Issue No. 10 - October (2009 vol. 20)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2008.241
Ben Y. Zhao , UC Santa Barbara, Santa Barbara
Haitao Zheng , UC Santa Barbara, Santa Barbara
Krishna P.N. Puttaswamy , UC Santa Barbara, Santa Barbara
Structured overlay networks can greatly simplify data storage and management for a variety of distributed applications. Despite their attractive features, these overlays remain vulnerable to the Identity attack, where malicious nodes assume control of application components by intercepting and hijacking key-based routing requests. Attackers can assume arbitrary application roles such as storage node for a given file, or return falsified contents of an online shopper's shopping cart. In this paper, we define a generalized form of the Identity attack, and propose a lightweight detection and tracking system that protects applications by redirecting traffic away from attackers. We describe how this attack can be amplified by a Sybil or Eclipse attack, and analyze the costs of performing such an attack. Finally, we present measurements of a deployed overlay that show our techniques to be significantly more lightweight than prior techniques, and highly effective at detecting and avoiding both single node and colluding attacks under a variety of conditions.
Security, routing protocols, distributed systems, overlay networks.
Ben Y. Zhao, Haitao Zheng, Krishna P.N. Puttaswamy, "Securing Structured Overlays against Identity Attacks", IEEE Transactions on Parallel & Distributed Systems, vol. 20, no. , pp. 1487-1498, October 2009, doi:10.1109/TPDS.2008.241