[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...

[Hermanni Hyytiälä]

CVSROOT:        /cvsroot/gzz
Module name:    gzz
Changes by:     Hermanni Hyytiälä <address@hidden>      03/03/20 08:04:20

Modified files:
        Documentation/misc/hemppah-progradu: masterthesis.tex 
                                             progradu.bib 

Log message:
        More, more, more, more...

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.164&tr2=1.165&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/progradu.bib.diff?tr1=1.113&tr2=1.114&r1=text&r2=text

Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.164 
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.165
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.164      Thu Mar 
20 07:18:43 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex    Thu Mar 20 
08:04:19 2003
@@ -169,11 +169,12 @@
 In the end, however, we observe that there are only two approaches in which 
all modern Peer-to-Peer
 systems fall: the loosely structured approach and the tightly structured 
approach. By structure, we refer to
 the topology of the overlay network, i.e., how the connections between 
participating peers are created
-and maintained. In the loosely structured approach the construction and the 
maintenance of the overlay is controlled 
-loosely. The placement of services and topology of the overlay is random. Data 
lookups in loosely structured systems are 
+and maintained. By data lookup model, we mean the methods which are used for 
finding data from the overlay. 
+In the loosely structured approach the construction and the maintenance of the 
overlay is controlled 
+loosely. The placement of services and topology of the overlay is random. The 
data lookup model in loosely structured systems is
 not very efficient, because of unstructured properties of the overlay. On the 
other hand, in the tightly structured
 approach the overlay is constructed determistically, which all participating 
peers have to follow. The topology of the
-overlay and the placement of services is controlled tightly therefore enabling 
more scalable and efficient data lookups.
+overlay and the placement of services is controlled tightly therefore enabling 
more scalable and efficient data lookup model.
 
 In the following sections, we will discuss in more detail the properties of 
these approaches.
 
@@ -495,9 +496,9 @@
 to cope with billions of concurrent peers \cite{osokine02distnetworks}, 
\cite{kubiatowicz00oceanstore}.
 
 To end user, the biggest difference between these systems is how data lookups 
are performed. Loosely
-structured systems provide a more rich and user friendly way of searching data 
than tightly structured systems 
-as they have a support for keyword searches. On the other hand, tightly 
structured 
-systems support only exact key lookups as each data item is identified by 
globally unique keys.
+structured systems provide more rich and user friendly way of searching data 
than tightly structured systems 
+as they have a support for keyword searches. Tightly structured 
+systems support only exact key lookups since each data item is identified by 
globally unique keys.
 
 In the end, both systems have open problems and issues. We will discuss these 
aspects more detail in 
 chapter 3. Table \ref{table_comparison_approach} lists the key differences 
between the loosely structured 
@@ -591,10 +592,10 @@
 \subsection{Algorithms}
 
 Table \ref{table_Peer-to-Peer_algorithms} lists proposed Peer-to-Peer 
algorithms 
-and their key properties with regard to performance and scalability. List 
+and their key properties with regard to performance and scalability. The list 
 includes algorithms from both loosely and tightly structured approaches. The 
list doesn't 
 include \emph{all} proposed Peer-to-Peer algorithms. Only the ones which 
already have 
-been widely deployed in real life, or the ones which may be promising in the 
future 
+been widely deployed, or the ones which may be promising in the future 
 Peer-to-Peer systems are included in this thesis.
  
 We decided to follow the guidelines from \cite{kaashoek03koorde} in measuring
@@ -606,10 +607,10 @@
 Here, we describe the listed properties of Peer-to-Peer algorithms:
 
 \begin{itemize}
-\item \textbf{Lookup}: the number of messages required when a data lookup is 
performed
-\item \textbf{Space}: the number of neighbors which peers knows about 
(neighbors) 
-\item \textbf{Insert/delete}: the number of messages required when a peer 
joins or leaves the network
- \item \textbf{Number of network connections}: the number of concurrent 
network connections required to maintain correct neighbor information
+\item \textbf{Lookup}: the number of messages required when a data lookup is 
performed.
+\item \textbf{Space}: the number of neighbors which peers knows about 
(neighbors).
+\item \textbf{Insert/delete}: the number of messages required when a peer 
joins or leaves the network.
+ \item \textbf{Number of network connections}: the number of concurrent 
network connections required to maintain correct neighbor information.
 \end{itemize}
 
 \scriptsize
@@ -818,47 +819,42 @@
 needed to make Peer-to-Peer systems more secure and efficient.
 
 Both the loosely structured and the tightly structured approach have their own 
specific problems. 
-Since Napster \cite{napsterurl} and Gnutella \cite{gnutellaurl} were first 
introduced 
-to the public, researchers' main concern has been the scalability problem of 
the loosely structured 
-approach. However, people often misunderstand the scalability problem of the 
loosely structured 
-approach; \emph{network} of loosely structured systems is scalable, but the 
\emph{data lookup model} is not. 
+Since Gnutella \cite{gnutellaurl} was first introduced 
+to the public, researchers' main concern has been the scalability problem of 
loosely structured 
+systems. However, people often misunderstand the scalability problem of the 
loosely structured 
+approach; \emph{the network overlay} of loosely structured systems is 
scalable, but the \emph{data lookup model} is not. 
 The main concern of the tightly structured system is to make overlay's data 
lookup process 
 more fault tolerant against hostile attacks. Other key problems in tightly 
structured 
 systems are the lack of keyword searches, support for heterogeneous peers and 
load balancing
 \cite{balakrishanarticle03lookupp2p}.
 
-To make Peer-to-Peer systems even more popular (e.g., in industry), 
Peer-to-Peer domain
-needs better infrastructures to deal with security issues. Some research has 
been done regarding 
-anonymity, access control, data availability and data integrity but as
-we state in the following sections, much more research work is required to 
solve these issues.
-
 \section{Security problems in Peer-to-Peer}
 
 In this section we discuss security problems related to Peer-to-Peer domain.
 
 \subsection{Attacks}
 
-There are five known attack models against Peer-to-Peer systems: Sybil attack 
\cite{douceur02sybil},
-Fail-stop attack, Spam attack \cite{naor03simpledht}, Byzantine attack 
\cite{357176} and \cite{296824}, and
-general Distributed Denial of Service attack. 
-
-In Sybil attack model, a hostile entity presents multiple 
-entities. Therefore, one hostile entity can control a large fraction of the 
Peer-to-Peer system. Possible solution to 
-Sybil attack would be that the system could distinguish entities of the system 
reliably. Unfortunately,
-currently there are no realizable techniques for this task. Partial solutions 
for Sybil attack is to replicate
-and fragment data randomly among several participating peers. However, both 
suggestions assume that two different 
+There are five known attack models against Peer-to-Peer systems: the Sybil 
attack \cite{douceur02sybil},
+the Fail-stop attack, the Spam attack \cite{naor03simpledht}, the Byzantine 
attack \cite{357176} and \cite{296824}, and
+the Distributed Denial of Service attack. 
+
+In the Sybil attack model \cite{douceur02sybil}, a hostile entity presents 
multiple 
+entities. Therefore, one hostile entity can control a large fraction of 
Peer-to-Peer system. Possible solution against 
+the Sybil attack would be that the system could distinguish entities of the 
system reliably. Unfortunately,
+currently there are no realizable techniques for this task. Partial solutions 
for the Sybil attack is to replicate
+and fragment data items randomly among several participating peers. However, 
this suggestion assumes that two different 
 remote entities are actually different; Sybil attacks are still possible and 
therefore would need centralized 
 authority for reliable authentication. As the author argues in 
\cite{douceur02sybil}, without centralized authority, 
 Sybil attacks are always possible in a Peer-to-Peer system except under 
extreme and unrealistic assumptions of 
 resource parity and coordination among entities.
  
-In random fail-stop model, cited in \cite{naor03simpledht}, a faulty peer is 
deleted from the Peer-to-Peer system.
-The reason for the faultiness of a peer can be a software failure, a hostile 
attack, or an external threat such as virus or
-trojan. The Byzantine attack model \cite{357176} closely related to fail-stop 
model. Byzantine model can be seen as more 
-severe than fail-stop model as there are no restrictions over the behavior of 
faulty peers. Practical but partial 
-solution for Byzantine failures has been proposed by Castro et al. 
\cite{296824}. 
+In the Fail-stop attack model, cited in \cite{naor03simpledht}, a faulty peer 
is deleted from the Peer-to-Peer system.
+The reason for the faultiness of a peer can be a software failure or a hostile 
attack. 
+The Byzantine attack model \cite{357176} is closely related to Fail-stop 
model. Byzantine model can be seen as more 
+severe than Fail-stop model as there are no restrictions over the behavior of 
faulty peers. A practical 
+solution for the Byzantine failures have been proposed by Castro et al. 
\cite{296824}. 
 
-Spam generating attack is another known attack model against Peer-to-Peer 
system. In Spam
+The Spam generating attack \cite{naor03simpledht} is an another known attack 
model against Peer-to-Peer system. In the Spam
 attack, a hostile or faulty peer may produce false information of the data, or 
refuses to (or is not able to) reply to requests. 
 Possible solution against this attack is that peer should not trust a single 
entity. Instead, a peer should get 
 information from multiple entities and trust on the majority's opinion. This 
method requires more messages to be 
@@ -866,17 +862,17 @@
 the previously mentioned solution doesn't work. Naor et al. 
\cite{naor03simpledht} have proposed a partial solution against Spam attack
 in \emph{faulty} peer environment (not hostile).
 
-Traditional overloading of targeted peers is the best known form of 
distributed Denial of Service attack (DDoS). For example, 
-a hostile entity can attempt to burden targeted peers with garbage network 
packets. As an implication, peers may act
-incorrectly or stop working. DDoS attack may be very severe, especially if the 
rate of replication and caching 
+Traditional overloading of targeted peers is the best known form of 
distributed Denial of Service attack (DDoS) (see, e.g., \cite{372148}). 
+For example, a hostile entity can attempt to burden targeted peers with 
garbage network packets. As an implication, peers may act
+incorrectly or stop working. The DDoS attack may be very severe, especially if 
the rate of replication and caching 
 in the Peer-to-Peer system is low. This may lead to data loss in the 
Peer-to-Peer system. Daswani et al. 
 \cite{daswani02queryflooddos} suggest efficient load balancing 
 policies for Peer-to-Peer system in order to prevent massive system failures. 
Sit et al. \cite{sit02securitycons} 
 suggest that identifier assignment algorithm for peers would assign identifier 
with respect to network topology 
 and replicas should be located physically to different locations.
 
-As stated in \cite{naor03simpledht}, an important aspect is that when it comes 
to general security aspects and 
-Byzantine faults in any Peer-to-Peer system, there should be a clear 
distinction between attacks on the 
+As stated in \cite{naor03simpledht}, an important aspect is that when it comes 
to different attack models in 
+any Peer-to-Peer system, there should be a clear distinction between attacks 
on the 
 algorithms assuming the construction of the overlay is correct, and attacks on 
the construction itself. Clearly, Sybil
 and Spam attacks belong to the first category, and the rest of the attacks to 
the latter category.
 
Index: gzz/Documentation/misc/hemppah-progradu/progradu.bib
diff -u gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.113 
gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.114
--- gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.113  Wed Mar 19 
04:20:49 2003
+++ gzz/Documentation/misc/hemppah-progradu/progradu.bib        Thu Mar 20 
08:04:20 2003
@@ -2170,3 +2170,17 @@
        Year = {1990},
        ISBN = {0-13-643016-3} 
 }
+
address@hidden,
+       author = {Frank Kargl and Joern Maier and Michael Weber},
+       title = {Protecting web servers from distributed denial of service 
attacks},
+       booktitle = {Proceedings of the tenth international conference on World 
Wide Web},
+       year = {2001},
+       isbn = {1-58113-348-0},
+       pages = {514--524},
+       location = {Hong Kong, Hong Kong},
+       doi = {http://doi.acm.org/10.1145/371920.372148},
+       publisher = {ACM Press},
+}
+
+