The Frog-Boiling Attack: Limitations of Secure Network Coordinate Systems

Q Engineering

ACM Transactions on Information and System Security Pub Date : 2011-11-01 DOI:10.1145/2043621.2043627

Eric Chan-Tin, Victor Heorhiadi, Nicholas Hopper, Yongdae Kim

{"title":"The Frog-Boiling Attack: Limitations of Secure Network Coordinate Systems","authors":"Eric Chan-Tin, Victor Heorhiadi, Nicholas Hopper, Yongdae Kim","doi":"10.1145/2043621.2043627","DOIUrl":null,"url":null,"abstract":"A network coordinate system assigns Euclidean “virtual” coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Vuze BitTorrent client. Zage and Nita-Rotaru (at CCS 2007) and independently, Kaafar et al. (at SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. Kaafar et al. goes a step further and requires that a fraction of the network is trusted. More recently, Sherr et al. (at USENIX ATC 2009) proposed Veracity, a distributed reputation system to secure network coordinate systems. We describe a new attack on network coordinate systems, Frog-Boiling, that defeats all of these defenses. Thus, even a system with trusted entities is still vulnerable to attacks. Moreover, having witnesses vouch for your coordinates as in Veracity does not prevent our attack. Finally, we demonstrate empirically that the Frog-Boiling attack is more disruptive than the previously known attacks: systems that attempt to reject “bad” inputs by statistical means or reputation cannot be used to secure a network coordinate system.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"31 1","pages":"27:1-27:23"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2043621.2043627","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 29

Abstract

A network coordinate system assigns Euclidean “virtual” coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Vuze BitTorrent client. Zage and Nita-Rotaru (at CCS 2007) and independently, Kaafar et al. (at SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. Kaafar et al. goes a step further and requires that a fraction of the network is trusted. More recently, Sherr et al. (at USENIX ATC 2009) proposed Veracity, a distributed reputation system to secure network coordinate systems. We describe a new attack on network coordinate systems, Frog-Boiling, that defeats all of these defenses. Thus, even a system with trusted entities is still vulnerable to attacks. Moreover, having witnesses vouch for your coordinates as in Veracity does not prevent our attack. Finally, we demonstrate empirically that the Frog-Boiling attack is more disruptive than the previously known attacks: systems that attempt to reject “bad” inputs by statistical means or reputation cannot be used to secure a network coordinate system.

查看原文本刊更多论文

煮青蛙攻击:安全网络坐标系统的局限性

网络坐标系统为网络中的每个节点分配欧几里得“虚拟”坐标，以便轻松估计从未相互接触的节点对之间的网络延迟。这些系统已经在各种应用程序中实现，最著名的是流行的Vuze BitTorrent客户端。Zage和Nita-Rotaru(在2007年CCS会议上)以及Kaafar等人(在2007年SIGCOMM会议上)分别证明了几个被广泛引用的网络坐标系统容易受到简单攻击，并提出了使用离群值检测来过滤敌对输入来击败这些攻击的机制。Kaafar等人更进一步，要求网络的一部分是可信的。最近，Sherr等人(在USENIX ATC 2009上)提出了Veracity，这是一种分布式信誉系统，用于保护网络坐标系统。我们描述了一种新的攻击网络坐标系统，青蛙沸腾，击败了所有这些防御。因此，即使是具有可信实体的系统仍然容易受到攻击。而且，即使有目击者为你的坐标做担保也不能阻止我们的攻击。最后，我们从经验上证明了青蛙煮沸攻击比以前已知的攻击更具破坏性:试图通过统计手段或声誉拒绝“坏”输入的系统不能用于保护网络坐标系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Information and System Security 工程技术-计算机：信息系统

CiteScore

4.50

自引率

0.00%

发文量

审稿时长

3.3 months

期刊介绍： ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.