Peer-to-peer (P2P) systems and applications have caused a revolutionary paradigm shift in building large-scale distributed systems over the Internet. Our research focuses on one important category of P2P systems, so-called "cooperative" P2P systems, where peer nodes are close-knit, forming a "community of common interest" with shared goals and mutual benefits. Services that can be supported by cooperative P2P systems cover a wide variety of networked applications and distributed computing. Ensuring correct and efficient operation of a P2P system despite the existence of potentially untrustworthy nodes is of utmost importance. Several infrastructure-level, currently-deployed cooperative P2P systems are vulnerable to attacks by participating nodes that can impede the service provided by the system. Other proposed systems are vulnerable to misuse or abuse of the services by a few peers, resulting in overall loss of value to the system. Our research on P2P systems has been therefore concerned with the challenges and problems in building large-scale, robust cooperative P2P systems that are accountable and secure.
Attacking Kad Network This project investigates security of a popular loosely-coupled P2P network, called Kad network, which has over 1.5 million concurrent nodes. By exploiting critical implementation weaknesses, we developed an attack on Kad that prevents completion of a significant fraction of all Kad keyword searches with reasonable costs – a single node with a 100Mbps link could stop 65% of all Kad searches. To my knowledge, this is the first experimental (and surprisingly small) estimation of cost for denial-of-service attack on a live P2P network. Experimental results show that this attack is effective against eMule and aMule, the most popular Kad clients. Other consequences of these weaknesses include low-cost disruption of targeted keyword searches and the use of the Kad network to mount distributed denial of service attacks.
Myrmic: Secure and Robust DHT Routing A distributed hash table (DHT) attempts to build a persistent store from a network of (possibly unstable) peer nodes. There has been a great deal of work on making DHTs robust to environmental interference but no work on implementing secure DHTs. We developed Myrmic, a novel DHT routing protocol designed to be robust against adversarial interference. A key feature distinguishing Myrmic from other DHT implementations is a root verification protocol that allows anyone to verify that the node responding to a query for key k is indeed the “correct” holder of the key. Analytical results show that, even when a large fraction (say 50%) of nodes cooperate to adversarially interfere with query routing, Myrmic finds uncorrupted roots in expected logarithmic time. Myrmic has been implemented and evaluated through trial deployment over 120 nodes on PlanetLab.
Robust Accounting in Decentralized P2P Storage Systems A P2P storage system allows a network of peer computers to increase the availability of their data by replicating it on other peers in the network. In such networks, a central challenge is preventing freeloaders, or nodes that use disproportionately more storage than they contribute to the network. To address this problem, we designed a robust distributed system to account for storage activities of each peer. We proved that it is secure under a much stronger attack model than previous work, and evaluated the efficiency of a prototype implementation. We showed that all existing solutions are vulnerable to various attacks by either a single greedy peer or a small group of peers.
Combating Double-Spending Using Cooperative P2P Systems An electronic cash system allows users to withdraw coins, represented as bit strings, from a bank or broker, and spend those coins anonymously at participating merchants, so that the broker cannot link spent coins to the user who withdraws them. Since strings of bits are inherently copyable, they must contend with the problem of double-spending. Many e-cash schemes have been proposed, however they either require the presence of an on-line third party, tamper-proof hardware or client accounts at the bank, all of which may lead to undesirable consequences. In this work, we designed the first electronic cash scheme, which prevents double-spending using cooperative P2P systems. The scheme is easy to implement, computationally efficient, and provably secure. To demonstrate this, we developed a proof-of-concept implementation for Internet vendors.