[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...
From: |
Hermanni Hyytiälä |
Subject: |
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert... |
Date: |
Thu, 20 Mar 2003 08:04:20 -0500 |
CVSROOT: /cvsroot/gzz
Module name: gzz
Changes by: Hermanni Hyytiälä <address@hidden> 03/03/20 08:04:20
Modified files:
Documentation/misc/hemppah-progradu: masterthesis.tex
progradu.bib
Log message:
More, more, more, more...
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.164&tr2=1.165&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/progradu.bib.diff?tr1=1.113&tr2=1.114&r1=text&r2=text
Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.164
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.165
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.164 Thu Mar
20 07:18:43 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex Thu Mar 20
08:04:19 2003
@@ -169,11 +169,12 @@
In the end, however, we observe that there are only two approaches in which
all modern Peer-to-Peer
systems fall: the loosely structured approach and the tightly structured
approach. By structure, we refer to
the topology of the overlay network, i.e., how the connections between
participating peers are created
-and maintained. In the loosely structured approach the construction and the
maintenance of the overlay is controlled
-loosely. The placement of services and topology of the overlay is random. Data
lookups in loosely structured systems are
+and maintained. By data lookup model, we mean the methods which are used for
finding data from the overlay.
+In the loosely structured approach the construction and the maintenance of the
overlay is controlled
+loosely. The placement of services and topology of the overlay is random. The
data lookup model in loosely structured systems is
not very efficient, because of unstructured properties of the overlay. On the
other hand, in the tightly structured
approach the overlay is constructed determistically, which all participating
peers have to follow. The topology of the
-overlay and the placement of services is controlled tightly therefore enabling
more scalable and efficient data lookups.
+overlay and the placement of services is controlled tightly therefore enabling
more scalable and efficient data lookup model.
In the following sections, we will discuss in more detail the properties of
these approaches.
@@ -495,9 +496,9 @@
to cope with billions of concurrent peers \cite{osokine02distnetworks},
\cite{kubiatowicz00oceanstore}.
To end user, the biggest difference between these systems is how data lookups
are performed. Loosely
-structured systems provide a more rich and user friendly way of searching data
than tightly structured systems
-as they have a support for keyword searches. On the other hand, tightly
structured
-systems support only exact key lookups as each data item is identified by
globally unique keys.
+structured systems provide more rich and user friendly way of searching data
than tightly structured systems
+as they have a support for keyword searches. Tightly structured
+systems support only exact key lookups since each data item is identified by
globally unique keys.
In the end, both systems have open problems and issues. We will discuss these
aspects more detail in
chapter 3. Table \ref{table_comparison_approach} lists the key differences
between the loosely structured
@@ -591,10 +592,10 @@
\subsection{Algorithms}
Table \ref{table_Peer-to-Peer_algorithms} lists proposed Peer-to-Peer
algorithms
-and their key properties with regard to performance and scalability. List
+and their key properties with regard to performance and scalability. The list
includes algorithms from both loosely and tightly structured approaches. The
list doesn't
include \emph{all} proposed Peer-to-Peer algorithms. Only the ones which
already have
-been widely deployed in real life, or the ones which may be promising in the
future
+been widely deployed, or the ones which may be promising in the future
Peer-to-Peer systems are included in this thesis.
We decided to follow the guidelines from \cite{kaashoek03koorde} in measuring
@@ -606,10 +607,10 @@
Here, we describe the listed properties of Peer-to-Peer algorithms:
\begin{itemize}
-\item \textbf{Lookup}: the number of messages required when a data lookup is
performed
-\item \textbf{Space}: the number of neighbors which peers knows about
(neighbors)
-\item \textbf{Insert/delete}: the number of messages required when a peer
joins or leaves the network
- \item \textbf{Number of network connections}: the number of concurrent
network connections required to maintain correct neighbor information
+\item \textbf{Lookup}: the number of messages required when a data lookup is
performed.
+\item \textbf{Space}: the number of neighbors which peers knows about
(neighbors).
+\item \textbf{Insert/delete}: the number of messages required when a peer
joins or leaves the network.
+ \item \textbf{Number of network connections}: the number of concurrent
network connections required to maintain correct neighbor information.
\end{itemize}
\scriptsize
@@ -818,47 +819,42 @@
needed to make Peer-to-Peer systems more secure and efficient.
Both the loosely structured and the tightly structured approach have their own
specific problems.
-Since Napster \cite{napsterurl} and Gnutella \cite{gnutellaurl} were first
introduced
-to the public, researchers' main concern has been the scalability problem of
the loosely structured
-approach. However, people often misunderstand the scalability problem of the
loosely structured
-approach; \emph{network} of loosely structured systems is scalable, but the
\emph{data lookup model} is not.
+Since Gnutella \cite{gnutellaurl} was first introduced
+to the public, researchers' main concern has been the scalability problem of
loosely structured
+systems. However, people often misunderstand the scalability problem of the
loosely structured
+approach; \emph{the network overlay} of loosely structured systems is
scalable, but the \emph{data lookup model} is not.
The main concern of the tightly structured system is to make overlay's data
lookup process
more fault tolerant against hostile attacks. Other key problems in tightly
structured
systems are the lack of keyword searches, support for heterogeneous peers and
load balancing
\cite{balakrishanarticle03lookupp2p}.
-To make Peer-to-Peer systems even more popular (e.g., in industry),
Peer-to-Peer domain
-needs better infrastructures to deal with security issues. Some research has
been done regarding
-anonymity, access control, data availability and data integrity but as
-we state in the following sections, much more research work is required to
solve these issues.
-
\section{Security problems in Peer-to-Peer}
In this section we discuss security problems related to Peer-to-Peer domain.
\subsection{Attacks}
-There are five known attack models against Peer-to-Peer systems: Sybil attack
\cite{douceur02sybil},
-Fail-stop attack, Spam attack \cite{naor03simpledht}, Byzantine attack
\cite{357176} and \cite{296824}, and
-general Distributed Denial of Service attack.
-
-In Sybil attack model, a hostile entity presents multiple
-entities. Therefore, one hostile entity can control a large fraction of the
Peer-to-Peer system. Possible solution to
-Sybil attack would be that the system could distinguish entities of the system
reliably. Unfortunately,
-currently there are no realizable techniques for this task. Partial solutions
for Sybil attack is to replicate
-and fragment data randomly among several participating peers. However, both
suggestions assume that two different
+There are five known attack models against Peer-to-Peer systems: the Sybil
attack \cite{douceur02sybil},
+the Fail-stop attack, the Spam attack \cite{naor03simpledht}, the Byzantine
attack \cite{357176} and \cite{296824}, and
+the Distributed Denial of Service attack.
+
+In the Sybil attack model \cite{douceur02sybil}, a hostile entity presents
multiple
+entities. Therefore, one hostile entity can control a large fraction of
Peer-to-Peer system. Possible solution against
+the Sybil attack would be that the system could distinguish entities of the
system reliably. Unfortunately,
+currently there are no realizable techniques for this task. Partial solutions
for the Sybil attack is to replicate
+and fragment data items randomly among several participating peers. However,
this suggestion assumes that two different
remote entities are actually different; Sybil attacks are still possible and
therefore would need centralized
authority for reliable authentication. As the author argues in
\cite{douceur02sybil}, without centralized authority,
Sybil attacks are always possible in a Peer-to-Peer system except under
extreme and unrealistic assumptions of
resource parity and coordination among entities.
-In random fail-stop model, cited in \cite{naor03simpledht}, a faulty peer is
deleted from the Peer-to-Peer system.
-The reason for the faultiness of a peer can be a software failure, a hostile
attack, or an external threat such as virus or
-trojan. The Byzantine attack model \cite{357176} closely related to fail-stop
model. Byzantine model can be seen as more
-severe than fail-stop model as there are no restrictions over the behavior of
faulty peers. Practical but partial
-solution for Byzantine failures has been proposed by Castro et al.
\cite{296824}.
+In the Fail-stop attack model, cited in \cite{naor03simpledht}, a faulty peer
is deleted from the Peer-to-Peer system.
+The reason for the faultiness of a peer can be a software failure or a hostile
attack.
+The Byzantine attack model \cite{357176} is closely related to Fail-stop
model. Byzantine model can be seen as more
+severe than Fail-stop model as there are no restrictions over the behavior of
faulty peers. A practical
+solution for the Byzantine failures have been proposed by Castro et al.
\cite{296824}.
-Spam generating attack is another known attack model against Peer-to-Peer
system. In Spam
+The Spam generating attack \cite{naor03simpledht} is an another known attack
model against Peer-to-Peer system. In the Spam
attack, a hostile or faulty peer may produce false information of the data, or
refuses to (or is not able to) reply to requests.
Possible solution against this attack is that peer should not trust a single
entity. Instead, a peer should get
information from multiple entities and trust on the majority's opinion. This
method requires more messages to be
@@ -866,17 +862,17 @@
the previously mentioned solution doesn't work. Naor et al.
\cite{naor03simpledht} have proposed a partial solution against Spam attack
in \emph{faulty} peer environment (not hostile).
-Traditional overloading of targeted peers is the best known form of
distributed Denial of Service attack (DDoS). For example,
-a hostile entity can attempt to burden targeted peers with garbage network
packets. As an implication, peers may act
-incorrectly or stop working. DDoS attack may be very severe, especially if the
rate of replication and caching
+Traditional overloading of targeted peers is the best known form of
distributed Denial of Service attack (DDoS) (see, e.g., \cite{372148}).
+For example, a hostile entity can attempt to burden targeted peers with
garbage network packets. As an implication, peers may act
+incorrectly or stop working. The DDoS attack may be very severe, especially if
the rate of replication and caching
in the Peer-to-Peer system is low. This may lead to data loss in the
Peer-to-Peer system. Daswani et al.
\cite{daswani02queryflooddos} suggest efficient load balancing
policies for Peer-to-Peer system in order to prevent massive system failures.
Sit et al. \cite{sit02securitycons}
suggest that identifier assignment algorithm for peers would assign identifier
with respect to network topology
and replicas should be located physically to different locations.
-As stated in \cite{naor03simpledht}, an important aspect is that when it comes
to general security aspects and
-Byzantine faults in any Peer-to-Peer system, there should be a clear
distinction between attacks on the
+As stated in \cite{naor03simpledht}, an important aspect is that when it comes
to different attack models in
+any Peer-to-Peer system, there should be a clear distinction between attacks
on the
algorithms assuming the construction of the overlay is correct, and attacks on
the construction itself. Clearly, Sybil
and Spam attacks belong to the first category, and the rest of the attacks to
the latter category.
Index: gzz/Documentation/misc/hemppah-progradu/progradu.bib
diff -u gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.113
gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.114
--- gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.113 Wed Mar 19
04:20:49 2003
+++ gzz/Documentation/misc/hemppah-progradu/progradu.bib Thu Mar 20
08:04:20 2003
@@ -2170,3 +2170,17 @@
Year = {1990},
ISBN = {0-13-643016-3}
}
+
address@hidden,
+ author = {Frank Kargl and Joern Maier and Michael Weber},
+ title = {Protecting web servers from distributed denial of service
attacks},
+ booktitle = {Proceedings of the tenth international conference on World
Wide Web},
+ year = {2001},
+ isbn = {1-58113-348-0},
+ pages = {514--524},
+ location = {Hong Kong, Hong Kong},
+ doi = {http://doi.acm.org/10.1145/371920.372148},
+ publisher = {ACM Press},
+}
+
+
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., (continued)
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/18
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/19
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/19
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/19
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...,
Hermanni Hyytiälä <=
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/20
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/21
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/21
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/21
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/21
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/21
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/24
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/24
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/24