Abstract
Structured Peer to Peer overlays have shown to be a very good solution for building very large scale distributed information systems. Most of them are based on Distributed Hash Tables (DHTs) that provide an easy way to manage replicas, thus facilitating high availability of data as well as fault tolerance. However, DHTs can also be affected by some well known Distributed Denial of Services attacks that can lead to almost complete unavailability of the stored objects. Very few powerful solutions exist for this kind of security weakness, and increasing the number of replicas for a given object seems to be the best known one. In this paper, we show how a recursive replicating schema can provide a good solution for this kind of attack.
This work is part of a CNRS/CONICYT international cooperation project between France and Chile.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Androutsellis-Theotokis, Spinellis: A survey of peer-to-peer content distribution technologies. CSURV: Computing Surveys 36 (2004)
Castro, M., Drushel, P., Ganesh, A., Rowstron, A., Wallach, D.: Secure routing for structured peer-to-peer overlay networks. In: Operating System Design and Implementation, OSDI 2002, Boston, MA (2002)
Patrikakis, C., Masikos, M., Zouraraki, O.: Distributed denial of service attacks. In: CISCO Systems (1992-2007), http://www.cisco.com/
Criscuolo, P.J.: Distributed denial of service. TR CIAC-2319, CIAC (2000)
Donkers, A.: IP spoofing: Are you really who you say you are? Sys Admin: The Journal for UNIX Systems Administrators 7(7), 69–71 (1998)
Douceur, J.R.: The sybil attack. Peer-to-Peer Systems. In: First International Workshop, IPTPS, Cambridge, MA, USA, March 7-8, 2002, pp. 251–260 (2002)
Druschel, P., Rowstron, A.I.T.: PAST: A large-scale, persistent peer-to-peer storage utility. In: HotOS, pp. 75–80. IEEE Computer Society Press, Los Alamitos (2001)
Eastlake, D.E., Jones, P.E.: US secure hash algorithm 1 (SHA1). Internet informational RFC 3174 (September 2001)
Etkin, D., Bhattacharya, S.: Selective denial of service and its impact to internet based information systems (May 08, 2000)
Di Francesco, P., Bianchi, G., Fabio, G., Oriti, N.: A new distributed defense to distributed denial of service attacks. Miami, Florida, USA, WSEAS (2004)
Lua, K., Crowcroft, J., Pias, M., Sharma, R., Lim, S.: A survey and comparison of peer-to-peer overlay network schemes. Communications Surveys & Tutorials, IEEE, 72–93 (2005)
Mislove, A., Post, A., Reis, C., Willmann, P., Druschel, P., Wallach, D.S., Bonnaire, X., Sens, P., Busca, J.-M., Arantes, L.B.: Post: A secure, resilient, cooperative messaging system. In: Jones, M.B. (ed.) HotOS, pp. 61–66. USENIX (2003)
Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: Collision-free hashfunctions based on blockcipher algorithms (IEEE catalog number 89CH2774-8). In: Proceedings 1989 International Carnahan Conference on Security Technology, Zurich, Switzerland, Oct 3–5 1989, pp. 203–210. IEEE Computer Society Press, Los Alamitos (1989)
Rowstron, A., Druschel, P.: Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–339. Springer, Heidelberg (2001)
Sit, E., Morris, R.: Security considerations for peer-to-peer distributed hash tables. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 261–269. Springer, Heidelberg (2002)
Stallings, W.: SHA: the Secure Hash Algorithm. Dr. Dobb’s Journal of Software Tools 19(4), 32–34 (1994)
Stoica, I., Morris, R., Karger, D.R., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. In: SIGCOMM, pp. 149–160 (2001)
Sung, M., Xu, J.: IP traceback-based intelligent packet filtering: A novel technique for defending against internet DDoS attacks. IEEE Transactions on Parallel and Distributed Systems PDS-14(9), 861–872 (2003)
Zhao, B.Y., Huang, L., Stribling, J., Rhea, S.C., Joseph, A.D, Kubiatowicz, J.D.: Tapestry: A resilient global-scale overlay for service deployment. IEEE Journal on Selected Areas in Communications 22(1), 41–53 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bonnaire, X., Marin, O. (2007). Recursive Replication: A Survival Solution for Structured P2P Information Systems to Denial of Service Attacks. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2007: OTM 2007 Workshops. OTM 2007. Lecture Notes in Computer Science, vol 4806. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76890-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-76890-6_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76889-0
Online ISBN: 978-3-540-76890-6
eBook Packages: Computer ScienceComputer Science (R0)