| Overlay networks are widely used to deploy functionality at edge nodes without changing network routers. Each node in an overlay network maintains pointers to a set of neighbor nodes. These pointers are used both to maintain the overlay and to implement application functionality. If an attacker controls a large fraction of the neighbors of correct nodes, it can "eclipse" correct nodes and prevent correct overlay operation. Even if the attacker controls only a small fraction of the overlay nodes, it may be able to launch the Eclipse attack by manipulating the overlay maintenance algorithm.; This thesis discusses the impact of Eclipse attack on several type of overlays and presents the design, implementation and evaluation of a new defense that can be applied to any overlay. Additionally, the proposed defense enables secure implementations of overlay optimizations that choose neighbors according to metrics like proximity or node capacity. |
