针对P2P直播系统的Eclipse延迟攻击方法研究

删除或更新信息，请邮件至freekaoyan#163.com(#换成@)

清华大学辅仁网/2017-07-07

韩心慧, 李晨, 肖祥全, 刘丙双, 叶佳奕

北京大学计算机科学技术研究所, 北京 100871

Defense of P2P live video systems facing Eclipse-delay attack

HAN Xinhui, LI Chen, XIAO Xiangquan, LIU Bingshuang, YE Jiayi

Institute of Computer Science & Technology, Peking University, Beijing 100871, China

摘要:

输出: BibTeX | EndNote (RIS)

摘要P2P直播系统在当今互联网上的应用越来越广泛, 相对于P2P文件共享系统, 其对数据传输的实时性要求更高, 因此对该类系统实时性的破坏, 即延迟攻击, 产生的危害极大。通过分析相关理论模型, 该文指出P2P直播系统在实时性方面存在安全脆弱性, 基于Eclipse攻击提出了No-Offer、Delay-Chunk和No-Chunk延迟攻击方法, 并提出了基于信誉机制的路由表清洗防御策略。在PlanetLab平台上基于PeerStreamer实施了真实的互联网实验, 证明了Eclipse延迟攻击对当前系统的危害和该文防御策略的有效性。

关键词 ：Eclipse攻击,P2P,直播系统,延迟攻击

Abstract：P2P live video systems are widely used in today's Internet. Compared with eMule/BitTorrent and other traditional P2P file-sharing systems, a P2P live video system has higher requirements on real-time data, which becomes vulnerable weakness. Delay attack, with strong concealment, is potentially lethal for large P2P video broadcasting systems. Theoretical security threats of popular P2P live video systems were analyzed to propose three types of delay attack based on Eclipse attack, No-Offer attack, Delay-Chunk attack, and No-Chunk attack, with a high-availability defense strategy against delay attack being developed. Experiments were made on PlanetLab based on PeerStreamer, which proves the impact of delay attack and the effectiveness of the developed defense strategy.

Key words：Eclipse attack P2P live video system delay attack

收稿日期: 2014-10-28 出版日期: 2016-01-29

ZTFLH:

TP309

引用本文:

韩心慧, 李晨, 肖祥全, 刘丙双, 叶佳奕. 针对P2P直播系统的Eclipse延迟攻击方法研究[J]. 清华大学学报（自然科学版）, 2016, 56(1): 58-65.
HAN Xinhui, LI Chen, XIAO Xiangquan, LIU Bingshuang, YE Jiayi. Defense of P2P live video systems facing Eclipse-delay attack. Journal of Tsinghua University(Science and Technology), 2016, 56(1): 58-65.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.23.008或 http://jst.tsinghuajournals.com/CN/Y2016/V56/I1/58

图表:

图1　一个理想状况下的P2P直播系统

图2　邻居间数据交换过程示意图

图3　Eclipse攻击模型示意图

图4　普通和受害节点路由表中恶意节点数量变化情况

图5　No-Offer攻击中普通和受害节点播放率变化情况

图6　Delay-Chunk攻击中普通和受害节点播放率变化情况

图7　No-Chunk攻击对受害节点播放率影响情况

图8　部署防御策略后节点路由表中攻击节点数量对比

图9　部署防御策略后No-Offer攻击中节点播放率对比

图10　部署防御策略后Delay-Chunk攻击中节点播放率对比

图11　部署防御策略后No-Chunk攻击中节点播放率对比

参考文献:

[1] Deshpande H, Bawa M, Garcia-Molina H. Streaming live media over a peer-to-peer network [R]. 2001.
[2] Jannotti J, Gifford D K, Johnson K L, et al. Overcast: Reliable multicasting with on overlay network [C]//Proceedings of the 4th Conference on Symposium on Operating System Design & Implementation—Volume 4. Berkeley: USENIX Association, 2000: 14-14.
[3] Rejaie R, Ortega A. PALS: Peer-to-peer adaptive layered streaming [C]//Proceedings of the 13th International Workshop on Network and Operating Systems Support for Digital Audio and Video. New York: ACM, 2003: 153-161.
[4] Tran D A, Hua K A, Do T. Zigzag: An efficient peer-to-peer scheme for media streaming [C]//INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. Piscataway: IEEE Societies, 2003, 2: 1283-1292.
[5] Castro M, Druschel P, Kermarrec A M, et al. SplitStream: High-bandwidth multicast in cooperative environments [J]. ACM SIGOPS Operating Systems Review, 2003, 37(5): 298-313.
[6] Horvath A, Telek M, Rossi D, et al. Dissecting pplive, sopcast, tvants [J]. submitted to ACM Conext, 2008.
[7] Vu L, Gupta I, Liang J, et al. Mapping the PPLive network: Studying the impacts of media streaming on P2P overlays [Z]. 2006.
[8] Jia J, Li C, Chen C. Characterizing PPStream across internet [C]//Network and Parallel Computing Workshops, IFIP International Conference on. Piscataway: IEEE, 2007: 413-418.
[9] Su X, Chang L. A measurement study of PPStream [C]//Communications and Networking in China, Third International Conference on. Piscataway: IEEE, 2008: 1162-1166.
[10] Douceur J R. The sybil attack [M]//Peer-to-Peer Systems. Springer Berlin Heidelberg, 2002: 251-260.
[11] Singh A. Eclipse attacks on overlay networks: Threats and defenses [C]//IEEE INFOCOM. Piscataway: IEEE, 2006.
[12] 邹维, 张缘, 张建宇, 等. DHT 网络 eclipse 攻击 [J]. 清华大学学报: 自然科学版, 2011, 51(10): 1306-1311.ZOU Wei, ZHANG Yuan, ZHANG Jianyu, et al. Survey of eclipse attacks on DHT networks [J]. J Tsinghua Univ: Sci & Technol, 2011, 51(10): 1306-1311. (in Chinese)
[13] Liang J, Kumar R, Xi Y, et al. Pollution in P2P file sharing systems [C]//INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Piscataway: IEEE, 2005, 2: 1174-1185.
[14] Adar E, Huberman B A. Free riding on Gnutella[J/OL]. First Monday, 2000, 5(10): http://firstmonday.org/ojs/index.php/fm/article/view/792/701<%3B/Hu96.
[15] Feldman M, Papadimitriou C, Chuang J, et al. Free-riding and whitewashing in peer-to-peer systems [J]. Selected Areas in Communications, IEEE Journal on, 2006, 24(5): 1010-1019.
[16] Seedorf J. Security issues for p2p-based voice-and video-streaming applications [M]//iNetSec 2009–Open Research Problems in Network Security. Springer Berlin Heidelberg, 2009: 95-110.
[17] Dhungel P, Hei X, Ross K W, et al. The pollution attack in P2P live video streaming: Measurement results and defenses [C]//Proceedings of the 2007 Workshop on Peer-to-Peer Streaming and IP-TV. New York: ACM, 2007: 323-328.
[18] Meier R, Wattenhofer R. ALPS: Authenticating live peer-to-peer live streams [C]//Reliable Distributed Systems, IEEE Symposium on. Piscataway: IEEE, 2008: 45-52.
[19] Borges A, Almeida J, Campos S. Fighting pollution in p2p live streaming systems [C]//Multimedia and Expo, IEEE International Conference on. Piscataway: IEEE, 2008: 481-484.
[20] Yang S, Jin H, Li B, et al. The content pollution in peer-to-peer live streaming systems: Analysis and implications [C]//Parallel Processing, 37th International Conference on. Piscataway: IEEE, 2008: 652-659.
[21] Yang S, Jin H, Li B, et al. A modeling framework of content pollution in Peer-to-Peer video streaming systems [J]. Computer Networks, 2009, 53(15): 2703-2715.
[22] Li Y, Lui J. Stochastic analysis of a randomized detection algorithm for pollution attack in P2P live streaming systems [J]. Performance Evaluation, 2010, 67(11): 1273-1288.
[23] Li D, Wu J, Cui Y. Defending against buffer map cheating in DONet-like P2P streaming [J]. Multimedia, IEEE Transactions on, 2009, 11(3): 535-542.
[24] Gheorghe G, Cigno R L, Montresor A. Security and privacy issues in P2P streaming systems: A survey [J]. Peer-to-Peer Networking and Applications, 2011, 4(2): 75-91.
[25] Conrotto E, Leonardi E. NAPA-WINE Project[EB/OL]. (2014). http://www.napa-wine.eu.
[26] Kamvar S D, Schlosser M T, Garcia-Molina H. The eigentrust algorithm for reputation management in p2p networks [C]//Proceedings of the 12th International Conference on World Wide Web. New York: ACM, 2003: 640-651.
[27] Xiong L, Liu L. Peertrust: Supporting reputation-based trust for peer-to-peer electronic communities [J]. Knowledge and Data Engineering, IEEE Transactions on, 2004, 16(7): 843-857.
[28] Damiani E, di Vimercati D C, Paraboschi S, et al. A reputation-based approach for choosing reliable resources in peer-to-peer networks [C]//Proceedings of the 9th ACM Conference on Computer and Communications Security. New York: ACM, 2002: 207-216. null

[1]	韩心慧, 肖祥全, 张建宇, 刘丙双, 张缘. 基于社交关系的DHT网络Sybil攻击防御[J]. 清华大学学报（自然科学版）, 2014, 54(1): 1-7.