Pollution attacks detection in the P2PSP live streaming
system


Cristóbal Medina-López, L.G. Casado and Vicente González-Ruiz



Feder

Department of Informatics
University of Almería
Spain


Feder Gobierno de España Junta de Andalucia CEIA3 P2PSP protocol

Follow the slideshow on the Web


URL of these Slides:

http://slides.p2psp.org/CISIS15/



Diapositivas

Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...
P2PSP protocol

How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

1. The video is sent in real time to the Splitter.


How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

1. The video is sent in real time to the Splitter.


2. The Splitter divides the stream in several chunks and every chunk is sent to one different peer.


How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

1. The video is sent in real time to the Splitter.


2. The Splitter divides the stream in several chunks and every chunk is sent to one different peer.


How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

1. The video is sent in real time to the Splitter.


2. The Splitter divides the stream in several chunks and every chunk is sent to one different peer.


How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

1. The video is sent in real time to the Splitter.


2. The Splitter divides the stream in several chunks and every chunk is sent to one different peer.


How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

1. The video is sent in real time to the Splitter.


2. The Splitter divides the stream in several chunks and every chunk is sent to one different peer.


3. Each peer sends its chunks to each other in order to ensure that everyone has the whole stream.


How does a P2PSP system work?


A P2PSP Team


A P2PSP Team

1. The video is sent in real time to the Splitter.


2. The Splitter divides the stream in several chunks and every chunk is sent to one different peer.


3. Each peer sends its chunks to each other in order to ensure that everyone has the whole stream.


4. Peers send the stream to the player.

Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Pollution Attacks


Pollution attacks consist of a peer or a set of peers modifying the content of the stream. Can be done in different ways.


Pollution Attacks


Persistent attack: an attacker poisons every chunk received from the splitter and sends them to the entire team.


Persistent Attack

Pollution Attacks


On-Off attack: the attacker only poisons some chunks but not others.


On-Off Attack

Pollution Attacks


Selective attack: poisoning chunks intended for only one peer or a small subset of peers.


Selective Attack

Pollution Attacks


Collaborative attack: several attackers may collaborate to produce Selective and On-off attacks on a large set of peers.


Collaborative Attack

Pollution Attacks


Hand-wash attack: leaving the team and returning to continue the attack with another alias.


Hand-wash Attack

Pollution Attacks


Bad-mouth attack: blaming other regular peers of sending poisoned chunks or not sending chunks.


Bad-mouth Attack

Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Proposals


We present two different strategies aiming to mitigate the impact of pollution and related attacks by combining trust management, hashing/signatures and trusted peers.



1. Strategy based on Trusted Peers.
(STrPe)


Trusted Peers

2. Strategy based on Trusted Peers and Digital Signatures.
(STrPe-DS)


Trusted Peers and Digital Signatures

Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Strategy based on Trusted Peers


How does it work?


STrPe

Strategy based on Trusted Peers.


How does it work?


STrPe

1. Only the splitter knows who the TPs in the team are.


Strategy based on Trusted Peers.


How does it work?


STrPe

1. Only the splitter knows who the TPs in the team are.


2. Each TP creates a hash for each chunk, including the chunk number and the endpoint of the source and sends it to the splitter.


Strategy based on Trusted Peers.


How does it work?


STrPe

1. Only the splitter knows who the TPs in the team are.


2. Each TP creates a hash for each chunk, including the chunk number and the endpoint of the source and sends it to the splitter.


3. The Splitter checks whether the chunks have been altered.


Strategy based on Trusted Peers.


How does it work?


STrPe

1. Only the splitter knows who the TPs in the team are.


2. Each TP creates a hash for each chunk, including the chunk number and the endpoint of the source and sends it to the splitter.


3. The Splitter checks whether the chunks have been altered.


4. The splitter knows the peer in charge of relaying a given chunk.


Strategy based on Trusted Peers.


How does it work?


STrPe

1. Only the splitter knows who the TPs in the team are.


2. Each TP creates a hash for each chunk, including the chunk number and the endpoint of the source and sends it to the splitter.


3. The Splitter checks whether the chunks have been altered.


4. The splitter knows the peer in charge of relaying a given chunk.


5. The attacker is expelled from the team.


Strategy based on Trusted Peers.


Problems:


  • Peers don't know if they are being poisoned.


  • If an attacker knows who the trusted peers are the system is completely vulnerable to Selective Attacks.


Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Strategy based on Trusted Peers and Digital Signatures


It has been designed to mitigate the Selective attack and to identify poisoned chunks by using digital signatures. The behavior rules are:


STrPe-DS

Strategy based on Trusted Peers and Digital Signatures


It has been designed to mitigate the Selective attack and to identify poisoned chunks by using digital signatures. The behavior rules are:


STrPe-DS

1.When a peer joins the team receives the public key of the splitter.


Strategy based on Trusted Peers and Digital Signatures


It has been designed to mitigate the Selective attack and to identify poisoned chunks by using digital signatures. The behavior rules are:


STrPe-DS

1.When a peer joins the team they receive the public key of the splitter.


2.For each chunk, the splitter sends a message like this:
{chunk, nChunk, dst, S priv (H(chunk + nChunk + dst))}.


Strategy based on Trusted Peers and Digital Signatures


It has been designed to mitigate the Selective attack and to identify poisoned chunks by using digital signatures. The behavior rules are:


STrPe-DS

1.When a peer joins the team they receive the public key of the splitter.


2.For each chunk, the splitter sends a message like this:
{chunk, nChunk, dst, S priv (H(chunk + nChunk + dst))}.


3.The peers verify dst and check if the hash value is correct.


Strategy based on Trusted Peers and Digital Signatures


It has been designed to mitigate the Selective attack and to identify poisoned chunks by using digital signatures. The behavior rules are:


STrPe-DS

1.When a peer joins the team they receive the public key of the splitter.


2.For each chunk, the splitter sends a message like this:
{chunk, nChunk, dst, S priv (H(chunk + nChunk + dst))}.


3.The peers verify dst and check if the hash value is correct.


4.The splitter periodically requests the list of removed peers.


Strategy based on Trusted Peers and Digital Signatures


It has been designed to mitigate the Selective attack and to identify poisoned chunks by using digital signatures. The behavior rules are:


STrPe-DS

1.When a peer joins the team receives the public key of the splitter.


2.For each chunk, the splitter sends a message like this:
{chunk, nChunk, dst, S priv (H(chunk + nChunk + dst))}.


3.The peers verify dst and check the correctness of the hash value.


4.The splitter periodically requests the list of removed peers.


5.Peers removed by any TP are directly expelled by the splitter.


Strategy based on Trusted Peers and Digital Signatures


It has been designed to mitigate the Selective attack and to identify poisoned chunks by using digital signatures. The behavior rules are:


STrPe-DS

1.When a peer joins the team receives the public key of the splitter.


2.For each chunk, the splitter sends a message like this:
{chunk, nChunk, dst, S priv (H(chunk + nChunk + dst))}.


3.The peers verify dst and check the correctness of the hash value.


4.The splitter periodically requests the list of removed peers.


5.Peers removed by any TP are directly expelled by the splitter.


6.The splitter can decide to expel a peer based on the information received from well-intended peers or attackers.


Strategy based on Trusted Peers and Digital Signatures


Problem:



  • Making a decision in order to expel the attacker is not an easy task.


Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

How to make a decision about expelling peers from the team?



Attack 1

Selective Attack


Attack 2

Bad-mouth Attack



If three peers are complaining about one peer, it is difficult for the splitter to know whether there are three attackers trying to expel one well-intended peer or if it is actually one attacker poisoning three well-intended peers.

Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Non-repudiation methods


The goal is provide proof of the integrity and origin of data.


Non-repudiation

Non-repudiation methods


The goal is provide proof of the integrity and origin of data.


Non-repudiation

By using Trusted Third Parties (TTPs). [1]
It is not in consonance with the P2P philosophy.



Non-repudiation methods


The goal is provide proof of the integrity and origin of data.


Non-repudiation

By using Trusted Third Parties (TTPs). [1]
It is not in consonance with the P2P philosophy.



There are non-repudiation methods without TTPs but consider that both parties are interested in the content and the number of necessary messages is usually high. [2]
The attacker may be interested in poisoning the content but not in the content itself.



Non-repudiation methods


The goal is provide proof of the integrity and origin of data.


Non-repudiation

By using Trusted Third Parties (TTPs). [1]
It is not in consonance with the P2P philosophy.



There are solutions without TTPs but consider that both parties are interested in the content and the number of necessary messages is usually high. [2]
The attacker may be interested in poisoning the content but not in the content itself.






There is not currently a suitable non-repudiation system allowing to the splitter to decide who the attacker is.



Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Trust-based methods


Due to the absence of a suitable non-repudiation system, this is usually the most used solution. [3] [4] [5]


Non-repudiation

Trust-based methods


Due to the absence of a suitable non-repudiation system, this is usually the most used solution. [3] [4] [5]


Non-repudiation

Statistical models.



Trust-based methods


Due to the absence of a suitable non-repudiation system, this is usually the most used solution. [3] [4] [5]


Non-repudiation

Statistical models.



Bayesian networks.



Trust-based methods


Due to the absence of a suitable non-repudiation system, this is usually the most used solution. [3] [4] [5]


Non-repudiation

Statistical models.



Bayesian networks.



Machine learning.



Trust-based methods


Due to the absence of a suitable non-repudiation system, this is usually the most used solution. [3] [4] [5]


Non-repudiation

Statistical models.



Bayesian networks.



Machine learning.



...



Trust-based methods


Due to the absence of a suitable non-repudiation system, this is usually the most used solution. [3] [4] [5]


Non-repudiation

Statistical models.



Bayesian networks.



Machine learning.



...






Trust-based methods can produce false-positive or false-negative results.



Table of Contents


  • P2PSP
  • Pollution Attacks
  • Proposals
    • STrPe
    • STrPe-DS

  • Expelling Peers
    • Non-Repudiation Methods
    • Trust-Based Methods

  • Coming soon...

Coming soon...


What if a method exists which avoids false-positive and false-negative results?


Non-repudiation

Without TTP.



Fast convergence.



100% success.



We are working on it!.



Thanks!