Feasibility of DDoS attacks using P2P Systems and Prevention through Robust Membership Management

Get BibTex-formatted data

Author

Xin Sun, Ruben Torres and Sanjay Rao

Entry type

techreport

Abstract

We show that malicious nodes in a peer-to-peer system may impact the external Internet environment, by causing large-scale distributed denial of service attacks on nodes not even part of the overlay system. This is in contrast to attacks that disrupt the normal functioning, and performance of the overlay system itself. We formulate several principles critical to the design of membership management protocols robust to such attacks. We show that (i) pull-based mechanisms are preferable to push-based mechanisms; (ii) it is critical to validate membership information received by a node, and even simple probe-based techniques can be quite effective; (iii) validating information by requiring corrobaration from multiple sources can provide good security properties with insignificant performance penalties; and (iv) it is important to bound the number of distinct logical identifier (e.g. IDs in a DHT) corresponding to the same physical identifier (e.g., IP address), which a participating node is unable to validate. We demonstrate the importance of these principles in the context of the KAD system for file distribution, and ESM system for video broadcasting. To our knowledge, this is the first systematic study of issues in the design of membership management algorithms in peer-to-peer systems so they may be robust to attacks exploiting them for DDoS attacks on external nodes.

Date

2007

Key alpha

Denial of Service

Affiliation

Purdue University

Publication Date

2007-01-01

Keywords

Denial of Service, Peer-to-Peer, Group Management, Reflector Attacks, Intrusion Detection

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Denial of Service,
	title = "Feasibility of DDoS attacks using P2P Systems and Prevention through Robust Membership Management ",
	author = "Xin Sun, Ruben Torres and Sanjay Rao",
	year = "2007",
	abstract = "We show that malicious nodes in a peer-to-peer system may impact the
external Internet environment, by causing large-scale distributed
denial of service attacks on nodes not even part of the overlay
system. This is in contrast to attacks that disrupt the normal
functioning, and performance of the overlay system itself. 
We formulate several principles critical to the design of
membership management protocols robust to such attacks. 
We show that (i) pull-based mechanisms are preferable to push-based mechanisms;
(ii) it is critical to validate membership information received by a
node, and even simple probe-based techniques can be quite effective;
(iii) validating information by requiring corrobaration from multiple
sources can provide good security properties with insignificant
performance penalties; and (iv) it is important to bound the 
number of distinct logical identifier (e.g. IDs in a DHT)
corresponding to the same physical identifier (e.g., IP address),
which a participating node is unable to validate.
We demonstrate the importance of these principles in the context of 
the KAD system for file distribution, and ESM system for video broadcasting.
To our knowledge, this is the first systematic study of issues in the design of
membership management algorithms in peer-to-peer systems so they may
be robust to attacks exploiting them for DDoS attacks on external nodes.",
	affiliation = "Purdue University",
	keywords = "Denial of Service, Peer-to-Peer, Group Management, Reflector Attacks, Intrusion Detection",
}