Hi again! A few more papers to read while relaxing in bed.
First one I haven't been able to find a proper copy of yet, but only a link to google books. Sorry about that. This paper is introducing fake nodes while eclipsing content. The second paper is a general overview of security issues. Third one investigates exploits that can be used to target any IP. Fourth one I haven't start reading yet, but it doesn't seem to be that hurry either: "However, the latest version of the eMule clients (version 0.49b and 0.49c) do implement a mitigation for our attacks, after some discussions with the developers of eMule.
Oh, bye the way, there is actually one thing that can be read in one of the papers that makes one's eyebrows approach the neck. But it has nothing to do with any attacks, exploits or anything like that...
Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network.
Michael Kohnen, Mike Leske and Erwin P. Rathgeb. (2009
Abstract. The Kad network is a structured P2P network used for file sharing. Research has proved that Sybil and Eclipse attacks have been possible in it until recently. However, the past attacks are prohibited by newly implemented security measures in the client applications. We present a new attack concept which overcomes the countermeasures and prove its practicability. Furthermore, we analyze the efficiency of our concept and identify the minimally required resources.
Security Issues in Structured P2P Overlay Networks.
Mikko Vestola. (2010
Abstract. Nowadays, P2P networks are used for many purposes, such as files sharing, instant message communication and distributed computing. Popular services such as Skype, Bit-Torrent and eMule rely on P2P networks. This makes the networks an attractive target for attackers. Over time, researchers have discovered some major security problems with P2P networks, which most of them have been now wellknown for a long time. This study describes the most important security issues in the overlay level of structured P2P networks. The following attacks are included: Sybil attack, ID mapping attack, Eclipse attack, identity theft and churn attack. These attacks are not just theoretical, but, some of them are surprisingly easy to perform in real-life P2P networks. Several countermeasures exist, which are analyzed in this paper, as well as how the attacks are related to each other. This study shows that structured P2P networks can be seriously compromised if they are not effectively protected against these attacks. For example, in an unprotected distributed file sharing network, a malicious user can intercept file requests and return data of its own choosing. In the worst case, an adversary might eventually be able to gain full control over the whole network and cause a denial-of-service attack.
Preventing DDoS attacks on internet servers exploiting P2P systems.
Xin Sun, Ruben Torres and Sanjay Rao. (2010
Abstract. Recently, there has been a spurt of work [1–7] showing that a variety of extensively deployed P2P systems may be exploited to launch DDoS attacks on web and other Internet servers, external to the P2P system. In this paper, we dissect these attacks and categorize them based on the underlying cause for attack amplification. We show that the attacks stem from a violation of three key principles: (i) membership information must be validated before use; (ii) innocent participants must only propagate validated information; and (iii) the system must protect against multiple references to the victim. We systematically explore the effectiveness of an active probing approach to validating membership information in thwarting such DDoS attacks. The approach does not rely on centralized authorities for membership verification, and is applicable to both structured (DHT-based) and unstructured P2P systems. We believe these considerations are important to ensure the mechanisms can be integrated with a range of existing P2P deployments. We evaluate the techniques in the context of a widely deployed DHT-based file-sharing system, and a video broadcasting system with stringent performance requirements. Our results show the promise of the approach in limiting DDoS attacks while not sacrificing application performance.
Attacking the Kad network — real world evaluation and high fidelity simulation using DVN.
Peng Wang, James Tyra, Eric Chan-Tin, Tyson Malchow, Denis Foo Kune, Nicholas Hopper and Yongdae Kim. (2009
Abstract. The Kad network, an implementation of the Kademlia DHT protocol, supports the popular eDonkey peer-to-peer file sharing network and has over 1 million concurrent nodes.We describe several attacks that exploit critical design weaknesses in Kad to allow an attacker with modest resources to cause a significant fraction of all searches to fail. We measure the cost and effectiveness of these attacks against a set of 16 000 nodes connected to the operational Kad network. Using our large-scale simulator, DVN, we successfully scaled up to a 200 000 node experiment. We also measure the cost of previously proposed, generic DHT attacks against the Kad network and find that our attacks are much more cost effective. Finally, we introduce and evaluate simple mechanisms to significantly increase the cost of these attacks.
This post has been edited by Nissenice: 22 August 2010 - 08:13 AM