An Efficient and Secure Peer-To-Peer Overlay Network
Total Page:16
File Type:pdf, Size:1020Kb
An Efficient and Secure Peer-to-Peer Overlay Network Honghao Wang, Yingwu Zhu and Yiming Hu Department of Electrical & Computer Engineering and Computer Science University of Cincinnati {wanghong, zhuy, yhu}@ececs.uc.edu ¡ £ ¥ § © Abstract hops, a single hop may across two nodes con- nected via a high speed LAN, or two separated by a low- Most of structured P2P overlays exploit Distributed bandwidth, long-latency link across half the world, which Hash Table (DHT) to achieve an administration-free, fault will cause significant latency. Proximity Neighbor Selec- tolerant overlay network and guarantee to deliver a mes- tion (PNS) were widely used to optimize overlay routing. ¡ £ ¥ § © sage to the destination within hops. While elegant However, latest research [4] has pointed out that the la- from a theoretical perspective, those systems face diffi- tency of last few hops in a PNS based routing still approxi- culties under an open environment. Not only frequently mated 1.5 times the average round trip time in the underly- joining and leaving of nodes generate enormous mainte- ing network. In order to handle system churn, frequently nance overhead, but also various behaviors and resources joining and leaving of nodes, overlays should repeatedly of peers compromise overlay performance and secu- fresh their routing tables, which generate enormous mainte- rity. nance traffic. Based on the default maintenance periods for Instead of building P2P overlay from the theoretical Bamboo [13, 12], a latest designed DHT system, the total view, this paper builds the overlay network from the per- maintenance traffic is about 7.5 times larger than the same spective of the physical network. By combining different Gnutella system [15]. network topology-aware techniques, a distinctive overlay Moreover, P2P overlays face serious security attackers network that closely matches the Internet topology is con- from malicious nodes, though they have mechanisms to tol- structed. The P2P system based on this structure is not erate fault nodes. Many researches [1, 5, 16] have been done only highly efficient for routing, but also keeps maintenance on different aspects of P2P overlay networks, such as se- overhead very low even under highly dynamic environment. cure routing and object storage/retrieval. However, due to Moreover, the system provides a new aspect to solve many the complexity of the P2P environment, some solutions are security issues. not satisfied, and others are still open. As Castro et al. mentioned in [1], the secure routing of a P2P overlay network requires the solution of three prob- 1. Introduction lems: securely assigning node IDs to nodes, securely main- taining the routing tables, and securely forwarding mes- Structured peer-to-peer (P2P) overlays, such as sages. Although certified node IDs can prevent nodes to Chord [17], CAN [8], Tapestry [20] and Pastry [14], compromise the integrity of the overlay by choosing IDs by are based on Distributed Hash Tables (DHT) to or- themselves, an attacker may swap certificates among nodes ganize all nodes in the system into node ID ring to it controls to increase the fraction of attacker’s nodes in tar- achieve an administration-free, fault-tolerant overly net- get nodes’ routing tables. Also, an attacker may obtain a work and guarantee to deliver a message to the destina- large number of legitimate node IDs, which is called a Sybil ¡ £ ¥ § © © tion within hops, where is the number of attack [5]. For securely maintaining routing table entries, peers in the system. While elegant from a theoretical per- while imposing strong constrains on node IDs in the rout- spective, DHT-based systems face difficulties in an open ing table can limit the effect of hostile nodes, it trades off Internet deployment. the performance of overlays. Since fault nodes may drop the Due to various behaviors and resources of peers in the message passing by, routing the message to the wrong place, real world, the basic operation, the key lookup, of current or pretending to be the root of the message, failure test and P2P overlay is far from efficient and hard to be improved. redundant routing are normally used. However, those meth- Although DHT designs guarantee to solve a query within ods are either hard to be implemented or involve significant Proceedings of the IEEE Conference on Local Computer Networks 30th Anniversary (LCN’05) 0-7695-2421-4/05 $20.00 © 2005 IEEE overhead. Figure 1 illustrates, based on the Internet AS-level topol- This paper, from a different angle, proposes a new P2P ogy provided by [2, 7], all nodes can be divided into groups overlay structure. Unlike current P2P designs, which focus by their Autonomous Systems (AS) locus. Since the Inter- on construct an elegant system overlays, such as node ID net is made up of ASes and each AS is a network under ring, our approach focuses on the physical network, and a single administration authority, it provides a good border builds system overlay based on it. Thus, the physical net- for P2P nodes. Like the AS in the Internet, the group is the work characteristics, such as network locality among nodes, basic unit for routing and organizing nodes in the overlay. network administration among Internet Autonomous Sys- However, to partition nodes only by nodes’ AS residences tems and asymmetric throughput of major network connec- may be too coarse in many cases. A landmarks based vec- tions, can be fully exploited. Not only is the overlay highly tor technique [9] is used to further divide network physi- efficient in message routing and maintenance, but also it cal nearby nodes into teams within an AS. The landmarks provide novel methods to solve security problems. could be the default routers of previous joined nodes. The rest of this paper is structured as follows. Section 2 describes briefly how to construct a overlay network closely 2.1. Peer-to-Peer Overlay Network matches the Internet topology and how to build an high effi- ciency and low maintenance system on it, the details of the In order to support DHT-like ID lookup operation, sim- overlay network can be found in another paper [18]. Based ilar ID mechanism is employed in the overlay. Like cur- on this novel overlay network, Section 3 discusses in de- rent DHT designs, each object in the overlay is assigned tail how to exploit the overlay structure to solve security is- a 128bits ID. Instead of mapping a small range of ob- sues faced by P2P overlay networks. In section 4, we evalu- jects to each node like current overlays, a two-level map- ate our approach using simulation. Section 5 concludes the ping mechanism is used. As mentioned early, our overlay is paper. built up with AS-like groups. The first level is among those groups, and the second level is among teams. The number of nodes within a team is variable to facilitate clustering phys- ical nearby nodes and increasing stabilization under system churn. Normally a team includes 10 to 50 nodes. Each team will choose a leader with decent network bandwidth and availability. Also, a 32bits team ID is assigned to each team. Those IDs are assigned to every group and their teams ran- domly as they first appear in the overlay. The first 64bits of the object ID is separated into two parts. The first 32bits is used to map group ID, and the second 32bits is for team ID. Each group charges the objects with the ID between it- self and the next group, and so is the team, which is similar to Chord [17]. The team is the basic unit to store objects. Two copies of objects will be kept within one team for improved reliabil- Figure 1. Building the system overlay closely ity and availability. One copy is kept in the leader to respond matches the Internet topology queries for all other peers. The other one will be striped into blocks by erasure code technique and stored among team- mates. Since most peers are connected with asymmetric net- work connections, such as DSL and cable modem, to read from many nearby peers will be evidently faster than from one. This characteristic is very helpful to quickly rebuild a 2. Overlay Design new leader when the old one fails. In this section, overlay design will be briefly discussed. 2.1.1. Routing Instead of involving many unstable nodes We will firstly discuss how to construct an overlay closely into system routing, only selected nodes, which have de- approximates the Internet topology, and then based on that cent bandwidth and availability, will become the agents overlay to build a P2P system with efficient lookup, low to route for the overlay. Normally, 3 agents can pro- maintenance overhead and high availability. vide enough availability and performance without impact- The essential behind the overlay structure is to organize ing their hosting machines. A detailed analysis is discussed nodes by their physical network locality in the Internet. As in section 2.4. Proceedings of the IEEE Conference on Local Computer Networks 30th Anniversary (LCN’05) 0-7695-2421-4/05 $20.00 © 2005 IEEE Since our overlay closely matches the Internet topology, mally, the leader of a team can monitor teammates’ chang- the routing mechanism is actually simple compared with ing through their query messages. However, in order to ac- current DHT designs. Since a two-level mapping mecha- curately distinguish each node’s behavior for candidates of nism is used in the overlay, the routing table is made up leaders and agents, each node is designed to send either a of two parts. One records the ID and agents information of query or a keep-alive message to its leader every 30 sec- each group within the overlay, called routing table.Thista- onds.