DOCSLIB.ORG

Decentralized Location-Aware Orchestration of Containerized Microservice Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Decentralized Location-Aware Orchestration of Containerized Microservice Applications DOCTORAL T H E SIS Lara Lorna Jiménez Decentralized Location-aware Orchestration of Containerized Microservice Applications of Containerized Orchestration Microservice Lara Lorna Jiménez Decentralized Location-aware Department of Computer Science and Electrical Engineering Division of Computer Science ISSN 1402-1544 Decentralized Location-aware ISBN 978-91-7790-617-9 (print) ISBN 978-91-7790-618-6 (pdf) Orchestration of Containerized Luleå University of Technology 2020 Microservice Applications Enabling Distributed Intelligence at the Edge Lara Lorna Jiménez Pervasive and Mobile Computing Decentralized Location-aware Orchestration of Containerized Microservice Applications Enabling Distributed Intelligence at the Edge Lara Lorna Jiménez Luleå University of Technology Department of of Computer Science and Electrical Engineering Division of Computer Science Printed by Luleå University of Technology, Graphic Production 2020 ISSN 1402-1544 ISBN 978-91-7790-617-9 (print) ISBN 978-91-7790-618-6 (pdf) Luleå 2020 www.ltu.se Decentralized Location-aware Orchestration of Containerized Microservice Applications Enabling Distributed Intelligence at the Edge Lara Lorna Jim´enez Dept. of Computer Science and Electrical Engineering Lule˚aUniversity of Technology Sweden Supervisors: Olov Schel´enand K˚areSynnes ii To my parents iii iv Abstract Services that operate on public, private, or hybrid clouds, should always be available and reachable to their end-users or clients. However, a shift in the demand for current and future services has led to new requirements on network infrastructure, service orches- tration, and Quality-of-Service (QoS). Services related to, for example, online-gaming, video-streaming, smart cities, smart homes, connected cars, or other Internet-of-Things (IoT) powered use cases are data-intensive and often have real-time and locality require- ments. These have pushed for a new computing paradigm, Edge computing, based on moving some intelligence from the cloud to the edge of the network to minimize latency and data transfer. This situation has set new challenges for cloud providers, telecommu- nications operators, and content providers. This thesis addresses two issues in this problem area that call for distinct approaches and solutions. Both issues share the common objectives of improving energy-efficiency and mitigating network congestion by minimizing data transfer to boost service perfor- mance, particularly concerning latency, a prevalent QoS metric. The first issue is related to the demand for a highly scalable orchestrator that can manage a geographically distributed infrastructure to deploy services efficiently at clouds, edges, or a combination of these. We present an orchestrator using process containers as the virtualization technology for efficient infrastructure deployment in the cloud and at the edge. The work focuses on a Proof-of-Concept design and analysis of a scalable and resilient decentralized orchestrator for containerized applications, and a scalable monitoring solution for containerized processes. The proposed orchestrator deals with the complexity of managing a geographically dispersed and heterogeneous infrastructure to efficiently deploy and manage applications that operate across different geographical locations | thus facilitating the pursuit of bringing some of the intelligence from the cloud to the edge, in a way that is transparent to the applications. The results show this orchestrator's ability to scale to 20 000 nodes and to deploy 30 000 applications in parallel. The resource search algorithm employed and the impact of location awareness on the orchestrator's deployment capabilities were also analyzed and deemed favorable. The second issue is related to enabling fast real-time predictions and minimizing data transfer for data-intensive scenarios by deploying machine learning models at devices to decrease the need for the processing of data by upper tiers and to decrease predic- tion latency. Many IoT or edge devices are typically resource-scarce, such as FPGAs, ASICs, or low-level microcontrollers. Limited devices make running well-known machine learning algorithms that are either too complex or too resource-consuming unfeasible. Consequently, we explore developing innovative supervised machine learning algorithms v to efficiently run in settings demanding low power and resource consumption, and real- time responses. The classifiers proposed are computationally inexpensive, suitable for parallel processing, and have a small memory footprint. Therefore, they are a viable choice for pervasive systems with one or a combination of these limitations, as they facil- itate increasing battery life and achieving reduced predictive latency. An implementation of one of the developed classifiers deployed to an off-the-shelf FPGA resulted in a pre- dictive throughput of 57.1 million classifications per second, or one classification every 17.485 ns. vi Contents Part I 1 Chapter 1 { Introduction 3 1.1 Motivation and Problem Formulation . .3 1.2 Methodology . .5 1.3 Thesis Outline . .6 Chapter 2 { Research Context 9 2.1 Virtualization . .9 2.2 Recent Computing Paradigms . 11 2.3 Enabling Applications in the Cloud-Edge Continuum . 14 Chapter 3 { Scalable Orchestration and Monitoring of Containers 15 3.1 A Decentralized Container Orchestration Platform . 15 3.1.1 Context Awareness: Location and Latency . 17 3.1.2 Node Identifiers and Discovery . 18 3.1.3 Management of Deployment Objects . 18 3.1.4 Replication and Scaling . 19 3.1.5 Service Discovery and Load Balancing . 20 3.1.6 Scheduling . 21 3.1.7 Multi-tenancy . 23 3.1.8 Distributed Consensus . 23 3.1.9 Other functionalities . 25 3.2 Scalable Monitoring of Container-based Infrastructures . 26 3.3 Use cases . 27 Chapter 4 { Classifiers for resource-constrained devices 31 4.1 Computationally Inexpensive Classifiers for edge and IoT devices . 31 4.2 Use Cases . 34 Chapter 5 { Contributions 35 5.1 Paper A . 35 5.2 Paper B . 36 5.3 Paper C . 36 5.4 Paper D . 37 5.5 Paper E . 38 5.6 Paper F . 39 vii Chapter 6 { Conclusions and Future Work 41 6.1 Conclusions . 41 6.2 Future Work . 44 Part II 53 Paper A 55 1 Introduction . 57 2 Related Work . 59 3 System Architecture . 60 3.1 CoMA: Container Monitoring Agent . 60 3.2 Complementary Components . 62 4 Evaluation . 63 4.1 Validity of CPU and Memory Measurements . 63 4.2 Validity of Block I/O Measurements . 71 5 Discussion . 71 6 Conclusion and Future Work . 72 Paper B 77 1 Introduction . 79 2 DOCMA: an overview . 81 2.1 Applications . 81 2.2 Routing . 82 2.3 Roles . 82 2.4 The DOCMA protocol . 83 3 Deploying an Application . 84 4 Orchestrating an Application . 85 5 Related Work . 86 6 Results and Discussion . 87 7 Conclusions and Future work . 90 Paper C 93 1 Introduction . 95 2 HYDRA System Design . 98 2.1 ID-based Identifier Design . 98 2.2 Node Discovery . 98 2.3 Application Management . 99 2.4 Search for Resources . 99 2.5 Distributed Consensus . 100 3 Location-aware Nodes . 100 4 Applications . 102 5 Roles for Decentralized Orchestration . 102 5.1 The Entry Role . 102 5.2 The Controller Roles: Root and Leaf . 102 viii 5.3 The Service Host Role . 103 5.4 The Roles in Concert . 103 6 Location-aware Application Management . 104 6.1 Type 1 Application Control: Flat . 104 6.2 Type 2 Application Control: Layered . 104 6.3 Application Root ID and Leaf IDs . 106 7 Application Deployment . 107 8 Location-aware Search for Resources . 108 8.1 Random ID . 110 8.2 Maximized XOR Distance between Queried IDs . 110 9 Replication of Services . 110 10 Failure Recovery . 111 10.1 Service Replicas . 112 10.2 Controllers . 112 11 Related Work . 112 12 Experimental Design . 114 13 Experimental Results and Discussion . 120 13.1 Network Scalability . 120 13.2 Application Deployment Scalability . 121 13.3 Performance of the Random Search Algorithm . 123 13.4 Location-aware Deployment . 126 13.5 Location-aware Deployment - One Region Network Partitioned . 127 13.6 HYDRA Design Considerations . 129 14 Conclusions and Future Work . 129 Paper D 135 1 Introduction . 137 1.1 The McCulloch-Pitts neuron model . 138 1.2 Cellular Automata . 138 1.3 Research questions . 139 2 Related work . 140 3 The CAMP algorithm . 141 4 Training of the classifier . 142 4.1 Chromosome encoding . 143 4.2 Fitness calculation . 143 4.3 Selection of individuals . ..
Load more

Recommended publications
  • Conducting and Optimizing Eclipse Attacks in the Kad Peer-To-Peer Network
    Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network Michael Kohnen, Mike Leske, and Erwin P. Rathgeb University of Duisburg-Essen, Institute for Experimental Mathematics, Ellernstr. 29, 45326 Essen [email protected], [email protected], [email protected] Abstract. The Kad network is a structured P2P network used for file sharing. Research has proved that Sybil and Eclipse attacks have been possible in it until recently. However, the past attacks are prohibited by newly implemented secu- rity measures in the client applications. We present a new attack concept which overcomes the countermeasures and prove its practicability. Furthermore, we analyze the efficiency of our concept and identify the minimally required re- sources. Keywords: P2P security, Sybil attack, Eclipse attack, Kad. 1 Introduction and Related Work P2P networks form an overlay on top of the internet infrastructure. Nodes in a P2P network interact directly with each other, i.e., no central entity is required (at least in case of structured P2P networks). P2P networks have become increasingly popular mainly because file sharing networks use P2P technology. Several studies have shown that P2P traffic is responsible for a large share of the total internet traffic [1, 2]. While file sharing probably accounts for the largest part of the P2P traffic share, also other P2P applications exist which are widely used, e.g., Skype [3] for VoIP or Joost [4] for IPTV. The P2P paradigm is becoming more and more accepted also for professional and commercial applications (e.g., Microsoft Groove [5]), and therefore, P2P technology is one of the key components of the next generation internet.
    [Show full text]
  • PSP-Auto: a DHT-Based Data Storage and Retrieval System for Automation
    PSP-Auto: A DHT-based Data Storage and Retrieval System for Automation Jan Skodzik, Peter Danielis, Vlado Altmann, Eike Bjoern Schweissguth, Dirk Timmermann University of Rostock Institute of Applied Microelectronics and Computer Engineering 18051 Rostock, Germany, Tel./Fax: +49 381 498-7284 / -1187251 Email: [email protected] Abstract—In the field of automation, reliability is a key aspect which utilizes volatile rather than rarely available persistent to enable resilient systems. Especially, in areas with extreme memory as miniature devices often have a low or no memory conditions a reliable monitoring is necessary such as factory, capacity anyway. In the preliminary works [3] and [4], it volcano, or laboratory monitoring. These are environments where devices could be stressed uncommonly high and thus more devices has already been shown that a distributed memory can be could fail in a shorter time period in the worst case. Centralized realized by means of the so-called Peer-to-Peer-based Storage monitoring systems, which work in real-time for security reasons, Platform (PSP). Thereby, network elements of an Internet contain a single point of failure in the form of a central control service provider in the access network were networked to store instance. Additionally, if the central instance fails no data is configuration data. As basis, the decentralized and structured available any more as the central instance usually works as the only data sink in the system. Furthermore, with an increasing P2P protocol Kad has been applied. However, the requirements number of devices this system does not scale well. As the number in automation environments are more demanding than in access of devices and their performance will prospectively increase, a networks as automation environments require tremendously new approach is necessary to handle these large-scale systems.
    [Show full text]
  • A Study of Peer-To-Peer Systems
    A Study of Peer-to-Peer Systems JIA, Lu A Thesis Submitted in Partial Fulfilment of the Requirements for the Degree of Master of Philosophy in Information Engineering The Chinese University of Hong Kong August 2009 Abstract of thesis entitled: A Study of Peer-to-Peer Systems Submitted by JIA, Lu for the degree of Master of Philosophy at The Chinese University of Hong Kong in June 2009 Peer-to-peer (P2P) systems have evolved rapidly and become immensely popular in Internet. Users in P2P systems can share resources with each other and in this way the server loading is reduced. P2P systems' good performance and scalability attract a lot of interest in the research community as well as in industry. Yet, P2P systems are very complicated systems. Building a P2P system requires carefully and repeatedly thinking and ex- amining architectural design issues. Instead of setting foot in all aspects of designing a P2P system, this thesis focuses on two things: analyzing reliability and performance of different tracker designs and studying a large-scale P2P file sharing system, Xun- lei. The "tracker" of a P2P system is used to lookup which peers hold (or partially hold) a given object. There are various designs for the tracker function, from a single-server tracker, to DHT- based (distributed hash table) serverless systems. In the first part of this thesis, we classify the different tracker designs, dis- cuss the different considerations for these designs, and provide simple models to evaluate the reliability of these designs. Xunlei is a new proprietary P2P file sharing protocol that has become very popular in China.
    [Show full text]
  • Emule Apk Free Download
    Emule apk free download Continue The app was created to work on ED2K (eDonkey2000 protocol) networks, right on your mobile device! it's not a remote control. Disclaimer: We are not affiliated with the eMule project. Mule for Android provides basic functionality: search for files on servers, download files, share files. You can watch videos while downloading files using the preview feature. The use is simple: when you first start, select an incoming directory; Then, search for files and download them. Buy a paid version if you want to remove ads. Kademlia's initial support is here!. Search sources and keywords are available now. When you first start KAD, you need a download site (IP/port) or a node.dat file at your download location. You can download nodes.dat directly from the mule - click the download button on the preference page to the right of the KAD switch. Check the KAD status with the information button - when YOU work KAD you will see not an empty KAD table. Let me know if you have a problem. It's not a remote control. Disclaimer: We are not affiliated with the eMule project. Mule for Android provides the main features available: search for files on servers, download files, file sharing. You can watch videos when you download files with a preview feature. The use is simple: when you first start, select the input directory; then look for the files and download them. Buy the full version if you want to remove the ads. Kademlia's initial support is here!. Search sources and keywords are now available.
    [Show full text]
  • Vasco Alexandre Maia Dos Santos Infraestrutura Segura E
    Departamento de Eletrónica, Universidade de Aveiro Telecomunicações e Informática 2016 Vasco Alexandre Infraestrutura Segura e Descentralizada para a Maia dos Santos Internet das Coisas Secure Decentralized Internet of Things Infrastructure Departamento de Eletrónica, Universidade de Aveiro Telecomunicações e Informática 2016 Vasco Alexandre Infraestrutura Segura e Descentralizada para a Maia dos Santos Internet das Coisas Secure Decentralized Internet of Things Infrastructure “The walls between art and engineering exist only in our minds” — Theo Jansen Departamento de Eletrónica, Universidade de Aveiro Telecomunicações e Informática 2016 Vasco Alexandre Infraestrutura Segura e Descentralizada para a Maia dos Santos Internet das Coisas Secure Decentralized Internet of Things Infrastructure Dissertação apresentada à Universidade de Aveiro para cumprimento dos re- quisitos necessários à obtenção do grau de Mestre em Engenharia de Com- putadores e Telemática, realizada sob a orientação científica do Doutor Diogo Nuno Pereira Gomes, Professor auxiliar do Departamento de Eletrónica, Te- lecomunicações e Informática da Universidade de Aveiro, e do Doutor João Paulo Silva Barraca, Professor auxiliar do Departamento de Eletrónica, Tele- comunicações e Informática da Universidade de Aveiro. o júri / the jury presidente / president Prof. Doutor André Ventura da Cruz Marnoto Zúquete professor auxiliar da Universidade de Aveiro vogais / examiners committee Prof. Doutora Ana Cristina Costa Aguiar professora auxiliar convidada da Faculdade de Engenharia da Universidade do Porto Prof. Doutor Diogo Nuno Pereira Gomes professor auxiliar da Universidade de Aveiro (orientador) agradecimentos / Gostava de agradecer, em primeiro lugar ao Professor Doutor Diogo Gomes acknowledgements e ao Professor Doutor João Paulo Barraca pela oportunidade de integrar o ATNOG e trabalhar nesta dissertação, bem como por todo o apoio dado ao longo do mestrado.
    [Show full text]
  • A Blockchain System Based on Quantum-Resistant Digital Signature
    Hindawi Security and Communication Networks Volume 2021, Article ID 6671648, 13 pages https://doi.org/10.1155/2021/6671648 Research Article A Blockchain System Based on Quantum-Resistant Digital Signature Peijun Zhang ,1 Lianhai Wang ,1 Wei Wang ,1 Kunlun Fu ,1 and Jinpeng Wang 2 1Qilu University of Technology (Shandong Academy of Sciences), Shandong Provincial Key Laboratory of Computer Networks, Shandong Computer Science Center (National Supercomputer Center in Jinan), Jinan 250014, China 2Shandong Computer Science Center (National Supercomputer Center in Jinan), Jinan 250014, China Correspondence should be addressed to Lianhai Wang; [email protected] Received 17 December 2020; Revised 23 January 2021; Accepted 1 February 2021; Published 4 March 2021 Academic Editor: Debiao He Copyright © 2021 Peijun Zhang et al. ,is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Blockchain, which has a distributed structure, has been widely used in many areas. Especially in the area of smart cities, blockchain technology shows great potential. ,e security issues of blockchain affect the construction of smart cities to varying degrees. With the rapid development of quantum computation, elliptic curves cryptosystems used in blockchain are not secure enough. ,is paper presents a blockchain system based on lattice cipher, which can resist the attack of quantum computation. ,e most challenge is that the size of public keys and signatures used by lattice cryptosystems is typically very large. As a result, each block in a blockchain can only accommodate a small number of transactions.
    [Show full text]
  • Download-Emule-Kad-Server-List.Pdf
    Download Emule Kad Server List Download Emule Kad Server List 1 / 3 2 / 3 web site page displaying list of all active servers on the eDonkey/eMule p2p network. ... ping test update servers list at client start download list in eMule.. 0.50a installed on my computer. I can connect to eD2K network easily but I can't connect to Kad network. I have tried to download from http://www.nodes-dat.com/ but the first button " Add to eMule (from Nodes Server)" did't work and the other two worked but the problem still remains.. Bezpieczna lista serwerów emule do pobrania. Pobierz listę zawsze aktualną. Download server.met & serverlist for eMule.. eMule now connects to both the eDonkey network and the Kad network. ... eMule will use clients it knows already from the ed2k servers to get connected to Kad .... The servers merely help hold the network together. Meanwhile, Kad is a network that is also connectable via eMule. Unlike the ED2K network, ... You can use the easy to use installer or you can download the binaries. The difference is that the .... nodes.dat nodes for emule kademlia net server edonkey overnet. ... von IP/Port im Kad-Fenster, oder. - per Download aus dem Internent, z.B. nodes.dat.. Connecting to servers hasn't been working for a long time. ... started them again (there is free drive space on the download drive) but can't get a Kad connection. ... Block4: ipfilter.dat, nodes.dat, server.met (emule-security.org). Dodaj do #eMule te 2 pliki : Do serwerów, czyli eD2k --- http://www.server-list.info/ Do Kad ---..
    [Show full text]
  • Towards a Basic DHT Service: Analyzing Network Characteristics of a Widely Deployed DHT
    Towards a Basic DHT Service: Analyzing Network Characteristics of a Widely Deployed DHT Konrad Junemann,¨ Philipp Andelfinger, and Hannes Hartenstein Steinbuch Centre for Computing (SCC) Karlsruhe Institute of Technology (KIT), Germany {juenemann, hartenstein}@kit.edu, philipp.andelfi[email protected] Abstract—Distributed Hash Tables (DHTs) prove valuable for DHT-based applications without having to worry about DHT distributed architectures by providing distributed information deployment, running OpenDHT nodes on PlanetLab entailed lookup, routing, and data storage while promising good scala- two disadvantages: first, the DHT did not scale with growing bility and robustness at the same time. From this point of view, a DHT could be seen as a basic service that can be used to numbers of clients as the DHT consisted of a fixed number of build distributed applications. Whereas today no widely deployed (centrally administered) PlanetLab nodes only and clients did and publicly accessible basic DHT service exists and thus DHT- not contribute to the DHT. Second, the OpenDHT nodes had based applications have to deploy their very own DHT networks, to be maintained. DHTs consisting of millions of peers are formed by file sharing Simultaneously, the file-sharing community started lever- clients. Although the interfaces of typical DHTs used for file sharing are too narrow, a basic DHT service could probably be aging DHTs to replace centralized components within their created by bundling a suitable client implementation with file file sharing networks. Therefore, DHT clients were bundled sharing software. In this paper, we evaluate whether a basic with file sharing clients, resulting in widely deployed DHTs DHT service could suit the needs of DHT-based applications introduced by clients like Azureus [31], eDonkey or the Bit- in terms of stability, number of participating peers, the peers’ Torrent Mainline client [13].
    [Show full text]
  • MTFS: Merkle-Tree-Based File System
    MTFS: Merkle-Tree-Based File System 1st Jia Kan 2nd Kyeong Soo Kim Department of Electrical and Electronic Engineering Department of Electrical and Electronic Engineering Xi’an Jiaotong-Liverpool University Xi’an Jiaotong-Liverpool University Suzhou, China Suzhou, China [email protected] [email protected] Abstract—The blockchain technology has been changing file system (CIFS), a dialect of server message block (SMB) our daily lives since Bitcoin—i.e., the first decentralized protocol, is used in private file storage purpose more often, cryptocurrency—was invented and released as open-source soft- especially in enterprises and commercial organizations. Due to ware by an unidentified person or a group called Satoshi Nakamoto in 2009. Of many applications which can be im- the insufficient performance of CIFS/SMB, more powerful and plemented based on the blockchain, storage is an important user-friendly commercial applications like Dropbox, Google one, a notable example of which is the InterPlanetary File Drive, and Baidu Yun appeared, and similar services based System (IPFS). IPFS is a distributed web based on a peer-to- on cloud also were directly integrated into operating systems peer hypermedia protocol to make the web faster, safer, and like Microsoft OneDrive and Apple iCloud. BitTorrent Lab more open and focuses on public accessible files. To provide a solution for private file storage in the blockchain way, in this surprised us by introducing BitTorrent Sync (BTSync; now paper we propose a Merkle-tree-based File System (MTFS). In Resilio Sync), which is a Dropbox-like application without MTFS, the blockchain is more than a trust machine; it is an the requirement of a centralized server.
    [Show full text]
  • Cluster Analysis and Research of the Resource in KAD
    2010 3rd International Conference on Computer and Electrical Engineering (ICCEE 2010) IPCSIT vol. 53 (2012) © (2012) IACSIT Press, Singapore DOI: 10.7763/IPCSIT.2012.V53.No.2.69 Cluster Analysis and Research of the Resource in KAD + Wang Chunhui , Chen Xingshu and Wu Qi School of Computer Science, Sichuan University Chengdu, China Abstract- With the development of P2P file sharing in recent years, KAD network has been widely used. Although there are a large amount of resources in KAD, few of them can meet the users’ demands. In order to find useful rescources in KAD, We need a systematic analysis of its characteristics. Firstly, describe the file score qualitatively, and cluster the resources according to the file size and the file score. Then find out the resources’ features in the network. And finally use the analysis result to evaluate the search result of eMule client, make the conclusion that now search engine of eMule client cannot well satisfy the users’ needs. Keywords- K-mesns algorithm; P2P resources; KAD; cluster analysis 1. Introduction With the development of P2P technologies, sorts of P2P softwares emerged. One of the features of P2P network is anonymity so that users can freely upload any resources. And currently most P2P resources will be automatically uploaded after being downloaded, which causes large amount of various resources distributed widely and spreading quickly over the P2P network. Therefore, users will inevitably find a lot of useless resources during their search. eMule is a P2P file-sharing software with numerous users. eMule v0.42b is formally embedded with the KAD which is a P2P network with neither server nor central node.
    [Show full text]
  • Attacking the Kad Network
    Attacking the Kad Network Peng Wang, James Tyra, Eric Chan-Tin, Tyson Malchow, Denis Foo Kune, Nicholas Hopper, Yongdae Kim University of Minnesota - Twin Cities 200 Union Street SE Minneapolis, MN 55455 {pwang,tyra,dchantin,malchow,foo,hopper,kyd}@cs.umn.edu ABSTRACT DHT Security in general – the problem of ensuring efficient and The Kad network, an implementation of the Kademlia DHT pro- correct peer discovery despite adversarial interference – is an im- tocol, supports the popular eDonkey peer-to-peer file sharing net- portant problem which has been addressed in a number of works [9, work and has over 1 million concurrent nodes. We describe several 26, 4, 17, 12, 23, 15, 24, 13]. However, the majority of these works attacks that exploit critical design weaknesses in Kad to allow an assume a DHT with ring topology and recursive routing; Kademlia attacker with modest resources to cause a significant fraction of all uses a fundamentally different, “multi-path” iterative routing algo- searches to fail. We measure the cost and effectiveness of these rithm as well as a different topology. To our knowledge, no specific, attacks against a set of 16,000 nodes connected to the operational applicable analysis of the security properties of the Kademlia DHT Kad network. We also measure the cost of previously proposed, or the deployed Kad network has appeared in the literature, despite generic DHT attacks against the Kad network and find that our at- the potential impact of an attack on this network. tacks are much more cost effective. Finally, we introduce and eval- In this paper, we describe an attack on the Kad network that uate simple mechanisms to significantly increase the cost of these would allow a few malicious nodes with only modest bandwidth attacks.
    [Show full text]
  • Exploiting KAD: Possible Uses and Misuses
    Exploiting KAD: Possible Uses and Misuses Moritz Steiner, Taoufik En-Najjary, and Ernst W. Biersack Institut Eurecom Sophia–Antipolis, France {steiner,ennajjar,erbi}@eurecom.fr This article is an editorial note submitted to CCR. It has NOT been peer reviewed. Authors take full responsibility for this article’s technical content. Comments can be posted through CCR Online. ABSTRACT [26] there are quite a few peers that do not follow this rule Kad ID Peer-to-peer systems have seen a tremendous growth in the and change their very frequently. last few years and peer-to-peer traffic makes a major frac- 1.1 Routing Lookup tion of the total traffic seen in the Internet. The dominating kad a application for peer-to-peer is file sharing. Some of the most Routing in is based on prefix matching: Node for- wards a query, destined to a node b, to the node in his rout- popular peer-to-peer systems for file sharing have been Nap- ing table that has the smallest XOR-distance. The XOR- ster, FastTrack, BitTorrent, and eDonkey, each one counting d a, b a b d a, b a ⊕ b a million or more users at their peak time. distance ( ) between nodes and is ( )= . kad It is calculated bitwise on the Kad IDsofthetwonodes, We got interested in , since it is the only DHT that a b d a, b has been part of very popular peer-to-peer system with sev- e.g. the distance between = 1011 and = 0111 is ( )= 1011 ⊕ 0111 = 1100. For details of the implementation see eral million simultaneous users.
    [Show full text]