Đang tải... (xem toàn văn)
Computer Security: Chapter 8 - Trust in P2P Systems Introduction about Mitigating Attacks in P2P Systems, Assumptions for Peer Interactions; Contexts of Trust in P2P Systems, Definitions for the Proposed Solution, Trust Metrics, Trust-based Decisions,...
8. Trust in P2P Systems Prof. Bharat Bhargava Center for Education and Research in Information Assurance and Security (CERIAS) and Department of Computer Sciences Purdue University http://www.cs.purdue.edu/people/bb bb@cs.purdue.edu Collaborators in the RAID Lab (http://raidlab.cs.purdue.edu): Mr. Ahmet Burak Can (Ph.D. Student) Trust in P2P Systems Outline 1) Introduction 1.1) Mitigating Attacks in P2P Systems 1.2) Assumptions for Peer Interactions 2) Contexts of Trust in P2P Systems 3) Definitions for the Proposed Solution 4) Trust Metrics 5) Trustbased Decisions 6) Interaction Evaluation by Peers 7) Recommendation Evaluation by Peers 8) Simulation Experiments 8.1) Attacker Models for Simulation: Individual attackers/ Collaborators / Pseudospoofers 8.2) Experimental Results 1) Introduction 1.1) Mitigating Attacks in P2P Systems Mitigating attacks in a malicious P2P environment Use trust relationships among peers to mitigate attacks in a malicious P2P environment Algorithms are needed to establish trust among peers Research tasks: Propose trust metrics that reflect all aspects of trust Develop distributed algorithms to manage trust relationships among peers and help them to make decisions using trust metrics Define methods to evaluate interactions and trust information exchanged among peers (recommendations) 1.2) Assumptions for Peer Interactions Peers use no a priori information to establish trust No preexisting trust relationships among peers A peer must contribute and behave well to gain and preserve trust of another peer Malicious behavior of Peer 1 against Peer 2 can easily destroy trust of Peer 2 in Peer 1 Trust metrics should have sufficient precision Required to rank peers accurately (according their trustworthiness) 2) Contexts of Trust in P2P Systems Two contexts of trust — w.r.t. performing 2 different tasks: 1) Providing services to other peers 2) Giving recommendations to other peers These contexts considered separately A peer might simultaneously be a good service provider and a bad recommender (or vice versa) 3) Definitions for the Proposed Solution A peer becomes an acquaintance of another peer after providing it a service (e.g., uploading a file) Using a service from a peer is called a service interaction All peers are strangers to each other at the start A recommendation represents the acquaintance’s trust information about a stranger A peer expands its set of acquaintances by using services from strangers A peer requests recommendations about a stranger only from its acquaintances Receiving a recommendation from an acquaintance is a recommendation interaction 4) Trust Metrics (1) Reputation is the primary metric when deciding about strangers in the service context Recommendations from acquaintances used to calculate reputation metric Service trust is a metric to measure trustworthiness of a peer in the service context A service provider is selected according to service trust and reputation metric Service trust metric of a peer calculated based on its past service interactions and its reputation 4) Trust Metrics (2) Recommendation trust is the primary metric to measure trustworthiness of a peer in the recommendation context I.e., when selecting recommenders and evaluating recommendations Recommendation trust metric of a peer calculated based on past recommendation interactions and its reputation Analogously to service trust metric 5) Trustbased Decisions (1) When making trust decisions, interactions and reputation are considered separately This helps when making a distinction between two trustworthy peers Trust decisions about a stranger are based on reputation Trust decisions about an acquaintance are based on its past interactions and reputation As more interactions happen with an acquaintance, the experience derived through interactions becomes more important than its reputation 5) Trustbased Decisions (2) Using available acquaintances by a peer If no acquaintances simply trust any stranger providing the requested service If some acquaintances calculate reputation of strangers based on recommendations of acquaintances May select one of the strangers May choose not to entrust strangers if acquaintances can deliver the needed service As more acquaintances become available – can become more selective 10 6) Interaction Evaluation by Peers Using all available information about interactions is helpful to calculate trust metrics more precisely A peer should be able to express its level of satisfaction about an interaction Considering several parameters Service interactions might have varying importance E.g., online/offline periods, bandwidth, delay of the uploader in a file download operation E.g., downloading a large file more important than downloading a small file The effect of an interaction on trust calculation fades as new interactions occur 11 7) Recommendation Evaluation by Peers A recommendation makes a clear distinction between the recommender’s own experience and secondhand information collected from its acquaintances A recommendation contains the recommender’s level of confidence in the information provided This distinction enables more precise calculation of reputation If the recommender has a low confidence, the recommendation is weak A weak recommendation’s effect on the calculated reputation value is less than a strong one A recommending peer is no more liable than its confidence in its recommendation A recommendation from Peer 2 (the recommender) is evaluated by Peer 1 based on the value of recommendation trust metric that Peer 1 has for Peer 2 12 8) Simulation Experiments A file sharing application was simulated The results of several empirical studies are used to simulate peer, resource, and network parameters Some of the simulation parameters: To understand the proposed algorithms for mitigating attacks related to services and recommendations Peer capabilities: bandwidth, number of shared files Peer behavior: online/offline periods, waiting time for sessions Resource distribution: file sizes, popularity of files Considered attack scenarios: Individual, collaborative and pseudonym changing attacks scenarios Simulated nine different malicious behaviors 13 8.1) Attacker Models for Simulation 2 types of attacks: 1) Servicebased attack — uploading a virus infected or inauthentic file 2) Recommendationbased attack — giving misleading recommendations Two subtypes of misleading recommendations: Unfairly high recommendation: Giving a positivelybiased trust value about the recommended peer Unfairly low recommendation: Giving a negativelybiased trust value about the recommended peer Three types of attackers: a) Individual attackers b) Collaborators c) Pseudospoofers 14 a) Model of Individual Attackers Individual attackers — perform attacks independently (does not cooperate with other attackers) Three individual attacker behaviors: Naïve attacker — always uploads infected/inauthentic files and gives unfairly low recommendations to others Discriminatory attacker — attacks a selected group of victims Always uploads infected/inauthentic files to them and gives unfairly low recommendations for them It treats all other peers fairly Hypocritical attacker — uploads infected/inauthentic files and gives unfairly low recommendations with x% probability 15 b) Model of Collaborators Collaborators — malicious peers that coordinate attacks with other peers Collaborators never attack each other Always upload authentic files to each other Always give fair recommendations to other collaborators Collaborators always give unfairly high recommendations about each other to noncollaborating peers Try to convince good peers to download files from any one of the collaborators Three collaborator behaviors (analogous as for individual attackers) Naïve, Hypocritical, Discriminatory 16 c) Model of Pseudospoofers Pseudospoofer — a malicious peer which changes its pseudonym periodically to escape from being identified A pseudospoofer behaviors: Naïve / discriminatory / hypocritical Analogous to individual attacker behaviors 17 8.2) Experimental Results In a nonmalicious network, reputation of a peer is proportional to its capabilities such as network bandwidth, average online period on the network and number of shared resources In a malicious network, service and recommendation based attacks affect reputation of a peer 18 a) Results for Individual Attackers All attacks of individual attackers are mitigated easily Hypocritical attacks take more time to detect than other individual attackers 19 b) Results for Collaborators (1) Detection of collaborators usually takes longer than detection of an individual attacker Unfairly high recommendations provides an advantage except naïve collaborators Naïve collaborators do not benefit from collaboration They have zero reputation since they can not complete any service interaction Hence they are not requested for any recommendations Collaboration is partially successful in hypocritical and discriminatory behaviors 20 b) Results for Collaborators (2) Hypocritical collaborators succeeded to launch more servicebased attacks at the start of experiments At the start, good peers do not have many acquaintances collaborators deceive them easily by distributing unfairly high recommendations for each other Then collaborators able to take advantage of unfairly heightened reputations to attract good peers for their “services” (= attacks) As good peers gain more good acquaintances, hypocritical collaborators are identified (and their attacks mitigated) 21 b) Results for Collaborators Servicebased attacks of discriminatory collaborators are mitigated easier than those of hypocritical ones (3) Victims of discriminatory collaborators quickly identify them But discriminatory collaborators gained a high recommendation trust value & were able to continue distributing misleading recommendations Collaborators do not attack most good peers Thus, good peers believe their recommendations Victims give low recommendations for discriminatory collaborators However, good peers think that victims are giving misleading recommendations for discriminatory collaborators Thus, discriminatory collaborators are able to continue distributing misleading recommendations 22 c) Results for Pseudospoofers Attacks of pseudospoofers are as easily mitigated as those of individual attackers Peers gain more acquaintances and have less tendency to select strangers with time Thus, pseudospoofers are more isolated from good peers after each pseudonym change Experimental results for Pseudospoofers 23 d) Experim. Results – General Remarks Defining a context of trust increases a peer's ability to identify and mitigate attacks on the contextrelated tasks Context of trust can be used to increase a peer’s reasoning ability for different tasks Such as routing, integrity checking and protecting privacy 24 THE END 25 .. .Trust in P2P Systems Outline 1) Introduction 1.1) Mitigating Attacks in P2P Systems 1.2) Assumptions for Peer Interactions 2) Contexts of Trust in P2P Systems 3) Definitions for the Proposed Solution... Individual attackers/ Collaborators / Pseudospoofers 8. 2) Experimental Results 1) Introduction 1.1) Mitigating Attacks in P2P Systems Mitigating attacks in a malicious P2P environment Use trust relationships among peers to mitigate attacks in ... trustworthiness) 2) Contexts of Trust in P2P Systems Two contexts of trust — w.r.t. performing 2 different tasks: 1) Providing services to other peers 2) Giving recommendations to other peers