the index poisoning attack in p2p file sharing systems keith w. ross polytechnic university
TRANSCRIPT
![Page 1: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/1.jpg)
The Index Poisoning Attack in
P2P File Sharing Systems
Keith W. RossPolytechnic University
![Page 2: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/2.jpg)
• Jian Liang • Naoum Naoumov
Joint work with:
![Page 3: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/3.jpg)
Internet Traffic
CF: CacheLogic
![Page 4: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/4.jpg)
File Distribution Systems: 2005
![Page 5: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/5.jpg)
Attacks on P2P: Decoying
Two types:• File corruption: pollution• Index poisoningInvestigated in two networks:• FastTrack/Kazaa
– Unstructured P2P network
• Overnet– Structured (DHT) P2P network– Part of eDonkey
![Page 6: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/6.jpg)
File Pollution
pollution company
polluted content
original content
![Page 7: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/7.jpg)
File Pollution
pollution company
pollution server
pollution server
pollution server
pollution server
file sharingnetwork
![Page 8: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/8.jpg)
File Pollution
Unsuspecting usersspread pollution !
![Page 9: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/9.jpg)
File Pollution
Unsuspecting usersspread pollution !
Yuck
![Page 10: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/10.jpg)
Index Poisoning
index title location bigparty 123.12.7.98smallfun 23.123.78.6heyhey 234.8.89.20
file sharingnetwork
123.12.7.98
23.123.78.6
234.8.89.20
![Page 11: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/11.jpg)
Index Poisoning
index title location bigparty 123.12.7.98smallfun 23.123.78.6heyhey 234.8.89.20123.12.7.98
23.123.78.6
234.8.89.20
index title location bigparty 123.12.7.98smallfun 23.123.78.6heyhey 234.8.89.20bighit 111.22.22.22
111.22.22.22
![Page 12: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/12.jpg)
![Page 13: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/13.jpg)
![Page 14: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/14.jpg)
Overnet: DHT
• (version_id, location) stored in nodes with ids close to version_id
• (hash_title, version_id) stored in nodes with ids close to hash_title
• First search hash_title, get version_id and metada
• Then search version_id, get location
![Page 15: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/15.jpg)
Overnet0001
0011
0100
0101
10001010
1100
1111
PublishQuery
Download
![Page 16: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/16.jpg)
FastTrack Overlay
Each SN maintains a local index
ON =ordinary node
SN = super node
SN
ON
ONON
![Page 17: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/17.jpg)
FastTrack Query
ON =ordinary node
SN = super node
SN
ON
ONON
![Page 18: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/18.jpg)
FastTrack Download
ON =ordinary node
SN = super node
SN
ON
ONON
HTTP requestfor hash value
![Page 19: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/19.jpg)
FastTrack Download
ON =ordinary node
SN = super node
SN
ON
ONON
P2P file transfer
![Page 20: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/20.jpg)
Attacks: How Effective?
• For a given title, what fraction of the “copies” are– Clean ?– Poisoned?– Polluted?
• Brute-force approach:– attempt download all versions– For those versions that download, listen/watch
each one
• How do we determine pollution levels without downloading?
![Page 21: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/21.jpg)
Titles, versions, hashes & copies
• The title is the title of song/movie/software
• A given title can have thousands of versions
• Each version has its own hash
• Each version can have thousands of copies
• A title can also have non-existent versions, each identified by a hash
![Page 22: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/22.jpg)
Definition of Pollution and Poisoning Levels
• (t, t+ Δ): investigation interval
• V: set of all versions of title T
• V1, V2, V3: sets of poisoned, polluted, clean versions
• Cv: number of advertised copies of version v
Vvv
Vvv
i C
C
L i
![Page 23: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/23.jpg)
How to Estimate?
• Need Cv, vєV
• Need V1, V2, V3
– Don’t want to download and listen to files!
Solution:
• Harvest Cv, vєV, and copy locations– Overnet: Insert node, receive publish msg’s– FastTrack: Crawl
• Heuristic for V1, V2, V3
![Page 24: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/24.jpg)
Copies at Users
FastTrack Overnet
![Page 25: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/25.jpg)
Heuristic
• Identify heavy and light publishers
• Hh = set of hashes from heavy publishers
• Hl = set of hashes from light publishers
polluted versions
cleanversionspoisoned
versions
Hh
Hl
![Page 26: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/26.jpg)
Heuristic: More
Evaluation #Download # Success #Accuracy # False
Polluted 8,450 8,400 99.4% 0.6% (positive)
Poisoned 33,186 1,156 96.5% 3.5% (negative)
Heuristic is accurate & does not involve any downloading!
![Page 27: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/27.jpg)
FastTrack Versions
![Page 28: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/28.jpg)
FastTrack Copies
![Page 29: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/29.jpg)
Overnet Copies
![Page 30: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/30.jpg)
Blacklisting
• Assign reputations to /n subnets– Bad reputation to subnets with large
number of advertised copies of any title
• Obtain reputations locally; share with distributed algorithm
• Locally blacklist /n subnets with bad reputations
![Page 31: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/31.jpg)
Blacklisting: More
![Page 32: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/32.jpg)
The Inverse Attack• Attacks on P2P systems:
• But can also exploit P2P sytems for DDoS attacks against innocent host:
![Page 33: The Index Poisoning Attack in P2P File Sharing Systems Keith W. Ross Polytechnic University](https://reader036.vdocuments.net/reader036/viewer/2022062511/5514f830550346b0338b628b/html5/thumbnails/33.jpg)
Summary&
Thank You!