Pollution in P2P Networks
Active In SP
Joined: Jul 2010
28-10-2010, 02:17 AM
Pollution Attack in P2P Networks
(Video Streaming and File Sharing Systems)
P2P live video streaming applications (such as CoolStreaming, PPLive, PPStream etc) and P2P file sharing systems (like BitTorrent, Napster etc) have become popular in the recent years. In this paper, we examine the pollution attack, for which the attacker mixes polluted chunks into the P2P distribution, degrading the quality of the rendered media at the receivers. In file sharing, the attacker corrupts the targeted content rendering the content unusable, and then makes this polluted content available for sharing from one or more peers. Polluted chunks received by an unsuspecting peer not only effect that single peer, but since the peer also forwards chunks to other peers, and those peers in turn forward chunks to more peers, the polluted content can potentially spread through much of the P2P network. The pollution attack can be devastating. We evaluate the applicability of four possible defenses to the pollution attack: blacklisting, traffic encryption, hash verification, and chunk signing. In the blacklisting approach, we attempt to determine - in a centralized or decentralized manner – the peers that originate and relay pollution. All such peers are placed into a blacklist. Peers neither send chunks to, nor receive chunks from the peers on this blacklist. To achieve traffic encryption, any pair of communicating peers needs to establish a shared key with each other. Public-key based key exchange protocols, such as Diffie-Hellman, can be used for this purpose. In the hash verification approach, each receiver gets the hash of each chunk form the source itself and this would allow each peer to verify the integrity of each chunk before forwarding it to other peers. Three techniques involving chunk signing evaluates their applicability for detecting pollution in P2P systems, based on computational, bandwidth, and delay overhead (128 bit MD5 hashing and 1024 bit RSA signing can be used for generating hashes and signatures). Among these, we conclude that the chunk signing solutions are most suitable, and are chosen according to the application used.
P2P live video streaming leverages the upload bandwidth capacity of peers for the distribution of video or audio content. Unlike traditional client-server based systems, peers forward content to other peers in the network. Various techniques have been used for implementing P2P live video streaming systems. The most popular P2P live video streaming applications today, such as PPLive and PPStream, use the mesh-pull streaming architecture . The idea is similar to that used in BitTorrent file sharing systems. Each video stream is divided, at the source of the video stream, into chunks. A peer makes partnerships with a subset of other peers in the network watching the same video stream. Each participating peer periodically sends to its neighbors “buffer maps”, which indicate which chunks it has available for sharing. In order to watch a particular stream, a peer actively requests chunks from its partners based on the buffer maps of the partners. Meanwhile, it also forwards requested chunks to its neighbors. The distributed P2P architecture of such systems makes them prone to various security threats. One potentially devastating threat is the stream pollution. In this attack, the attacker mixes into the stream bogus chunks, which degrade the quality of the rendered media at the receivers.
A similar type of attack has already been deployed in large-scale P2P file sharing systems. In file sharing, the attacker corrupts the targeted content (for example, with white noise or with warnings about copyright violations), rendering the content unusable, and then makes this polluted content available for sharing from one or more peers. Unable to distinguish polluted files from unpolluted files, unsuspecting users download the polluted files into their own file sharing folders, from which other users may then download the polluted files. In this manner, polluted files spread through the file sharing system.
In a P2P live video streaming system, a polluter can inject corrupted chunks in the following approach:
• An attacker can join an ongoing video channel and establish partnerships with other peers, which are watching the same channel.
• The attacker can then advertise to its partners that it has a large number of chunks for the ongoing video stream.
• When the neighbors request advertised chunks, the attacker sends bogus polluted chunks instead of legitimate chunks.
• Each receiver integrates into its playback stream the polluted chunks it receives from the attacker along with other chunks it receives from its other neighbors. The polluted chunks degrade the quality of the rendered video at the receiver.
Importantly, polluted chunks received by an unsuspecting peer not only effect that single peer, but since the peer also forwards chunks to other peers, and those peers in turn forward chunks to more peers, and so on, the polluted content can potentially spread through much of the P2P network. If the amount of polluted data is significant, users might eventually get frustrated and entirely stop using the system. Polluters are expected to have different motivations, depending on the video content. If a content source distributes non-authorized copyrighted content, the owner of the copyrighted content may hire a “pollution company” to pollute the ongoing video stream, similar to what has been observed in file sharing. If two channels are competing with each other, one channel may attempt to pollute the stream of the other channel. If an individual disagrees with a channel’s political message, that individual may be motivated to pollute the channel’s video stream. In addition, there can always be amateur hackers who attempt to disrupt channels just for fun. For P2P live video streaming, we anticipate a variety of motivations that go well beyond copyright issues.