The Trinity (Brodsky et al., 2007) spam classification system is based on a distributed hash table that is implemented using a structured peer-to-peer overlay. Such an overlay must be capable of processing hundreds of messages per second, and must be able to route messages to their destination even in the presence of failures and malicious peers that misroute packets or inject fraudulent routing information into the system. Typically there is tension between the requirements to route messages securely and efficiently in the overlay. We describe a secure and efficient routing extension that we developed within the I3 (Stoica et al. 2004) implementation of the Chord (Stoica et al. 2001) overlay. Secure routing is accomplished through several complementary approaches: First, peers in close proximity form overlapping groups that police themselves to identify and mitigate fraudulent routing information. Second, a form of random routing solves the problem of entire packet flows passing through a malicious peer. Third, a message authentication mechanism links each message to it sender, preventing spoofing. Fourth, each peer's identifier links the peer to its network address, and at the same time uniformly distributes the peers in the key-space. Lastly, we present our initial evaluation of the system, comprising a 255 peer overlay running on a local cluster. We describe our methodology and show that the overhead of our secure implementation is quite reasonable.
Deep Dive into Our Brothers Keepers: Secure Routing with High Performance.
The Trinity (Brodsky et al., 2007) spam classification system is based on a distributed hash table that is implemented using a structured peer-to-peer overlay. Such an overlay must be capable of processing hundreds of messages per second, and must be able to route messages to their destination even in the presence of failures and malicious peers that misroute packets or inject fraudulent routing information into the system. Typically there is tension between the requirements to route messages securely and efficiently in the overlay. We describe a secure and efficient routing extension that we developed within the I3 (Stoica et al. 2004) implementation of the Chord (Stoica et al. 2001) overlay. Secure routing is accomplished through several complementary approaches: First, peers in close proximity form overlapping groups that police themselves to identify and mitigate fraudulent routing information. Second, a form of random routing solves the problem of entire packet flows passing thr
Our Brothers’ Keepers: Secure Routing with High Performance ∗
Alex Brodsky
University of Winnipeg
Winnipeg, MB, Canada, R3B 2E9
abrodsky@acs.uwinnipeg.ca
Scott Lindenberg
University of Winnipeg
Winnipeg, MB, Canada, R3B 2E9
slindenb@acs.uwinnipeg.ca
November 9, 2018
Abstract
The Trinity [BB07] spam classification system is based on a distributed hash table that is imple-
mented using a structured peer-to-peer overlay. Such an overlay must be capable of processing hundreds
of messages per second, and must be able to route messages to their destination even in the presence
of failures and malicious peers that misroute packets or inject fraudulent routing information into the
system. Typically there is tension between the requirements to route messages securely and efficiently
in the overlay.
We describe a secure and efficient routing extension that we developed within the I3 [SAZ+04]
implementation of the Chord [SMK+01] overlay. Secure routing is accomplished through several com-
plementary approaches: First, peers in close proximity form overlapping groups that police themselves
to identify and mitigate fraudulent routing information. Second, a form of random routing solves the
problem of entire packet flows passing through a malicious peer. Third, a message authentication mech-
anism links each message to it sender, preventing spoofing. Fourth, each peer’s identifier links the peer
to its network address, and at the same time uniformly distributes the peers in the key-space.
Lastly, we present our initial evaluation of the system, comprising a 255 peer overlay running on a
local cluster. We describe our methodology and show that the overhead of our secure implementation is
quite reasonable.
keywords: secure routing, peer authentication, distributed hash tables
∗This research was supported by an NSERC Discovery grant.
arXiv:0808.1744v1 [cs.DC] 12 Aug 2008
1
Introduction
Systems such as Trinity [BB07], LOCKSS [MRR+03], and others are based on distributed hash tables that
are implemented on top of peer-to-peer structured overlays. These overlays differ from better known peer-
to-peer systems such as BitTorrent in three fundamental ways. First, these overlays are closed, meaning
that only authorized hosts may join the overlay. Second, these overlays must be secure and function even
in the presence of failures, denial of service attacks, and malicious peers. Third, performance is paramount,
meaning that each peer in the these overlays must be able to forward hundreds of messages per second.
Although securing closed overlays seems more manageable than the task of securing open overlays, the
task presents several challenges. First, identifying, authenticating and authorizing peers and authenticating
the messages that they send is not easy because the mechanisms must be fault tolerant, allow revocation,
and must not significantly impact performance. Second, securely routing messages, dealing with host and
network failures, and most importantly, dealing with malicious peers and the fraudulent routing information
that they inject into the overlay is challenging in itself, let alone without significantly impacting performance.
As part of the Trinity project [BB07], we have designed, implemented, and tested a secure closed overlay
based on the I3 [SAZ+04] Chord [SMK+01] implementation. Our design comprises a distributed and fault
tolerant identification, authentication, and authorization mechanism; a key assignment scheme that encodes
a peer’s network location yet ensures that the keys are uniformly distributed in the key space; a self-policing
scheme based on groups of local peers; and a form of random routing that ensures that no (malicious) peer
is a choke-point between any two other peers.
In addition to describing our approaches, we present a performance evaluation, which was performed on
a local cluster that hosted overlays consisting of 255 peers. We compare the performance of our system in
“secure” and “insecure” modes, and show that the performance penalty for secure operation is acceptable.
The rest of the paper is organized as follows: Section 2 describes our assumptions and the Chord proto-
col. Section 3 describes the three parts of our approach and Section 4 describes our evaluation of the system.
Lastly, Section 5 and 6 describe related work, and discuss future work.
2
Preliminaries
We selected the Chord [SMK+01] structured overlay to provide lookup services for the Trinity [BB07]
system because Chord has good performance characteristics and provides control over the location of peers
within the overlay, which makes securing the overlay easier [SM02, CDG+02].
The Chord [SMK+01] overlay structure assigns each peer a unique key, k, from a 160-bit key-space and
organizes the peers into a single ring in order of their keys. The predecessor and successor of key k are the
keys kp and ks, respectively, belonging to peers in the ring, such that k −kp mod 2160 and ks −k mod 2160,
respectively, are minimal. Intuitively,
…(Full text truncated)…
This content is AI-processed based on ArXiv data.