Date of Award

6-1-2009

Document Type

Masters Thesis

Degree Name

M.S.

Organizational Unit

Daniel Felix Ritchie School of Engineering and Computer Science

First Advisor

Christian Grothoff, Ph.D.

Second Advisor

Richard Ball, Ph.D.

Third Advisor

Chris Gauthier-Dickey

Fourth Advisor

Ramakrishna Thurimella

Keywords

Dht, Freenet, P2p, Peer-to-peer, Restricted route, Security

Abstract

In many networks, such as mobile ad-hoc networks and friend-to-friend overlay networks, direct communication between nodes is limited to specific neighbors. Friendto-friend “darknet” networks have been shown to commonly have a small-world topology; while short paths exist between any pair of nodes in small-world networks, it is non-trivial to determine such paths with a distributed algorithm. Recently, Clarke and Sandberg proposed the first decentralized routing algorithm that achieves efficient routing in such small-world networks.

Herein this thesis we discuss the first independent security analysis of Clarke and Sandberg’s routing algorithm. We show that a relatively weak participating adversary can render the overlay ineffective without being detected, resulting in significant data loss due to the resulting load imbalance. We have measured the impact of the attack in a testbed of 800 and 400 total nodes using minor modifications to Clarke and Sandberg’s implementation of their routing algorithm in Freenet. Our experiments show that the attack is highly effective, allowing a small number of malicious nodes to cause rapid loss of data on the entire network.

We also discuss various proposed countermeasures designed to detect, thwart or limit the attack. We found that the “darknet” topology limits the ability of effective countermeasures. The problem of fixing the topology proved so intractable due to inherent network characteristics that the idea of using a darknet for Freenet has ii been all but abandoned following the public release of this work. Our hope is that the presented analysis acts as a step towards effective analysis and design of secure distributed routing algorithms for restricted-route topologies.

It should be noted that this thesis is an extended version of the same work presented at ACSAC 2007. The work appears in the conference proceedings as “Routing in the Dark: Pitch Black” [19] largely unmodified from this thesis.

Publication Statement

Copyright is held by the author. User is responsible for all copyright compliance.

Rights Holder

Nathan S. Evans

Provenance

Received from ProQuest

File Format

application/pdf

Language

en

File Size

84 p.

Discipline

Computer science



Share

COinS