David Zage

A survey of attack and defense techniques for reputation systems

Reputation systems provide mechanisms to produce a metric encapsulating reputation for a given domain for each identity within the system. These systems seek to generate an accurate assessment in the face of various factors including but not limited to unprecedented community size and potentially adversarial environments. We focus on attacks and defense mechanisms in reputation systems. We present an analysis framework that allows for the general decomposition of existing reputation systems. We classify attacks against reputation systems by identifying which system components and design choices are the targets of attacks. We survey defense mechanisms employed by existing reputation systems. Finally, we analyze several landmark systems in the peer-to-peer domain, characterizing their individual strengths and weaknesses. Our work contributes to understanding (1) which design components of reputation systems are most vulnerable, (2) what are the most appropriate defense mechanisms and (3) how these defense mechanisms can be integrated into existing or future reputation systems to make them resilient to attacks.

Scaling Byzantine Fault-Tolerant Replication toWide Area Networks

This paper presents the first hierarchical Byzantine fault-tolerant replication architecture suitable to systems that span multiple wide area sites. The architecture confines the effects of any malicious replica to its local site, reduces message complexity of wide area communication, and allows read-only queries to be performed locally within a site for the price of additional hardware. A prototype implementation is evaluated over several network topologies and is compared with a flat Byzantine fault-tolerant approach

Experimental comparison of peer-to-peer streaming overlays: An application perspective

We compare two representative streaming systems using mesh-based and multiple tree-based overlay routing through deployments on the PlanetLab wide-area experimentation platform. To the best of our knowledge, this is the first study to compare streaming overlay architectures in real Internet settings, considering not only intuitive aspects such as scalability and performance under churn, but also less studied factors such as bandwidth and latency heterogeneity of overlay participants. Overall, our study indicates that mesh-based systems are superior for nodes with high bandwidth capabilities and low round trip times, while multi-tree based systems currently cope better with stringent real time deadlines under heterogeneous conditions.

Steward: Scaling Byzantine Fault-Tolerant Replication to Wide Area Networks

This paper presents the first hierarchical byzantine fault-tolerant replication architecture suitable to systems that span multiple wide-area sites. The architecture confines the effects of any malicious replica to its local site, reduces message complexity of wide-area communication, and allows read-only queries to be performed locally within a site for the price of additional standard hardware. We present proofs that our algorithm provides safety and liveness properties. A prototype implementation is evaluated over several network topologies and is compared with a flat byzantine fault-tolerant approach. The experimental results show considerable improvement over flat byzantine replication algorithms, bringing the performance of byzantine replication closer to existing benign fault-tolerant replication techniques over wide area networks.

On the accuracy of decentralized virtual coordinate systems in adversarial networks

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all nodes in the network. Many of the proposed virtual coordinate systems were designed with the assumption that all of the nodes in the system are altruistic. However, this assumption may be violated by compromised nodes acting maliciously to degrade the accuracy of the coordinate system. As numerous peer-to-peer applications rely on virtual coordinate systems to achieve good performance, it is critical to address the security of such systems. In this work, we demonstrate the vulnerability of decentralized virtual coordinate systems to insider (or Byzantine) attacks. We propose techniques to make the coordinate assignment robust to malicious attackers without increasing the communication cost. We demonstrate the attacks and mitigation techniques in the context of a well-known distributed virtual coordinate system using simulations based on three representative, real-life Internet topologies of hosts and corresponding round trip times (RTT).

A framework for mitigating attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks

Many multicast overlay networks maintain application-specific performance goals by dynamically adapting the overlay structure when the monitored performance becomes inadequate. This adaptation results in an unstructured overlay where no neighbor selection constraints are imposed. Although such networks provide resilience to benign failures, they are susceptible to attacks conducted by adversaries that compromise overlay nodes. Previous defense solutions proposed to address attacks against overlay networks rely on strong organizational constraints and are not effective for unstructured overlays. In this work, we identify, demonstrate and mitigate insider attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks. We propose techniques to decrease the number of incorrect adaptations by using outlier detection and limit the impact of malicious nodes by aggregating local information to derive global reputation for each node. We demonstrate the attacks and mitigation techniques through real-life deployments of a mature overlay multicast system.

Mitigating Attacks Against Measurement-Based Adaptation Mechanisms in Unstructured Multicast Overlay Networks

Many multicast overlay networks maintain application-specific performance goals such as bandwidth, latency, jitter and loss rate by dynamically changing the overlay structure using measurement-based adaptation mechanisms. This results in an unstructured overlay where no neighbor selection constraints are imposed. Although such networks provide resilience to benign failures, they are susceptible to attacks conducted by adversaries that compromise overlay nodes. Previous defense solutions proposed to address attacks against overlay networks rely on strong organizational constraints and are not effective for unstructured overlays. In this work, we identify, demonstrate and mitigate insider attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks. The attacks target the overlay network construction, maintenance, and availability and allow malicious nodes to control significant traffic in the network, facilitating selective forwarding, traffic analysis, and overlay partitioning. We propose techniques to decrease the number of incorrect or unnecessary adaptations by using outlier detection. We demonstrate the attacks and mitigation techniques in the context of a mature, operationally deployed overlay multicast system, ESM, through real-life deployments and emulations conducted on the PlanetLab and DETER testbeds, respectively.

Applying game theory to analyze attacks and defenses in virtual coordinate systems

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine latency to arbitrary hosts based on information provided by a subset of participating nodes. Unfortunately, the accuracy of the service can be severely impacted by compromised nodes providing misleading information. We define and use a game theory framework in order to identify the best attack and defense strategies assuming that the attacker is aware of the defense mechanisms. Our approach leverages concepts derived from the Nash equilibrium to model more powerful adversaries. We consider attacks that target the latency estimation (inflation, deflation, oscillation) and defense mechanisms that combine outlier detection with control theory to deter adaptive adversaries. We apply the game theory framework to demonstrate the impact and efficiency of these attack and defense strategies using a well-known virtual coordinate system and real-life Internet data sets.

Robust Decentralized Virtual Coordinate Systems in Adversarial Environments

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all of the nodes in the network. Many of the proposed systems were designed with the assumption that all of the nodes are altruistic. However, this assumption may be violated by compromised nodes acting maliciously to degrade the accuracy of the coordinate system. As numerous peer-to-peer applications come to rely on virtual coordinate systems to achieve good performance, it is critical to address the security of such systems. In this work, we demonstrate the vulnerability of decentralized virtual coordinate systems to insider (or Byzantine) attacks. We propose techniques to make the coordinate assignment robust to malicious attackers without increasing the communication cost. We use both spatial and temporal correlations to perform context-sensitive outlier analysis to reject malicious updates and prevent unnecessary and erroneous adaptations. We demonstrate the attacks and mitigation techniques in the context of a well-known virtual coordinate system using simulations based on three representative, real-life Internet topologies of hosts and corresponding Round Trip Times (RTT). We show the effects of the attacks and the utility of the mitigation techniques on the virtual coordinate system as seen by higher-level applications, elucidating the utility of deploying robust virtual coordinate systems as network services.

Removing the blinders: Using information to mitigate adversaries in adaptive overlays

The proliferation of peer-to-peer systems has led to the increasing deployment of dynamic, adaptive overlay networks that are designed to preserve application performance goals. While such networks provide increased performance and resiliency to benign faults, they are susceptible to attacks conducted by compromised overlay nodes, especially those targeting the adaptation mechanisms. In this work, we propose a lightweight, general solution to increase the resiliency of adaptive overlay networks. By locally aggregating and correlating network topology with system performance metrics such as latency and bandwidth, each node can check the consistency of the reported information and constrain the attackers ability to lie about system metrics. As a result, each node can make better adaptation decisions. We demonstrate the susceptibility of adaptation mechanisms to malicious attacks and the utility of our solution through real-life deployments of mature, adaptive overlay-based systems.