research-article

Robust Decentralized Virtual Coordinate Systems in Adversarial Environments

Authors:

Cristina Nita-RotaruAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 13, Issue 4

Article No.: 38, Pages 1 - 34

https://doi.org/10.1145/1880022.1880032

Published: 01 December 2010 Publication History

Abstract

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all of the nodes in the network. Many of the proposed systems were designed with the assumption that all of the nodes are altruistic. However, this assumption may be violated by compromised nodes acting maliciously to degrade the accuracy of the coordinate system. As numerous peer-to-peer applications come to rely on virtual coordinate systems to achieve good performance, it is critical to address the security of such systems.

In this work, we demonstrate the vulnerability of decentralized virtual coordinate systems to insider (or Byzantine) attacks. We propose techniques to make the coordinate assignment robust to malicious attackers without increasing the communication cost. We use both spatial and temporal correlations to perform context-sensitive outlier analysis to reject malicious updates and prevent unnecessary and erroneous adaptations. We demonstrate the attacks and mitigation techniques in the context of a well-known virtual coordinate system using simulations based on three representative, real-life Internet topologies of hosts and corresponding Round Trip Times (RTT). We show the effects of the attacks and the utility of the mitigation techniques on the virtual coordinate system as seen by higher-level applications, elucidating the utility of deploying robust virtual coordinate systems as network services.

References

[1]

Anjum, F., Pandey, S., and Agrawal, P. 2005. Secure localization in sensor networks using transmission range variation. In Proceedings of the IEEE Conference on Mobile, Ad Hoc and Sensor Systems (MASS’05).

[2]

Awerbuch, B., Curtmola, R., Holmer, D., Rubens, H., and Nita-Rotaru, C. 2005. On the survivability of routing protocols in ad hoc wireless networks. In Proceedings of the International ICST Conference on Security and Privacy in Communication Networks (SecureComm’05).

Digital Library

[3]

Barnett, V. and Lewis, T. 1994. Outliers in Statistical Data. John Wiley & Sons New York.

[4]

Barreno, M., Nelson, B., Sears, R., Joseph, A. D., and Tygar, J. D. 2006. Can machine learning be secure? In Proceedings of the ASIACCS Conference.

Digital Library

[5]

Birant, D. and Kut, A. 2006. Spatio-Temporal outlier detection in large databases. In Proceedings of the International Conference on Information Technology Interfaces (ITI’06).

[6]

Capkun, S. and Hubaux, J.-P. 2005. Secure positioning of wireless devices with application to sensor networks. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom’05).

[7]

Castro, M., Druschel, P., Ganesh, A., Rowstron, A., and Wallach, D. S. 2002. Secure routing for structured peer-to-peer overlay networks. In Proceedings of the ACM USENIX Symposium on Operating Systems Design and Implementation (OSDI’02).

Digital Library

[8]

Chan-Tin, E., Feldman, D., Hopper, N., and Kim, Y. 2009. The frog-boiling attack: Limitations of anomaly detection for secure network coordinate systems. In Proceedings of the International ICST Conference on Security and Privacy in Communication Networks (SecureComm’09).

[9]

Chen, H., Lou, W., Ma, J., and Wang, Z. 2008. Tscd: A novel secure localization approach for wireless sensor networks. In Proceedings of the International Conference on Sensor Technologies and Applications (SensorComm’08).

Digital Library

[10]

Chu, Y., Rao, S. G., and Zhang, H. 2000. A case for end system multicast (keynote address). In Proceedings of the ACM SIGMETRICS Joint International Conference on Measurement and Modeling of Computer Systems.

Digital Library

[11]

Costa, M., Castro, M., Rowstron, R., and Key, P. 2004. PIC: Practical Internet coordinates for distance estimation. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS’04).

Digital Library

[12]

Cspace. http://cspace.in/.

[13]

Dabek, F., Cox, R., Kaashoek, F., and Morris, R. 2004a. Vivaldi: A decentralized network coordinate system. In Proceedings of the ACM SIGCOMM.

Digital Library

[14]

Dabek, F., Li, J., Sit, E., Robertson, J., Kaashoek, M. F., and Morris, R. 2004b. Designing a dht for low latency and high throughput. In Proceedings of the ACM USENIX Symposium on Networked Systems Design and Implementation (NSDI’04).

Digital Library

[15]

Denning, D. E. 1987. An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222--232.

Digital Library

[16]

Dolev, D. and Yao, A. C. 1981. On the security of public key protocols. In Proceedings of the Annual Symposium on Foundations of Computer Science (SFCS’81).

Digital Library

[17]

Du, W., Fang, L., and Ning, P. 2006. Lad: Localization anomaly detection for wireless sensor networks. J. Parall. Distrib. Comput. 66, 874--886.

Digital Library

[18]

Ferdousi, Z. and Maeda, A. 2006. Unsupervised outlier detection in time series data. In Proceedings of the IEEE International Conference on Data Engineering Workshop (ICDEW’06).

Digital Library

[19]

Francis, P., Jamin, S., Jin, C., Jin, Y., Raz, D., Shavitt, Y., and Zhang, L. 2001. IDMaps: A global internet host distance estimation service. IEEE/ACM Trans. Netw. 9, 525.

Digital Library

[20]

Freedman, M. J., Freudenthal, E., and Mazieres, D. 2004. Democratizing content publication with coral. In Proceedings of the ACM USENIX Symposium on Networked Systems Design and Implementation (NSDI’04).

Digital Library

[21]

Gummadi, K., Gummadi, R., Gribble, S., Ratnasamy, S., Shenker, S., and Stoica, I. 2003. The impact of DHT routing geometry on resilience and proximity. In Proceedings of ACM SIGCOMM.

Digital Library

[22]

Gummadi, K. P., Saroiu, S., and Gribble, S. D. 2002. King: Estimating latency between arbitrary internet end hosts. In Proceedings of the SIGCOMM Internet Measurement Workshop (IMW’02).

Digital Library

[23]

Hu, X. and Mao, Z. M. 2007. Accurate real-time identification of ip prefix hijacking. In Proceedings of the IEEE Symposium on Security and Privacy (S&P’’07).

Digital Library

[24]

Hu, Y.-C., Perrig, A., and Johnson, D. B. 2005. Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw. 11, 21--38.

Digital Library

[25]

Hu, Y.-C., Perrig, A., and Sirbu, M. 2004. Spv: secure path vector routing for securing bgp. SIGCOMM Comput. Comm. Rev. 34, 179--192.

Digital Library

[26]

Huang, Y. and Lee, W. 2004. Attack analysis and detection for ad hoc routing protocols. Lecture Notes in Computer Science. vol. 3224, Springer, 125--145.

[27]

Jiang, G. and Cybenko, G. 2004. Temporal and spatial distributed event correlation for network security. In Proceedings of the American Control Conference (ACC’04).

[28]

Kaafar, M. A., Mathy, L., Salamatian, C. B. K., Turletti, T., and Dabbous, W. 2007. Securing internet coordinate embedding systems. In Proceedings of ACM SIGCOMM.

Digital Library

[29]

Kaafar, M. A., Mathy, L., Turletti, T., and Dabbous, W. 2006a. Real attacks on virtual networks: Vivaldi out of tune. In Proceedings of the ACM SIGCOMM Workshop on Large Scale Attack Defenses (LSAD’06).

Digital Library

[30]

Kaafar, M. A., Mathy, L., Turletti, T., and Dabbous, W. 2006b. Virtual networks under attack: Disrupting internet coordinate systems. In Proceedings of the Conference on Emerging Network Experiment and Technology (CoNext’06).

Digital Library

[31]

Knorr, E. M. and Ng, R. T. 1998. Algorithms for mining distance-based outliers in large datasets. In Proceedings of the International Conference on Very Large Databases (VLDB’98).

Digital Library

[32]

Knuth, D. E. 1978. The Art of Computer Programming 2nd Ed. Addison-Wesley.

Digital Library

[33]

Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. 2006. A prefix hijack alert system. In Proceedings of the USENIX Security Conference.

Digital Library

[34]

Lazos, L. and Poovendran, R. 2005. Serloc: Robust localization for wireless sensor networks. ACM Trans. Sen. Netw. 1, 73--100.

Digital Library

[35]

Lazos, L. and Poovendran, R. 2006. Hirloc: High-Resolution robust localization for wireless sensor networks. IEEE J. Select. Areas Comm. 24, 233--246.

Digital Library

[36]

Lazos, L., Poovendran, R., and Čapkun, S. 2005. Rope: Robust position estimation in wireless sensor networks. In Proceedings of the International Conference on Information Processing in Sensor Networks (IPSN’05).

Digital Library

[37]

Ledlie, J., Gardner, P., and Seltzer, M. 2007a. Network coordinates in the wild. In Proceedings of the ACM USENIX Symposium on Networked Systems Design and Implementation (NSDI’07).

Digital Library

[38]

Ledlie, J., Pietzuch, P., Mitzenmacher, M., and Seltzer, M. 2007b. Wired geometric routing. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS’07).

[39]

Lehman, L. and Lerman, S. 2004. Pcoord: Network position estimation using peer-to-peer measurements. In Proceedings of the IEEE International Symposium on Network Computing and Applications (NCA’04).

Digital Library

[40]

Lehman, L. and Lerman, S. 2006. A decentralized network coordinate system for robust internet distance. In Proceedings of the International Conference on Information Technology: New Generations (ITNG’06).

Digital Library

[41]

Li, Z., Trappe, W., Zhang, Y., and Nath, B. 2005. Robust statistical methods for securing wireless localization in sensor networks. In Proceedings of the International Conference on Information Processing in Sensor Networks (IPSN’05).

Digital Library

[42]

Lim, H., Hou, J., and Choi, C. 2003. Constructing internet coordinate system based on delay measurement. In Proceedings of the Internet Measurement Conference (IMC’03).

Digital Library

[43]

Lu, C., Chen, D., and Kou, Y. 2004. Multivariate spatial outlier detection. Int. J. Artif. Intell. Tools 13, 801--812.

[44]

Lua, E., Griffin, T., Pias, M., Zheng, H., and Crowcroft, J. 2005. On the accuracy of embeddings for internet coordinate systems. In Proceedings of the Internet Measurement Conference (IMC’05).

Digital Library

[45]

Lumezanu, C. and Spring, N. 2006. Playing Vivaldi in hyperbolic space. In Proceedings of the Internet Measurement Conference (IMC’06).

[46]

Marti, S., Giuli, T. J., Lai, K., and Baker, M. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom’00).

Digital Library

[47]

Mathews, M., Song, M., Shetty, S., and McKenzie, R. 2007. Detecting compromised nodes in wireless sensor networks. In Proceedings of the ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing (SNPD’07).

Digital Library

[48]

Maymounkov, P. and Mazieres, D. 2002. A peer-to-peer information system based on the XOR metric. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS’02).

Digital Library

[49]

Narayanan, S. and Shim, E. 2007. Performance improvement of a distributed internet coordi- nates system. In Proceedings of the Consumer Communications and Networking Conference (CCNC’07).

[50]

Ng, E. and Zhang, H. 2002. Predicting internet network distance with coordinates-based ap- proaches. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom’02).

[51]

Ng, T. and Zhang, H. 2004. A network positioning system for the internet. In Proceedings of the USENIX Conference.

Digital Library

[52]

Nlanr active measurement project. 2010. Nlanr active measurement project homepage. http://amp.nlanr.net/.

[53]

Oorschot, P. V., Wan, T., and Kranakis, E. 2007. On interdomain routing security and pretty secure bgp (psbgp). ACM Trans. Inf. Syst. Secur. 10, 11.

Digital Library

[54]

p2psim. 2010. P2psim: A simulator for peer-to-peer protocols. http://pdos.csail.mit.edu/p2psim/.

[55]

Papadimitratos, P. and Haas, Z. J. 2003. Secure data transmission in mobile ad hoc networks. In Proceedings of the International Conference on Web Information Systems Engineering (WISE’03).

[56]

Patwardhan, A., Parker, J., Joshi, A., Iorga, M., Karygiannis, T., and UMBC, B. 2005. Secure routing and intrusion detection in ad hoc networks. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’05).

Digital Library

[57]

Pias, M., Crowcroft, J., Wilbur, S., Bhatti, S., and Harris, T. 2003. Lighthouses for scalable distributed location. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS’03).

[58]

Pietzuch, P., Ledlie, J., Mitzenmacher, M., and Seltzer, M. 2006. Network-Aware overlays with network coordinates. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS’06).

Digital Library

[59]

Rao, A., Ratnasamy, S., Papadimitriou, C., Shenker, S., and Stoica, I. 2003. Geographic routing without location information. In Proceedings of the ACM Annual International Conference on Mobile Computing and Networking (MobiCom’03).

Digital Library

[60]

Ribeiro, M. I. 2004. Gaussian probability density functions: Properties and error characterization. Tech. rep. 1049-001, Instituto Superior Tcnico, Lisboa, Portugal.

[61]

Rowstron, A. and Druschel, P. 2001. Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems. Lecture Notes in Computer Science, vol. 2218, Springer, 329--350.

Digital Library

[62]

Sargor, C. 1998. Sargor, C. 1998. Statistical anomaly detection for link-state routing protocols. In Proceedings of the Annual International Conference on Network Protocols (ICNP’98).

Digital Library

[63]

Saucez, D., Donnet, B., and Bonaventure, O. 2007. A reputation-based approach for securing vivaldi embedding system. Lecture Notes in Computer Science, vol. 4606, Springer, 78.

Digital Library

[64]

Shavitt, Y. and Tankel, T. 2004. Big-Bang simulation for embedding network distances in euclidean space. IEEE/ACM Trans. Netw. 12, 993--1006.

Digital Library

[65]

Sherr, M., Loo, B., and Blaze, M. 2008. A fully decentralized service for securing network coordinate systems. In Proceedings of the International Workshop on Peer-to-Peer systems (IPTPS’08).

Digital Library

[66]

Smith, R. C. and Cheeseman, P. 1986. On the representation and estimation of spatial uncertainty. Int. J. Robot. Res. 5, 56--68.

Digital Library

[67]

Srinivasan, A., Teitelbaum, J., and Wu, J. 2006. Drbts: Distributed reputation-based beacon trust system. In Proceedings of the AIAA/IEEE/SAE Digital Avionics Systems Conference (DASC’06).

Digital Library

[68]

Stoica, I., Morris, R., Liben-Nowell, D., Karger, D., Kaashoek, M. F., Dabek, F., and Balakrishnan, H. 2003. Chord: A scalable peer-to-peer lookup service for internet applications. IEEE/ACM Trans. Netw. 11, 17--32.

Digital Library

[69]

Tan, P.-N., Steinbach, M., and Kumar, V. 2006. Introduction to Data Mining. Addison Wesley.

Digital Library

[70]

Tang, L. and Crovella, M. 2003. Virtual landmarks for the internet. In Proceedings of ACM SIGCOMM.

Digital Library

[71]

Walters, A., Zage, D., and Nita-Rotaru, C. 2006. Mitigating attacks against measurement- based adaptation mechanisms in unstructured multicast overlay networks. In Proceedings of the Annual International Conference on Network Protocols (ICNP’06).

Digital Library

[72]

Walters, A., Zage, D., and Nita-Rotaru, C. 2008. A framework for securing measurement- based adaptation mechanisms in unstructured multicast overlay networks. IEEE/ACM Trans. Netw. 16, 1434--1446.

Digital Library

[73]

Wang, K. and Stolfo, S. J. 2004. Anomalous payload-based network intrusion detection. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID’04).

[74]

White, R. 2003. Securing BGP through secure origin BGP (soBGP). Bus. Comm. Rev. 33, 47--53.

Digital Library

[75]

Wong, B., Slivkins, A., and Sirer, E. 2005. Meridian: A lightweight network location service without virtual coordinates. In Proceedings of ACM SIGCOMM.

Digital Library

[76]

Zhang, R., Hu, C., Lin, X., and Fahmy, S. 2006a. A hierarchical approach to internet distance prediction. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS’06).

Digital Library

[77]

Zhang, R., Tang, C., Hu, Y., Fahmy, S., and Lin, X. 2006b. Impact of the inaccuracy of distance prediction algorithms on internet applications - An analytical and comparative study. In Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (InfoCom’06).

[78]

Zhao, B. Y., Huang, L., Stribling, J., Rhea, S. C., Joseph, A. D., and Kubiatowicz, J. 2004. Tapestry: A resilient global-scale overlay for service deployment. IEEE J. Select. Areas Comm. 22, 41--53.

Digital Library

[79]

Zheng, C., Ji, L., Pei, D., Wang, J., and Francis, P. 2007. A light-weight distributed scheme for detecting ip prefix hijacks in real-time. SIGCOMM Comput. Comm. Rev. 37, 277--288.

Digital Library

[80]

Zheng, H., Lua, E., Pias, M., and Griffin, T. 2005. Internet routing policies and round-trip- times. In Proceedings of the IEEE Passive and Active Measurement Conference (PAM’05).

Digital Library

Cited By

Pendharkar GJayasumana A(2018)Virtual Coordinate Systems and Coordinate-Based Operations for IoTPerformability in Internet of Things10.1007/978-3-319-93557-7_10(159-207)Online publication date: 23-Aug-2018
https://doi.org/10.1007/978-3-319-93557-7_10
Zage DKillian CNita-Rotaru C(2011)Removing the blinders: Using information to mitigate adversaries in adaptive overlays2011 5th International Conference on Network and System Security10.1109/ICNSS.2011.6059969(129-136)Online publication date: Sep-2011
https://doi.org/10.1109/ICNSS.2011.6059969

Index Terms

Robust Decentralized Virtual Coordinate Systems in Adversarial Environments
1. Networks
  1. Network properties
    1. Network structure
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Organizing principles for web applications

Recommendations

On the accuracy of decentralized virtual coordinate systems in adversarial networks
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all nodes in the network. Many of the proposed virtual coordinate systems were ...
An attack scenario and mitigation mechanism for enterprise BYOD environments

The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD)...
ReDS: A Framework for Reputation-Enhanced DHTs

Distributed hash tables (DHTs), such as Chord and Kademlia, offer an efficient means to locate resources in peer-to-peer networks. Unfortunately, malicious nodes on a lookup path can easily subvert such queries. Several systems, including Halo (based on ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 13, Issue 4

December 2010

412 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1880022

Issue’s Table of Contents

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2010

Accepted: 01 January 2010

Revised: 01 December 2009

Received: 01 December 2008

Published in TISSEC Volume 13, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
377
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pendharkar GJayasumana A(2018)Virtual Coordinate Systems and Coordinate-Based Operations for IoTPerformability in Internet of Things10.1007/978-3-319-93557-7_10(159-207)Online publication date: 23-Aug-2018
https://doi.org/10.1007/978-3-319-93557-7_10
Zage DKillian CNita-Rotaru C(2011)Removing the blinders: Using information to mitigate adversaries in adaptive overlays2011 5th International Conference on Network and System Security10.1109/ICNSS.2011.6059969(129-136)Online publication date: Sep-2011
https://doi.org/10.1109/ICNSS.2011.6059969

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents