Active Measurement of Routing Table in Kad. Jie Yu (
home page) and Zhoujun Li.
http://www.comp.nus....i1/DASP2P09.pdf
Quote
Abstract. As the first DHT implemented in real applications and involving millions of simultaneous users, all aspects of Kad must be analyzed and measured carefully. This paper focuses on measuring the routing table of Kad in eMule/aMule. We present and analyze the availability and stability of routing table by crawling actively.
We find the phenomenon of ID repetition in Kad that many peers use a same ID simultaneously, which will decrease the performance of routing and then reduce the availability of routing table. The connection availability of global routing table is relatively low, the average of which is about 64.9%. Connection availability influences the efficiency of searching and routing in Kad network directly.
------
Misusing Kademlia Protocol to Perform DDoS Attacks. Jie Yu, Zhoujun Li and Xiaoming Chen. (2008)
http://www.comp.nus....uji1/ISPA08.pdf
Quote
Abstract. Kademlia-based DHT has been deployed in many P2P applications and it is reported that there are millions of simultaneous users in Kad network. For such a protocol that significantly involves so many peers, its robustness and security must be evaluated carefully. In this paper, we analyze the Kademlia protocol and identify several potential vulnerabilities. We classify potential attacks as three types: asymmetric attack, routing table reflection attack and index reflection attack. A limited real-world experiment was run on eMule and the results show that these attacks tie up bandwidth and TCP connection resources of victim. We analyze the results of our experiment in three aspects: the effect of DDoS attacks by misusing Kad in eMule, the comparison between asymmetric attack and routing table reflection attack, and the distribution of attacks. More large-scale DDoS attack can be performed by means of a little more effort. We introduce some methods to amplify the performance of attack and some strategies to evade detection. Finally, we further discuss several solutions for these DDoS attacks.
------
Evaluating and improving the content access in KAD. Moritz Steiner, Damiano Carra and Ernst W. Biersack. (2009)
http://www.springerl...55/fulltext.pdf
Quote
Abstract. We analyze in detail the content retrieval process in kad. kad implements content search (publish and retrieval) functions that use the Kademlia Distributed Hash Table for content routing. Node churn is quite common in peer-to-peer systems and results in information loss and stale routing table entries. To deal with node churn, kad issues parallel route requests and publishes multiple redundant copies of each piece of information. We identify the key design parameters in kad and present an analytical model to evaluate the impact of changes in the values of these parameters on the overall lookup latency and message overhead. Extensive measurements of the lookup performance using an instrumented client allow us to validate the model. The overall lookup latency is in most cases 5 s or larger. We elucidate the cause for such high lookup latencies and propose an improved scheme that significantly decreases the overall lookup latency without
increasing the overhead.
------
Kademlia Measurements. Elena Digor. (May 2009)
http://www.faculty.j...igor-report.pdf
Quote
Abstract. The constantly growing popularity of the peer to peer systems, has risen the interest in studying out their topology and dynamics. One of the mostly used approach is to create snapshots of the network at some specific points in time. The snapshots might be carried out by running distributed crawlers on the system of interest.
We are interested in studying one of the mostly deployed p2p networks, namely KAD. Up to now, there is no open source crawler available for this network. In this report we will give an approach and some up to date results on creating a crawler for the KAD system.
------
Digging Into KAD Users’ Shared Folders. Marcin Pietrzyk, Guillaume Urvoy-Keller and Jean-Laurent Costeux. (2008)
http://www.cs.st-and...3-pietrzykA.pdf
Quote
Abstract. Characterizing peer-to-peer overlays is crucial for understanding their impact on service provider networks and assessing their performance. Most popular file exchange applications use distributed hash tables (DHTs) as a framework for managing information. Their fully decentralized nature makes monitoring and users tracking challenging. In this work, we analyze KAD, a widely deployed DHT system. Thanks to the unique possibility to monitor a large population of about 20,000 ADSL clients at the edge of the network, we are able to characterize the content downloaded and shared by local users. We devised a passive content monitoring toolkit to reliably track users between sessions despite dynamic IP allocation. We applied our tool over one month of data. Our main findings are: (i) Over half a TB of fresh data is downloaded every day by the users we monitor, (ii) A significant fraction of peers (20%) regulary change their ID in the KAD overlay, either on a session basis or on a sub-session basis, which can be detrimental to the proper functioning of the DHT, (iii) Those users, that we term Chameleon users, are connected longer than regular users, and they (claim to) have less data in their shared folder than regular peers and (iv) As a consequence, even a non biased observation of the users shared folder can only provide a lower bound of the content downloaded and shared by a population of ADSL users.
------
Large-Scale Monitoring of DHT Traffic. Ghulam Memon, Reza Rejaie, Yang Guo and Daniel Stutzbach. (2009)
http://www.usenix.or...memon/memon.pdf
Quote
Abstract. Studying deployed Distributed Hash Tables (DHTs) entails monitoring DHT traffic. Commonly, DHT traffic is measured by instrumenting ordinary peers to passively record traffic. In this approach, using a small number of peers leads to a limited (and potentially biased) view of traffic. Alternatively, inserting a large number of peers may disrupt the natural traffic patterns of the DHT and lead to incorrect results. In general, accurately capturing DHT traffic is a challenging task.
In this paper, we propose the idea of minimally visible monitors to capture the traffic at a large number of peers with minimum disruption to the DHT. We implement and validate our proposed technique, called Montra, on the Kad DHT. We show that Montra accurately captures around 90% of the query traffic while monitoring roughly 32,000 peers and can accurately identify destination peers for 90% of captured destination traffic. Using Montra, we characterize the traffic in Kad and present our preliminary results.
------
Master Thesis:
eMule Attacks and Measurements. David Mysicka. (2007)
http://dcg.ethz.ch/t...mule_report.pdf
Quote
Abstract. Since the demise of the Overnet network, the Kad network has become not only the most popular but also the only widely used peer-to-peer system based on a distributed hash table. It is likely that its user base will continue to grow in numbers over the next few years as, unlike the eDonkey network, it does not rely on central servers, which tremendously increases scalability, and it is more efficient than unstructured systems such as Gnutella. However, despite its vast popularity, this thesis shows that today’s Kad network can be attacked in several ways. The presented attacks could be used either to hamper the correct functioning of the network itself, to censor contents, or to harm other entities in the Internet not participating in the Kad network such as ordinary web servers. While there are simple heuristics to reduce the impact of some of the attacks, we believe that the presented attacks cannot be thwarted easily in any fully decentralized peer-to-peer system without some kind of a centralized certification and verification authority.
Although there are many advantages of decentralized peer-to-peer systems compared to server based networks, most existing file sharing systems still employ a centralized architecture. In order to compare these two paradigms, as a case study, we conduct measurements in the eDonkey and the Kad network—two of the most popular peer-to-peer systems in use today. We re-engineered the eDonkey protocol and integrated two modified servers into the eDonkey network in order to monitor traffic. Additionally, we implemented a Kad client exploiting a design weakness to spy on the traffic at arbitrary locations in the ID space. We study the spacial and temporal distributions of the peers’ activities and also examine the searched contents. Finally, we discuss problems related to the collection of such data sets and investigate techniques to verify the representativeness of the measured data.
------
Structures and Algorithms for Peer-to-Peer Cooperation. Moritz Steiner. (2008)
http://madoc.bib.uni...teinerDiss2.pdf
------
Btw, I just found out that there are two reports with the title 'ID Repetition in Kad'. One of them is called technical report which i linked to in my previous post. I've edited the post and added the other one too.
This post has been edited by Nissenice: 03 August 2009 - 02:20 AM