[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...

[Hermanni Hyytiälä]

CVSROOT:        /cvsroot/gzz
Module name:    gzz
Changes by:     Hermanni Hyytiälä <address@hidden>      03/03/03 04:43:47

Modified files:
        Documentation/misc/hemppah-progradu: masterthesis.tex 

Log message:
        More attack models

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.100&tr2=1.101&r1=text&r2=text

Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.100 
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.101
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.100      Mon Mar 
 3 03:47:01 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex    Mon Mar  3 
04:43:46 2003
@@ -1023,45 +1023,35 @@
 Sybil attacks are always possible in Peer-to-Peer system except under extreme 
and unrealistic assumptions of 
 resource parity and coordination among entities.
  
+In random fail-stop model, cited in \cite{naor03simpledht}, faulty peer is 
deleted from the Peer-to-Peer system.
+The reason for faultyness of peer can be a software failure, a hostile attack, 
or external threat such as virus or
+troijan. Closey related to fail-stop model is the Byzantine attack model 
+\cite{357176}. Byzantine model can been seen more seveve than fail-stop model 
as there are no restrictions over 
+the behaviour of faulty peers. Partial, practical solution for byzantine 
failures has been proposed by Castro et 
+al \cite{296824}. General robustness properties of Peer-to-Peer system is able 
to deal with software failures and hostile
+attack, but redundancy againts external threats is unknown. The reason for 
this is that there are no experiences
+on these kinds of attacks. Possible solution would be distributed anti-virus 
software, but much more intensive
+research is required for solve these problems.
+
+Spam generating attack is another known attack model againts Peer-to-Peer 
system. In Spam
+attack, hostile or faulty peer may produce false information of the data. 
Possible solution againts this attack
+is that peer should not trust to single entity. Instead peer should get 
information from multiple entities and trust 
+on majority's opinion. However, Spam attack is combined with Sybil attack, 
obviously previously mentioned solution
+won't work. Again, more research is required to solve this attack model 
reliability. Naor et al \cite{naor03simpledht}
+ has proposed a partial solution againts Spam attack with \emph{faulty} peers 
(not hostile).
+
+Traditional overload of targeted peers is best known form of distrubuted 
Denial of Service attack (DDoS). For example, 
+hostile entity can attempt to burden targetted peers with garbage packets. As 
a implication, peers may act
+incorrectly or stop working. DDoS attack may be very severe, especially if 
rate of replication in Peer-to-Peer system 
+is low. This may lead to data loss in the Peer-to-Peer system. Daswani et al 
\cite{daswani02queryflooddos} has done 
+research regarding to this subject. Authors suggest efficient load balancing 
policies for Peer-to-Peer system in 
+order to prevent massive system failures. Sit et al \cite{sit02securitycons} 
suggests that identifier assignment 
+algorithm for peers would assign identifier with respect to network topology 
and replicas should be located 
+physically to different locations. 
 
-
-1) Sybil attack \cite{douceur02sybil} 
-2) Fail-stop
-3) Spam generating model \cite{naor03simpledht}
-4) Byzantine problem \cite{357176}, p2p domain \cite{296824}
-5) General DDoS
-
-
-
-1) Sybil attack \cite{douceur02sybil} 
-2) Fail-stop
-3) Spam generating model \cite{naor03simpledht}
-
-Decentralized, but structured
-a) Censorship Resistant Peer-to-Peer Content Addressable Networks 
\cite{fiat02censorship},
--system is resilient to adversial and controlled attacks
--however, they assume that number of deleted peers is constant
--not effiecient methods for maintaining dynamic netoworks 
-b) Dynamically Fault-Tolerant Content Addressable Networks 
\cite{saia02dynamicfaultcontentnetwork}
--system is resilient to adversial and controlled attacks (partial support for 
dynamic deletions, see below)
--however, still assume a constant number of participating peers
--not effiecient methods for maintaining dynamic netoworks
-c) Butterflies and Peer-to-Peer Networks \cite{datar02butterflies}
--system is resilient to adversial and controlled attacks
--support for dynamic deletions and dynamic number of participants
--not effiecient methods for maintaining dynamic netoworks
-
-Open problems, which remain to be addressed for fault tolerant decentralized, 
but structured strategies
-
-a) Is it possible to and efficient and dynamic fault tolerant decentralized, 
but structured system, which
-allows e.g. multiple rounds of adversary attack ?
-b) Could multi-butterflier be used in and efficient manner to construct a span 
resistant network ?
-c) Are there lower bounds for average degree of nodes, query path length etc. 
for a network that is
-fault tolerant to linear number of adversial faults ?
-
+\subsection{Data authenticity and integrity}
 
 
-\subsection{Data authenticity and integrity}
 -Could we use SDSI/SPKI in our system (it's hierarchical), like in ConChord 
\cite{ajmani02conchord}
 -is there any other implementations of SDSI/SPKI-like systems ?
 -SDSI/SPKI is not optimal for us, but somewhat working solution