hide
Free keywords:
-
Abstract:
Overlay networks are widely used to deploy functionality at edge nodes without
changing network routers. Each node in an overlay network maintains connections
with a number of peers, forming a graph upon which a distributed application or
service is implemented. In an “Eclipse” attack, a set of malicious, colluding
overlay nodes arranges for a correct node to peer
only with members of the coalition. If successful, the attacker
can mediate most or all communication to and from the victim.
Furthermore, by supplying biased neighbor information during
normal overlay maintenance, a modest number of malicious
nodes can eclipse a large number of correct victim nodes.
This paper studies the impact of Eclipse attacks on structured
overlays and shows the limitations of known defenses. We
then present the design, implementation, and evaluation of a
new defense, in which nodes anonymously audit each other’s
connectivity. The key observation is that a node that mounts an
Eclipse attack must have a higher than average node degree.
We show that enforcing a node degree limit by auditing is an
effective defense against Eclipse attacks. Furthermore, unlike
most existing defenses, our defense leaves flexibility in the
selection of neighboring nodes, thus permitting important overlay
optimizations like proximity neighbor selection (PNS).