The Community for Technology Leaders
Green Image
Issue No. 10 - October (2009 vol. 20)
ISSN: 1045-9219
pp: 1487-1498
Ben Y. Zhao , UC Santa Barbara, Santa Barbara
Haitao Zheng , UC Santa Barbara, Santa Barbara
Krishna P.N. Puttaswamy , UC Santa Barbara, Santa Barbara
ABSTRACT
Structured overlay networks can greatly simplify data storage and management for a variety of distributed applications. Despite their attractive features, these overlays remain vulnerable to the Identity attack, where malicious nodes assume control of application components by intercepting and hijacking key-based routing requests. Attackers can assume arbitrary application roles such as storage node for a given file, or return falsified contents of an online shopper's shopping cart. In this paper, we define a generalized form of the Identity attack, and propose a lightweight detection and tracking system that protects applications by redirecting traffic away from attackers. We describe how this attack can be amplified by a Sybil or Eclipse attack, and analyze the costs of performing such an attack. Finally, we present measurements of a deployed overlay that show our techniques to be significantly more lightweight than prior techniques, and highly effective at detecting and avoiding both single node and colluding attacks under a variety of conditions.
INDEX TERMS
Security, routing protocols, distributed systems, overlay networks.
CITATION
Ben Y. Zhao, Haitao Zheng, Krishna P.N. Puttaswamy, "Securing Structured Overlays against Identity Attacks", IEEE Transactions on Parallel & Distributed Systems, vol. 20, no. , pp. 1487-1498, October 2009, doi:10.1109/TPDS.2008.241
97 ms
(Ver 3.1 (10032016))