHTs", IEEE International Performance Computing and Communications Conference, vol. 00, no. , pp. 1-8, 2011, doi:10.1109/PCCC.2011.6108091
178 ms
(Ver 3.3 (11022016))