Defending Against Eclipse Attacks in Unstructured Overlays

Ido Gonen, M.Sc. Thesis Seminar
Wednesday, 6.8.2014, 11:00
Taub 601
Prof. Roy Friedman

Overlays play a central role in the scalability of many peer-to-peer (P2P) networks and large scale data-center systems. The eclipse attack has been identified as one of the major potential attacks against overlays. In eclipse attacks, an attacker that controls a portion of the nodes in the system eclipses a large fraction of the correct nodes. By eclipsing correct nodes, attackers isolate correct nodes from the rest of the system, and thereby can completely control what these nodes see and know about the network. Previous works on defending against eclipse attacks focused only on structured P2P overlays, where there are structural constraints on the identities of a node's neighbors. However, structured overlays tend to be much less robust and scalable than unstructured ones. In this work, we present a novel approach to defend against eclipse attacks in unstructured overlays, where there are no a-priori constraints on a node's neighbors other than its degree. Our defense bounds the degree of nodes in the overlay and uses a decentralized self-discovered monitoring service called BMON to enforce this bound. The work presents the defense protocol, including a detailed description of BMON and its analysis.

Back to the index of events