Abstract
A network coordinate system assigns Euclidean “virtual” coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Vuze BitTorrent client. Zage and Nita-Rotaru (at CCS 2007) and independently, Kaafar et al. (at SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. Kaafar et al. goes a step further and requires that a fraction of the network is trusted. More recently, Sherr et al. (at USENIX ATC 2009) proposed Veracity, a distributed reputation system to secure network coordinate systems. We describe a new attack on network coordinate systems, Frog-Boiling, that defeats all of these defenses. Thus, even a system with trusted entities is still vulnerable to attacks. Moreover, having witnesses vouch for your coordinates as in Veracity does not prevent our attack. Finally, we demonstrate empirically that the Frog-Boiling attack is more disruptive than the previously known attacks: systems that attempt to reject “bad” inputs by statistical means or reputation cannot be used to secure a network coordinate system.
- Abraham, I. and Malkhi, D. 2004. Compact routing on Euclidian metrics. In Proceedings of the 23rd Annual ACM Symposium on Principles of Distributed Computing (PODC’04). ACM, New York, NY, 141--149. Google Scholar
Digital Library
- Agarwal, S. and Lorch, J. R. 2009. Matchmaking for online games and other latency-sensitive P2P systems. In Proceedings of the ACM SIGCOMM Conference on Data Communication (SIGCOMM’09). ACM, New York, NY, 315--326. Google Scholar
Digital Library
- Bamboo DHT. http://bamboo-dht.org. (accessed 2009).Google Scholar
- Barreno, M., Nelson, B., Sears, R., Joseph, A. D., and Tygar, J. D. 2006. Can machine learning be secure? In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS’06). ACM, New York, NY, 16--25. Google Scholar
Digital Library
- Bavier, A., Bowman, M., Chun, B., Culler, D., Karlin, S., Muir, S., Peterson, L., Roscoe, T., Spalink, T., and Wawrzoniak, M. 2004. Operating system support for planetary-scale network services. In Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI’04). USENIX Association, Berkeley, CA, 19--19. Google Scholar
Digital Library
- Bazzi, R. A. and Konjevod, G. 2005. On the establishment of distinct identities in overlay networks. In Proceedings of the 24th Annual ACM Symposium on Principles of Distributed Computing (PODC’05). ACM, New York, NY, 312--320. Google Scholar
Digital Library
- Chan-Tin, E., Feldman, D., Kim, Y., and Hopper, N. 2009. The frog-boiling attack: Limitations of anomaly detection for secure network coordinates. In Proceedings of the International ICST Conference on Security and Privacy in Communication Networks (SecureComm).Google Scholar
- Choffnes, D. R. and Bustamante, F. E. 2008. Taming the torrent: a practical approach to reducing cross-isp traffic in peer-to-peer systems. SIGCOMM Comput. Comm. Rev. 38, 4, 363--374. Google Scholar
Digital Library
- CommonSense. 2008. http://www.kimvdlinde.com/professional/programming/statistics/commonSense/body.html. (Accessed 2008).Google Scholar
- Costa, M., Castro, M., Rowstron, A., and Key, P. 2004. PIC: Practical internet coordinates for distance estimation. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS). 178--187. Google Scholar
Digital Library
- Cowling, J., Ports, D., Liskov, B., Popa, R. A., and Gaikwad, A. 2009. Census: Location-aware membership management for large-scale distributed systems. In Proceedings of the USENIX Annual Technical Conference. Google Scholar
Digital Library
- Dabek, F., Cox, R., Kaashoek, F., and Morris, R. 2004a. Vivaldi: A decentralized network coordinate system. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’04). ACM, New York, NY, 15--26. Google Scholar
Digital Library
- Dabek, F., Li, J., Sit, E., Robertson, J., Kaashoek, M. F., and Morris, R. 2004b. Designing a DHT for low latency and high throughput. In Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI). 85--98. Google Scholar
Digital Library
- Denning, D. E. 1987. An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 2, 222--232. Google Scholar
Digital Library
- Douceur, J. R. 2002. The sybil attack. In Revised Papers from the 1st International Workshop on Peer-to-Peer Systems (IPTPS’01). Springer-Verlag, 251--260. Google Scholar
Digital Library
- Francis, P., Jamin, S., Jin, C., Jin, Y., Raz, D., Shavitt, Y., and Zhang, L. 2001. IDMaps: A global internet host distance estimation service. IEEE/ACM Trans. Netw. 9, 5, 525--540. Google Scholar
Digital Library
- Gummadi, K. P., Saroiu, S., and Gribble, S. D. 2002. King: Estimating latency between arbitrary internet end hosts. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment (IMW’02). ACM, New York, NY, 5--18. Google Scholar
Digital Library
- Gummadi, R., Govindan, R., Kothari, N., Karp, B., Kim, Y. J., and Shenker, S. 2004. Reduced state routing in the internet. In Proceedings of the ACM Workshop on Hot Topics in Networks.Google Scholar
- Kaafar, M. A., Mathy, L., Turletti, T., and Dabbous, W. 2006a. Real attacks on virtual networks: Vivaldi out of tune. In Proceedings of the SIGCOMM Workshop on Large-Scale Attack Defense (LSAD’06). ACM, New York, NY, 139--146. Google Scholar
Digital Library
- Kaafar, M. A., Mathy, L., Turletti, T., and Dabbous, W. 2006b. Virtual networks under attack: Disrupting internet coordinate systems. In Proceedings of the ACM CoNEXT Conference (CoNEXT’06). ACM, New York, NY, USA, 1--12. Google Scholar
Digital Library
- Kaafar, M. A., Mathy, L., Barakat, C., Salamatian, K., Turletti, T., and Dabbous, W. 2007. Securing internet coordinate embedding systems. SIGCOMM Comput. Comm. Rev. 37, 4, 61--72. Google Scholar
Digital Library
- Kalman, R. E. 1960. A new approach to linear filtering and prediction problems. Trans. ASME J. Basic Engin. 82, Series D, 35--45.Google Scholar
Cross Ref
- Ledlie, J., Pietzuch, P., and Seltzer, M. 2006. Stable and accurate network coordinates. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06). IEEE Computer Society, Los Alamitos, CA, 74. Google Scholar
Digital Library
- Ledlie, J., Gardner, P., and Seltzer, M. 2007. Network coordinates in the wild. In Proceedings of USENIX Symposium on Networked Systems Design and Implementation (NSDI’07). Google Scholar
Digital Library
- Ledlie, J., Mitzenmacher, M., and Seltzer, M. 2007. Wired geometric routing. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS).Google Scholar
- Lehman, L.-W. and Lerman, S. 2004. Pcoord: Network position estimation using peer-to-peer measurements. In Proceedings of the 3rd IEEE International Symposium on Network Computing and Applications (NCA’04). IEEE Computer Society, Los Alamitos, CA, 15--24. Google Scholar
Digital Library
- Lua, E. K., Griffin, T., Pias, M., Zheng, H., and Crowcroft, J. 2005. On the accuracy of embeddings for internet coordinate systems. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC’05). USENIX Association, Berkeley, CA, 11. Google Scholar
Digital Library
- Lumezanu, C., Levin, D., and Spring, N. 2007. Peer wise discovery and negotiation of faster path. In Proceedings of the ACM Workshop on Hot Topics in Networks.Google Scholar
- Ng, T. S. E. and Zhang, H. 2001. Predicting internet network distance with coordinates-based approaches. In Proceedings of the IEEE INFOCOM. 170--179.Google Scholar
- Ng, T. S. E. and Zhang, H. 2004. A network positioning system for the internet. In Proceedings of the USENIX Annual Technical Conference (ATEC’04). USENIX Association, Berkeley, CA, 11. Google Scholar
Digital Library
- Pias, M., Crowcroft, J., Wilbur, S., Harris, T., and Bhatti, S. 2003. Lighthouses for scalable distributed location. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS).Google Scholar
- Pietzuch, P., Ledlie, J., and Seltzer, M. 2005. Supporting network coordinates on planetlab. In Proceedings of the 2nd Conference on Real, Large Distributed Systems (WORLDS’05). USENIX Association, Berkeley, CA, 19--24. Google Scholar
Digital Library
- PlanetLab. http://planet-lab.org. (Accessed 2010).Google Scholar
- Pyxida. http://pyxida.sourceforge.net. (Accessed 2009).Google Scholar
- Rhea, S., Godfrey, B., Karp, B., Kubiatowicz, J., Ratnasamy, S., Shenker, S., Stoica, I., and Yu, H. 2005. Opendht: A public dht service and its uses. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’05). ACM, New York, NY, 73--84. Google Scholar
Digital Library
- Saucez, D., Donnet, B., and Bonaventure, O. 2007. A reputation-based approach for securing Vivaldi embedding system. In Proceedings of the 13th Open European Summer School and IFIP TC6.6 Conference on Dependable and Adaptable Networks and Services (EUNICE’07). Springer-Verlag, Berlin, Heidelberg, 78--85. Google Scholar
Digital Library
- Shavitt, Y. and Tankel, T. 2003. Big-bang simulation for embedding network distances in Euclidean space. In Proceedings of the IEEE INFOCOM.Google Scholar
- Sherr, M., Blaze, M., and Loo, B. T. 2009. Veracity: Practical Secure Network Coordinates via Vote-based Agreements. In Proceedings of the USENIX Annual Technical Conference. Google Scholar
Digital Library
- Vuze. http://azureus.sourceforge.net. (Accessed 2010).Google Scholar
- Wagner, D. and Soto, P. 2002. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02). ACM, New York, NY, 255--264. Google Scholar
Digital Library
- Wang, G. and Ng, T. E. 2008. Distributed algorithms for stable and secure network coordinates. In Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement (IMC’08). ACM, New York, NY, 131--144. Google Scholar
Digital Library
- Wang, G., Zhang, B., and Ng, T. S. E. 2007. Towards network triangle inequality violation aware distributed systems. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (IMC’07). ACM, New York, NY, 175--188. Google Scholar
Digital Library
- Zage, D. J. and Nita-Rotaru, C. 2007. On the accuracy of decentralized virtual coordinate systems in adversarial networks. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). ACM, New York, NY, 214--224. Google Scholar
Digital Library
Recommendations
Research on Developing a Lab Environment for Cookie Spoofing Attack and Defense Education
ICCIS '13: Proceedings of the 2013 International Conference on Computational and Information SciencesCookie spoofing is a common network attack. It's a must for web site administrators to protect their web sites from cookie spoofing attacks. In order to let the students in higher vocational colleges master the attack and defense skills of cookie ...
Sniper: social-link defense for network coordinate systems
INFOCOM'09: Proceedings of the 28th IEEE international conference on Computer Communications WorkshopsRecent work on securing the Network Coordinate (NC) service attempts to defend attacks based on nodes' past behavior and activities. They detect malicious nodes only after attacks occurred. In order to secure NC system before malicious nodes mount ...
Improvement upon Mutual Password Authentication Scheme
ISBIM '08: Proceedings of the 2008 International Seminar on Business and Information Management - Volume 01Many password authentication schemes have been proposed for electronic commerce environment; however, none of them is secure enough. Hwang and Yeh proposed an improvement on the Peyravian-Zunic password authentication scheme including protected password ...






Comments