Issue No. 10 - October (2009 vol. 20)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2008.241
Krishna P.N. Puttaswamy , UC Santa Barbara, Santa Barbara
Haitao Zheng , UC Santa Barbara, Santa Barbara
Ben Y. Zhao , UC Santa Barbara, Santa Barbara
Structured overlay networks can greatly simplify data storage and management for a variety of distributed applications. Despite their attractive features, these overlays remain vulnerable to the Identity attack, where malicious nodes assume control of application components by intercepting and hijacking key-based routing requests. Attackers can assume arbitrary application roles such as storage node for a given file, or return falsified contents of an online shopper's shopping cart. In this paper, we define a generalized form of the Identity attack, and propose a lightweight detection and tracking system that protects applications by redirecting traffic away from attackers. We describe how this attack can be amplified by a Sybil or Eclipse attack, and analyze the costs of performing such an attack. Finally, we present measurements of a deployed overlay that show our techniques to be significantly more lightweight than prior techniques, and highly effective at detecting and avoiding both single node and colluding attacks under a variety of conditions.
Security, routing protocols, distributed systems, overlay networks.
B. Y. Zhao, H. Zheng and K. P. Puttaswamy, "Securing Structured Overlays against Identity Attacks," in IEEE Transactions on Parallel & Distributed Systems, vol. 20, no. , pp. 1487-1498, 2008.