Efficient DHT attack mitigation through peers´ ID distribution

Author

Cholez, Thibault ; Chrisment, Isabelle ; Festor, Olivier

Author_Institution

MADYNES, INRIA Nancy-Grand Est, Nancy, France

fYear

2010

fDate

19-23 April 2010

Firstpage

1

Lastpage

8

Abstract

We present a new solution to protect the widely deployed KAD DHT against localized attacks which can take control over DHT entries. We show through measurements that the IDs distribution of the best peers found after a lookup process follows a geometric distribution. We then use this result to detect DHT attacks by comparing real peers´ ID distributions to the theoretical one thanks to the Kullback-Leibler divergence. When an attack is detected, we propose countermeasures that progressively remove suspicious peers from the list of possible contacts to provide a safe DHT access. Evaluations show that our method detects the most efficient attacks with a very small false-negative rate, while countermeasures successfully filter almost all malicious peers involved in an attack. Moreover, our solution completely fits the current design of the KAD network and introduces no network overhead.

Keywords

peer-to-peer computing; security of data; DHT attack; KAD DHT; Kullback-Leibler divergence; distributed hash table; malicious peers; peer ID distribution; Filters; Identity management systems; Intrusion detection; Large-scale systems; Monitoring; Peer to peer computing; Pollution; Privacy; Protection; Routing protocols; DHT; IDs distribution; KAD; Sybil attack; attack detection; attack mitigation;

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW), 2010 IEEE International Symposium on

Conference_Location

Atlanta, GA

Print_ISBN

978-1-4244-6533-0

Type

conf

DOI

10.1109/IPDPSW.2010.5470928

Filename

5470928