Eclipse Attacks on Overlay Networks: Threats and Defenses

Citations Over TimeTop 1% of 2006 papers

Abstract

Overlay networks are widely used to deploy functionality at edge nodes without changing network routers. Each node in an overlay network maintains connections with a number of peers, forming a graph upon which a distributed application or service is implemented. In an “Eclipse” attack, a set of malicious, colluding overlay nodes arranges for a correct node to peer only with members of the coalition. If successful, the attacker can mediate most or all communication to and from the victim. Furthermore, by supplying biased neighbor information during normal overlay maintenance, a modest number of malicious nodes can eclipse a large number of correct victim nodes. This paper studies the impact of Eclipse attacks on structured overlays and shows the limitations of known defenses. We then present the design, implementation, and evaluation of a new defense, in which nodes anonymously audit each other’s connectivity. The key observation is that a node that mounts an Eclipse attack must have a higher than average node degree. We show that enforcing a node degree limit by auditing is an effective defense against Eclipse attacks. Furthermore, unlike most existing defenses, our defense leaves flexibility in the selection of neighboring nodes, thus permitting important overlay optimizations like proximity neighbor selection (PNS).

Related Papers

• → Build One, Get One Free: Leveraging the Coexistence of Multiple P2P Overlay Networks(2007)29 cited
• → Peer-to-peer community management using structured overlay networks(2008)8 cited
• → Overlay Networks with Linear Capacity Constraints(2005)7 cited
• → Simulating Trust Overlay in P2P Networks(2007)9 cited
• → TACON: tactical construction of overlay networks(2005)9 cited