the index poisoning attack in p2p file sharing systems
DESCRIPTION
The Index Poisoning Attack in P2P File Sharing Systems. Keith W. Ross Polytechnic University. Jian Liang. Naoum Naoumov. Joint work with:. Internet Traffic. CF: CacheLogic. File Distribution Systems: 2005. Attacks on P2P: Decoying. Two types: File corruption: pollution - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/1.jpg)
The Index Poisoning Attack in
P2P File Sharing Systems
Keith W. RossPolytechnic University
![Page 2: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/2.jpg)
• Jian Liang • Naoum Naoumov
Joint work with:
![Page 3: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/3.jpg)
Internet Traffic
CF: CacheLogic
![Page 4: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/4.jpg)
File Distribution Systems: 2005
![Page 5: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/5.jpg)
Attacks on P2P: Decoying
Two types:• File corruption: pollution• Index poisoningInvestigated in two networks:• FastTrack/Kazaa
– Unstructured P2P network
• Overnet– Structured (DHT) P2P network– Part of eDonkey
![Page 6: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/6.jpg)
File Pollution
pollution company
polluted content
original content
![Page 7: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/7.jpg)
File Pollution
pollution company
pollution server
pollution server
pollution server
pollution server
file sharingnetwork
![Page 8: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/8.jpg)
File Pollution
Unsuspecting usersspread pollution !
![Page 9: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/9.jpg)
File Pollution
Unsuspecting usersspread pollution !
Yuck
![Page 10: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/10.jpg)
Index Poisoning
index title location bigparty 123.12.7.98smallfun 23.123.78.6heyhey 234.8.89.20
file sharingnetwork
123.12.7.98
23.123.78.6
234.8.89.20
![Page 11: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/11.jpg)
Index Poisoning
index title location bigparty 123.12.7.98smallfun 23.123.78.6heyhey 234.8.89.20123.12.7.98
23.123.78.6
234.8.89.20
index title location bigparty 123.12.7.98smallfun 23.123.78.6heyhey 234.8.89.20bighit 111.22.22.22
111.22.22.22
![Page 12: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/12.jpg)
![Page 13: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/13.jpg)
![Page 14: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/14.jpg)
Overnet: DHT
• (version_id, location) stored in nodes with ids close to version_id
• (hash_title, version_id) stored in nodes with ids close to hash_title
• First search hash_title, get version_id and metada
• Then search version_id, get location
![Page 15: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/15.jpg)
Overnet0001
0011
0100
0101
10001010
1100
1111
PublishQuery
Download
![Page 16: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/16.jpg)
FastTrack Overlay
Each SN maintains a local index
ON =ordinary node
SN = super node
SN
ON
ONON
![Page 17: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/17.jpg)
FastTrack Query
ON =ordinary node
SN = super node
SN
ON
ONON
![Page 18: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/18.jpg)
FastTrack Download
ON =ordinary node
SN = super node
SN
ON
ONON
HTTP requestfor hash value
![Page 19: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/19.jpg)
FastTrack Download
ON =ordinary node
SN = super node
SN
ON
ONON
P2P file transfer
![Page 20: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/20.jpg)
Attacks: How Effective?
• For a given title, what fraction of the “copies” are– Clean ?– Poisoned?– Polluted?
• Brute-force approach:– attempt download all versions– For those versions that download, listen/watch
each one
• How do we determine pollution levels without downloading?
![Page 21: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/21.jpg)
Titles, versions, hashes & copies
• The title is the title of song/movie/software
• A given title can have thousands of versions
• Each version has its own hash
• Each version can have thousands of copies
• A title can also have non-existent versions, each identified by a hash
![Page 22: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/22.jpg)
Definition of Pollution and Poisoning Levels
• (t, t+ Δ): investigation interval
• V: set of all versions of title T
• V1, V2, V3: sets of poisoned, polluted, clean versions
• Cv: number of advertised copies of version v
Vvv
Vvv
i C
C
L i
![Page 23: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/23.jpg)
How to Estimate?
• Need Cv, vєV
• Need V1, V2, V3
– Don’t want to download and listen to files!
Solution:
• Harvest Cv, vєV, and copy locations– Overnet: Insert node, receive publish msg’s– FastTrack: Crawl
• Heuristic for V1, V2, V3
![Page 24: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/24.jpg)
Copies at Users
FastTrack Overnet
![Page 25: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/25.jpg)
Heuristic
• Identify heavy and light publishers
• Hh = set of hashes from heavy publishers
• Hl = set of hashes from light publishers
polluted versions
cleanversionspoisoned
versions
Hh
Hl
![Page 26: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/26.jpg)
Heuristic: More
Evaluation #Download # Success #Accuracy # False
Polluted 8,450 8,400 99.4% 0.6% (positive)
Poisoned 33,186 1,156 96.5% 3.5% (negative)
Heuristic is accurate & does not involve any downloading!
![Page 27: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/27.jpg)
FastTrack Versions
![Page 28: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/28.jpg)
FastTrack Copies
![Page 29: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/29.jpg)
Overnet Copies
![Page 30: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/30.jpg)
Blacklisting
• Assign reputations to /n subnets– Bad reputation to subnets with large
number of advertised copies of any title
• Obtain reputations locally; share with distributed algorithm
• Locally blacklist /n subnets with bad reputations
![Page 31: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/31.jpg)
Blacklisting: More
![Page 32: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/32.jpg)
The Inverse Attack• Attacks on P2P systems:
• But can also exploit P2P sytems for DDoS attacks against innocent host:
![Page 33: The Index Poisoning Attack in P2P File Sharing Systems](https://reader030.vdocument.in/reader030/viewer/2022032709/568130fa550346895d9725e8/html5/thumbnails/33.jpg)
Summary&
Thank You!