Research On Measurement And Security Of P2P Netwprks

P2P applications have become more and more important in Internet applications, and it takes unneglectable effect on the living custom and thinking scheme of human beings. The popularity of P2P techniques also brings big challenge for the point-to-point design of Internet. There are huge benefit tradeoffs among P2P users, P2P producers, traditional service providers, network service providers, as well as governments. To satisfy the benefits of all sides and develop of P2P technique with the controllability, security and optimization conditions, we need measure and research P2P networks widely and carefully.In the past few years, The P2P techniques about protocol design, routing arithmetic and searching optimization have been widely investigated, and recently, the research on measurement and security of P2P networks has been two new hot topics. The measurement on P2P networks focuses on its topology structure, traffic characteristic and availability; whereas, the security of P2P networks pay more attention on the security risks and their defense methods of their shared content, their nodes, or even users outside the P2P networks. In this paper, we will investigate on the measurement of performance and security of P2P networks, the misuse and defense of vulnerabilities of P2P networks, and the exploiting of the utility model of P2P networks. Contributions and innovations in this paper can be briefly summarized as following:1. Measurement and Analysis of ID Repetition in DHT NetworksDHTID uniqueness is essential in DHT-based systems, as peer lookup and resource searching rely on ID-matching. However, many DHT implementations in the wild, such as Kad and Mainline, do not enforce such uniqueness. Most previous works and measurements on DHTs do not take into account that IDs among peers may not be unique. Unfortunately, we observe that a significant portion of peers, i.e., 19.5% of the peers in Kad and 4.0% of the peers in Mainline, do not have unique IDs. These repetitions would mislead the measurements and modeling on those networks.We further focus on investigating the repetition in Kad considering its wider usage and more serious situation of repetition. We observe that there are a large number of peers that frequently change their UDP ports, and there are a few IDs that repeat for a large number of times and all peers with these IDs do not respond to Kad protocol. We also analyze the effects of ID repetitions under simplified settings and find that the current repetition degrades Kad's performance on publishing and searching, but has insignificant effect on lookup process. These measurement and analysis are useful to further determine the sources of repetitions and are also useful in finding suitable parameters in publishing and searching processes in DHT networks without compulsive ID uniqueness. 2. Measurement and Modeling of Lookup Traffic in a Large-scale DHT NetwrokLookup is crucial to locate peers and resources in structured P2P networks. In this paper, we measure and analyze the traffic characteristics of lookup in Kad, which is a widely used DHT network. Some previous works studied the user behaviors of Kad, yet we believe that investigating its traffic characteristics will also be beneficial, as it gives feedbacks to fine tune the system parameters, helps to uncover the abnormalities or misuses, and provides solid ground for synthesizing P2P traffic to evaluate future designs.To track the lookup requests more efficiently and from more peers in Kad, we develop an active traffic monitor, named Rememj. From the one-week data it collected, we uncover some interesting phenomena. Moreover, we characterize the traffic characteristics from the collected data in a form that can be used for constructing representative synthetic workloads for evaluating DHT optimizations or designs. In particular, the analysis exposes heterogeneous behavior that occurs on different days, in different geographical regions (i.e., Europe, Asia, and America) or during different periods of the day. The workload measures include the distribution of peers, the distribution of request load, the distribution of targets, as well as the similarity among targets.3. Analysis and Research on The Feasibility and Efficiency of Misusing Kademlia Protocol to Perform DDoS AttacksKademlia-based DHT implementations, such as Kad, Mainline and Azureus, have been widely deployed in many P2P applications. There are nearly ten millions of simultaneous online users in these DHT networks. For such a protocol that signifficantly involves so many users, its robustness and security must be evaluated carefully.In this paper, we analyze the Kademlia protocol and identify several potential vulnerabilities. We classify potential attacks as three types: asymmetric attack, routing table reflection attack and index reflection attack. We take Kad as an example and develop a prototype to evaluate the efficiency of these attacks. Through limited real-world experiments on Kad, it is found that these attacks can enlarge the original traffic up to one thousand of times on average. We further compare asymmetric attack with routing table reflection attack, and investigate distribution of attacks. More large-scale DDoS attack can be performed by means of a little more efforts. We introduce some methods to amplify the effect of attacks and some strategies to escape detection. Finally, we discuss several solutions for these attacks.4. Analysis and Research on Mitigating Application Layer DDoS Attacks Via Effective Trust ManagementNowadays, web servers are suffering from application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols.In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users from attackers. Its key insight is that a server should give priority to protecting the connectivity of good users during application layer DDoS attacks, instead of identifying all the attack requests. The trust to clients is evaluated based on their visiting history, and used to schedule the service to their requests. We introduce license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. We realize this mitigation mechanism and implement it as a Java package and use it for evaluation. The simulation results show that TMH is effective in mitigating session flooding attack: even with 20 times number of attackers, more than 99% of the sessions from legitimate users are accepted with TMH; whereas less than 18% are accepted without it. Moreover, we found that the additional computation cost on the deployed server is neglectable and the bandwidth overhead is acceptable.5. Analysis and Research on the Utility Model of Enhancing the Capability of Web Servers Using P2P NetworksNowadays, web servers are suffering from flash crowds and application layer DDoS attacks that can severely degrade the availability of services. It is difficult to prevent them because they comply with the communication protocol. Peer-to-peer (P2P) networks have been exploited to amplify DDoS attacks, but we believe their available resource, such as distributed storage and network bandwidth, can be used to mitigate both flash crowds and DDoS attacks. In this paper, we propose a server initiated approach to employ deployed P2P networks as distributed web caches, so that the workload directed to web servers can be reduced.In experiments, we use Kad as the particular P2P network for the realization of a large-scale distributed web cache. We performed comprehensive evaluation on the feasibility, efficiency and robustness of our scheme, through experiments and simulations on the prototype we implemented. The evaluation results show that our scheme can increase the capacity of the protected web servers at least 10 times at the same cost of connection and bandwidth consumption. The web contents cached in Kad remain reachable even under churn of peers and targeted DoS attack, and the access latency is comparable to normal direct access to web servers. It also achieves good load balancing under the heavy-tailed distribution of object popularity.