skip to main content
research-article

Robust Decentralized Virtual Coordinate Systems in Adversarial Environments

Published:01 December 2010Publication History
Skip Abstract Section

Abstract

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all of the nodes in the network. Many of the proposed systems were designed with the assumption that all of the nodes are altruistic. However, this assumption may be violated by compromised nodes acting maliciously to degrade the accuracy of the coordinate system. As numerous peer-to-peer applications come to rely on virtual coordinate systems to achieve good performance, it is critical to address the security of such systems.

In this work, we demonstrate the vulnerability of decentralized virtual coordinate systems to insider (or Byzantine) attacks. We propose techniques to make the coordinate assignment robust to malicious attackers without increasing the communication cost. We use both spatial and temporal correlations to perform context-sensitive outlier analysis to reject malicious updates and prevent unnecessary and erroneous adaptations. We demonstrate the attacks and mitigation techniques in the context of a well-known virtual coordinate system using simulations based on three representative, real-life Internet topologies of hosts and corresponding Round Trip Times (RTT). We show the effects of the attacks and the utility of the mitigation techniques on the virtual coordinate system as seen by higher-level applications, elucidating the utility of deploying robust virtual coordinate systems as network services.

References

  1. Anjum, F., Pandey, S., and Agrawal, P. 2005. Secure localization in sensor networks using transmission range variation. In Proceedings of the IEEE Conference on Mobile, Ad Hoc and Sensor Systems (MASS’05).Google ScholarGoogle Scholar
  2. Awerbuch, B., Curtmola, R., Holmer, D., Rubens, H., and Nita-Rotaru, C. 2005. On the survivability of routing protocols in ad hoc wireless networks. In Proceedings of the International ICST Conference on Security and Privacy in Communication Networks (SecureComm’05). Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Barnett, V. and Lewis, T. 1994. Outliers in Statistical Data. John Wiley & Sons New York.Google ScholarGoogle Scholar
  4. Barreno, M., Nelson, B., Sears, R., Joseph, A. D., and Tygar, J. D. 2006. Can machine learning be secure? In Proceedings of the ASIACCS Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Birant, D. and Kut, A. 2006. Spatio-Temporal outlier detection in large databases. In Proceedings of the International Conference on Information Technology Interfaces (ITI’06).Google ScholarGoogle Scholar
  6. Capkun, S. and Hubaux, J.-P. 2005. Secure positioning of wireless devices with application to sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom’05).Google ScholarGoogle Scholar
  7. Castro, M., Druschel, P., Ganesh, A., Rowstron, A., and Wallach, D. S. 2002. Secure routing for structured peer-to-peer overlay networks. In Proceedings of the ACM USENIX Symposium on Operating Systems Design and Implementation (OSDI’02). Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Chan-Tin, E., Feldman, D., Hopper, N., and Kim, Y. 2009. The frog-boiling attack: Limitations of anomaly detection for secure network coordinate systems. In Proceedings of the International ICST Conference on Security and Privacy in Communication Networks (SecureComm’09).Google ScholarGoogle Scholar
  9. Chen, H., Lou, W., Ma, J., and Wang, Z. 2008. Tscd: A novel secure localization approach for wireless sensor networks. In Proceedings of the International Conference on Sensor Technologies and Applications (SensorComm’08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Chu, Y., Rao, S. G., and Zhang, H. 2000. A case for end system multicast (keynote address). In Proceedings of the ACM SIGMETRICS Joint International Conference on Measurement and Modeling of Computer Systems. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Costa, M., Castro, M., Rowstron, R., and Key, P. 2004. PIC: Practical Internet coordinates for distance estimation. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS’04). Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Cspace. http://cspace.in/.Google ScholarGoogle Scholar
  13. Dabek, F., Cox, R., Kaashoek, F., and Morris, R. 2004a. Vivaldi: A decentralized network coordinate system. In Proceedings of the ACM SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Dabek, F., Li, J., Sit, E., Robertson, J., Kaashoek, M. F., and Morris, R. 2004b. Designing a dht for low latency and high throughput. In Proceedings of the ACM USENIX Symposium on Networked Systems Design and Implementation (NSDI’04). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Denning, D. E. 1987. An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Dolev, D. and Yao, A. C. 1981. On the security of public key protocols. In Proceedings of the Annual Symposium on Foundations of Computer Science (SFCS’81). Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Du, W., Fang, L., and Ning, P. 2006. Lad: Localization anomaly detection for wireless sensor networks. J. Parall. Distrib. Comput. 66, 874--886. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Ferdousi, Z. and Maeda, A. 2006. Unsupervised outlier detection in time series data. In Proceedings of the IEEE International Conference on Data Engineering Workshop (ICDEW’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Francis, P., Jamin, S., Jin, C., Jin, Y., Raz, D., Shavitt, Y., and Zhang, L. 2001. IDMaps: A global internet host distance estimation service. IEEE/ACM Trans. Netw. 9, 525. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Freedman, M. J., Freudenthal, E., and Mazieres, D. 2004. Democratizing content publication with coral. In Proceedings of the ACM USENIX Symposium on Networked Systems Design and Implementation (NSDI’04). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Gummadi, K., Gummadi, R., Gribble, S., Ratnasamy, S., Shenker, S., and Stoica, I. 2003. The impact of DHT routing geometry on resilience and proximity. In Proceedings of ACM SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Gummadi, K. P., Saroiu, S., and Gribble, S. D. 2002. King: Estimating latency between arbitrary internet end hosts. In Proceedings of the SIGCOMM Internet Measurement Workshop (IMW’02). Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Hu, X. and Mao, Z. M. 2007. Accurate real-time identification of ip prefix hijacking. In Proceedings of the IEEE Symposium on Security and Privacy (S&P’’07). Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Hu, Y.-C., Perrig, A., and Johnson, D. B. 2005. Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw. 11, 21--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Hu, Y.-C., Perrig, A., and Sirbu, M. 2004. Spv: secure path vector routing for securing bgp. SIGCOMM Comput. Comm. Rev. 34, 179--192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Huang, Y. and Lee, W. 2004. Attack analysis and detection for ad hoc routing protocols. Lecture Notes in Computer Science. vol. 3224, Springer, 125--145.Google ScholarGoogle Scholar
  27. Jiang, G. and Cybenko, G. 2004. Temporal and spatial distributed event correlation for network security. In Proceedings of the American Control Conference (ACC’04).Google ScholarGoogle Scholar
  28. Kaafar, M. A., Mathy, L., Salamatian, C. B. K., Turletti, T., and Dabbous, W. 2007. Securing internet coordinate embedding systems. In Proceedings of ACM SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Kaafar, M. A., Mathy, L., Turletti, T., and Dabbous, W. 2006a. Real attacks on virtual networks: Vivaldi out of tune. In Proceedings of the ACM SIGCOMM Workshop on Large Scale Attack Defenses (LSAD’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Kaafar, M. A., Mathy, L., Turletti, T., and Dabbous, W. 2006b. Virtual networks under attack: Disrupting internet coordinate systems. In Proceedings of the Conference on Emerging Network Experiment and Technology (CoNext’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Knorr, E. M. and Ng, R. T. 1998. Algorithms for mining distance-based outliers in large datasets. In Proceedings of the International Conference on Very Large Databases (VLDB’98). Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Knuth, D. E. 1978. The Art of Computer Programming 2nd Ed. Addison-Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. 2006. A prefix hijack alert system. In Proceedings of the USENIX Security Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Lazos, L. and Poovendran, R. 2005. Serloc: Robust localization for wireless sensor networks. ACM Trans. Sen. Netw. 1, 73--100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Lazos, L. and Poovendran, R. 2006. Hirloc: High-Resolution robust localization for wireless sensor networks. IEEE J. Select. Areas Comm. 24, 233--246. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Lazos, L., Poovendran, R., and Čapkun, S. 2005. Rope: Robust position estimation in wireless sensor networks. In Proceedings of the International Conference on Information Processing in Sensor Networks (IPSN’05). Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Ledlie, J., Gardner, P., and Seltzer, M. 2007a. Network coordinates in the wild. In Proceedings of the ACM USENIX Symposium on Networked Systems Design and Implementation (NSDI’07). Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Ledlie, J., Pietzuch, P., Mitzenmacher, M., and Seltzer, M. 2007b. Wired geometric routing. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS’07).Google ScholarGoogle Scholar
  39. Lehman, L. and Lerman, S. 2004. Pcoord: Network position estimation using peer-to-peer measurements. In Proceedings of the IEEE International Symposium on Network Computing and Applications (NCA’04). Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Lehman, L. and Lerman, S. 2006. A decentralized network coordinate system for robust internet distance. In Proceedings of the International Conference on Information Technology: New Generations (ITNG’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Li, Z., Trappe, W., Zhang, Y., and Nath, B. 2005. Robust statistical methods for securing wireless localization in sensor networks. In Proceedings of the International Conference on Information Processing in Sensor Networks (IPSN’05). Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Lim, H., Hou, J., and Choi, C. 2003. Constructing internet coordinate system based on delay measurement. In Proceedings of the Internet Measurement Conference (IMC’03). Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Lu, C., Chen, D., and Kou, Y. 2004. Multivariate spatial outlier detection. Int. J. Artif. Intell. Tools 13, 801--812.Google ScholarGoogle ScholarCross RefCross Ref
  44. Lua, E., Griffin, T., Pias, M., Zheng, H., and Crowcroft, J. 2005. On the accuracy of embeddings for internet coordinate systems. In Proceedings of the Internet Measurement Conference (IMC’05). Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Lumezanu, C. and Spring, N. 2006. Playing Vivaldi in hyperbolic space. In Proceedings of the Internet Measurement Conference (IMC’06).Google ScholarGoogle Scholar
  46. Marti, S., Giuli, T. J., Lai, K., and Baker, M. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom’00). Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Mathews, M., Song, M., Shetty, S., and McKenzie, R. 2007. Detecting compromised nodes in wireless sensor networks. In Proceedings of the ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing (SNPD’07). Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Maymounkov, P. and Mazieres, D. 2002. A peer-to-peer information system based on the XOR metric. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS’02). Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Narayanan, S. and Shim, E. 2007. Performance improvement of a distributed internet coordi- nates system. In Proceedings of the Consumer Communications and Networking Conference (CCNC’07).Google ScholarGoogle Scholar
  50. Ng, E. and Zhang, H. 2002. Predicting internet network distance with coordinates-based ap- proaches. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom’02).Google ScholarGoogle Scholar
  51. Ng, T. and Zhang, H. 2004. A network positioning system for the internet. In Proceedings of the USENIX Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Nlanr active measurement project. 2010. Nlanr active measurement project homepage. http://amp.nlanr.net/.Google ScholarGoogle Scholar
  53. Oorschot, P. V., Wan, T., and Kranakis, E. 2007. On interdomain routing security and pretty secure bgp (psbgp). ACM Trans. Inf. Syst. Secur. 10, 11. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. p2psim. 2010. P2psim: A simulator for peer-to-peer protocols. http://pdos.csail.mit.edu/p2psim/.Google ScholarGoogle Scholar
  55. Papadimitratos, P. and Haas, Z. J. 2003. Secure data transmission in mobile ad hoc networks. In Proceedings of the International Conference on Web Information Systems Engineering (WISE’03).Google ScholarGoogle Scholar
  56. Patwardhan, A., Parker, J., Joshi, A., Iorga, M., Karygiannis, T., and UMBC, B. 2005. Secure routing and intrusion detection in ad hoc networks. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’05). Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Pias, M., Crowcroft, J., Wilbur, S., Bhatti, S., and Harris, T. 2003. Lighthouses for scalable distributed location. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS’03). Google ScholarGoogle Scholar
  58. Pietzuch, P., Ledlie, J., Mitzenmacher, M., and Seltzer, M. 2006. Network-Aware overlays with network coordinates. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Rao, A., Ratnasamy, S., Papadimitriou, C., Shenker, S., and Stoica, I. 2003. Geographic routing without location information. In Proceedings of the ACM Annual International Conference on Mobile Computing and Networking (MobiCom’03). Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Ribeiro, M. I. 2004. Gaussian probability density functions: Properties and error characterization. Tech. rep. 1049-001, Instituto Superior Tcnico, Lisboa, Portugal.Google ScholarGoogle Scholar
  61. Rowstron, A. and Druschel, P. 2001. Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems. Lecture Notes in Computer Science, vol. 2218, Springer, 329--350. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Sargor, C. 1998. Sargor, C. 1998. Statistical anomaly detection for link-state routing protocols. In Proceedings of the Annual International Conference on Network Protocols (ICNP’98). Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. Saucez, D., Donnet, B., and Bonaventure, O. 2007. A reputation-based approach for securing vivaldi embedding system. Lecture Notes in Computer Science, vol. 4606, Springer, 78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Shavitt, Y. and Tankel, T. 2004. Big-Bang simulation for embedding network distances in euclidean space. IEEE/ACM Trans. Netw. 12, 993--1006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. Sherr, M., Loo, B., and Blaze, M. 2008. A fully decentralized service for securing network coordinate systems. In Proceedings of the International Workshop on Peer-to-Peer systems (IPTPS’08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Smith, R. C. and Cheeseman, P. 1986. On the representation and estimation of spatial uncertainty. Int. J. Robot. Res. 5, 56--68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Srinivasan, A., Teitelbaum, J., and Wu, J. 2006. Drbts: Distributed reputation-based beacon trust system. In Proceedings of the AIAA/IEEE/SAE Digital Avionics Systems Conference (DASC’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Stoica, I., Morris, R., Liben-Nowell, D., Karger, D., Kaashoek, M. F., Dabek, F., and Balakrishnan, H. 2003. Chord: A scalable peer-to-peer lookup service for internet applications. IEEE/ACM Trans. Netw. 11, 17--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Tan, P.-N., Steinbach, M., and Kumar, V. 2006. Introduction to Data Mining. Addison Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Tang, L. and Crovella, M. 2003. Virtual landmarks for the internet. In Proceedings of ACM SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Walters, A., Zage, D., and Nita-Rotaru, C. 2006. Mitigating attacks against measurement- based adaptation mechanisms in unstructured multicast overlay networks. In Proceedings of the Annual International Conference on Network Protocols (ICNP’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Walters, A., Zage, D., and Nita-Rotaru, C. 2008. A framework for securing measurement- based adaptation mechanisms in unstructured multicast overlay networks. IEEE/ACM Trans. Netw. 16, 1434--1446. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. Wang, K. and Stolfo, S. J. 2004. Anomalous payload-based network intrusion detection. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID’04). Google ScholarGoogle Scholar
  74. White, R. 2003. Securing BGP through secure origin BGP (soBGP). Bus. Comm. Rev. 33, 47--53.Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. Wong, B., Slivkins, A., and Sirer, E. 2005. Meridian: A lightweight network location service without virtual coordinates. In Proceedings of ACM SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. Zhang, R., Hu, C., Lin, X., and Fahmy, S. 2006a. A hierarchical approach to internet distance prediction. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. Zhang, R., Tang, C., Hu, Y., Fahmy, S., and Lin, X. 2006b. Impact of the inaccuracy of distance prediction algorithms on internet applications - An analytical and comparative study. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom’06).Google ScholarGoogle Scholar
  78. Zhao, B. Y., Huang, L., Stribling, J., Rhea, S. C., Joseph, A. D., and Kubiatowicz, J. 2004. Tapestry: A resilient global-scale overlay for service deployment. IEEE J. Select. Areas Comm. 22, 41--53. Google ScholarGoogle ScholarDigital LibraryDigital Library
  79. Zheng, C., Ji, L., Pei, D., Wang, J., and Francis, P. 2007. A light-weight distributed scheme for detecting ip prefix hijacks in real-time. SIGCOMM Comput. Comm. Rev. 37, 277--288. Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. Zheng, H., Lua, E., Pias, M., and Griffin, T. 2005. Internet routing policies and round-trip- times. In Proceedings of the IEEE Passive and Active Measurement Conference (PAM’05). Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Robust Decentralized Virtual Coordinate Systems in Adversarial Environments

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Information and System Security
        ACM Transactions on Information and System Security  Volume 13, Issue 4
        December 2010
        412 pages
        ISSN:1094-9224
        EISSN:1557-7406
        DOI:10.1145/1880022
        Issue’s Table of Contents

        Copyright © 2010 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 December 2010
        • Accepted: 1 January 2010
        • Revised: 1 December 2009
        • Received: 1 December 2008
        Published in tissec Volume 13, Issue 4

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!