ABSTRACT
This paper describes and evaluates Fireflies, a scalable protocol for supporting intrusion-tolerant network overlays. While such a protocol cannot distinguish Byzantine nodes from correct nodes in general, Fireflies provides correct nodes with a reasonably current view of which nodes are live, as well as a pseudo-random mesh for communication. The amount of data sent by correct nodes grows linearly with the aggregate rate of failures and recoveries, even if provoked by Byzantine nodes. The set of correct nodes form a connected submesh; correct nodes cannot be eclipsed by Byzantine nodes. Fireflies is deployed and evaluated on PlanetLab.
- A. Adya, W. J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. R. Douceur, J. Howell, J. R. Lorch, M. Theimer, and R. P. Wattenhofer. FARSITE: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment. In Proc. of the 5th Symp. on Operating Systems Design and Implementation, Boston, MA, December 2002. USENIX. Google ScholarDigital Library
- T. Anker, G. V. Chockler, D. Dolev, and I. Keidar. Scalable group membership services for novel applications. In M. Mavronicolas, M. Merritt, and N. Shavit, editors, Proc. of the Workshop on Networks in Distributed Computing, pages 23--42. DIMACS, 1998.Google ScholarCross Ref
- G. Badishi, I. Keidar, and A. Sasson. Exposing and eliminating vulnerabilities to Denial of Service attacks in secure gossip-based multicast. In Proc. of the International Conference on Dependable Systems and Networks (DSN), pages 201--210, June - July 2004. Google ScholarDigital Library
- M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach. Secure routing for structured peer-to-peer overlay networks. In Proc. of the 5th Usenix Symposium on Operation System Design and Implementation (OSDI), Boston, MA, December 2002. Google ScholarDigital Library
- F. Chung and L. Lu. The diameter of random sparse graphs. Advances in Applied Math, 26(4):257--279, May 2001. Google ScholarDigital Library
- M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of Internet worms. In Proc. of the 20th ACM Symp. on Operating Systems Principles, Brighton, UK, October 2005. Google ScholarDigital Library
- A. Das, I. Gupta, and A. Motivala. SWIM: Scalable Weakly-consistent Infection-style process group Membership. In Proc. of the Int. Conf. on Dependable Systems and Networks DSN 02, pages 303--312, Washington, DC, June 2002. Google ScholarDigital Library
- A. Demers, D. Greene, C. Hauser, W. Irish, J. Larson, S. Shenker, H. Sturgis, D. Swinehart, and D. Terry. Epidemic algorithms for replicated database maintenance. In Proc. of the 6th ACM Symp. on Principles of Distributed Computing, pages 1--12, Vancouver, BC, August 1987. Google ScholarDigital Library
- J. Douceur. The Sybil attack. In Proc. of the 1st Int. Workshop on Peer-to-Peer Systems, Cambridge, MA, March 2002. Google ScholarDigital Library
- J. R. Douceur and J. Howell. Byzantine fault isolation in the Farsite distributed file system. In Proc. of the 5th Int. Workshop on Peer-To-Peer Systems, Santa Barbara, CA, February 2006.Google Scholar
- P. Erdös and A. Rényi. On the evolution of random graphs. Magyar Tud. Akad. Mat. Kutato Int. Közl, 5(17):17--61, 1960.Google Scholar
- M. J. Freedman, I. Stoica, D. Mazières, and S. Shenker. Group therapy for systems: Using link attestations to manage failures. In Proc. of the 5th Int. Workshop on Peer-To-Peer Systems, Santa Barbara, CA, February 2006.Google Scholar
- A. J. Ganesh, A.-M. Kermarrec, and L. Massoulié. SCAMP: Peer-to-peer lightweight membership service for large-scale group communication. In Proc. of the 3rd International Workshop on Networked Group Communication, London, UK, November 2001. Google ScholarDigital Library
- A. Gupta, B. Liskov, and R. Rodrigues. One hop lookups for peer-to-peer overlays. In Proc. of the 9th Workshop on Hot Topics in Operating Systems (HotOS-IX), pages 7--12, Lihue, HI, May 2003. Google ScholarDigital Library
- A. Gupta, B. Liskov, and R. Rodrigues. Efficient routing for peer-to-peer overlays. In Proc. of the 1st Symp. on Networked Systems Design and Implementation, San Francisco, CA, March 2004. Google ScholarDigital Library
- F. Harary. The maximum connectivity of a graph. In Proc. of the National Academy of Sciences, volume 48, pages 1142--1146, 1962.Google ScholarCross Ref
- A.-M. Kermarrec, L. Massoulié, and A. J. Ganesh. Probabilistic reliable dissemination in large-scale systems. IEEE Transactions on Parallel and Distributed Systems, 14(3), March 2003. Google ScholarDigital Library
- J. Kubiatowicz, D. Bindel, Y. Chen, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao. Oceanstore: An architecture for global-scale persistent storage. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, November 2000. Google ScholarDigital Library
- C. S. Lewis and L. Saia. Scalable byzantine agreement. Technical report, CS Dept., University of New Mexico, 2004.Google Scholar
- M.-J. Lin, K. Marzullo, and S. Masini. Gossip versus deterministically constrained flooding on small networks. In Proc. of the 14th Int. Conf. on Distributed Computing, volume 1914 of Lecture Notes in Computer Science, pages 253--267. Springer, 2000. Google ScholarDigital Library
- D. Malkhi, Y. Mansour, and M. K. Reiter. On diffusing updates in a Byzantine environment. In Symposium on Reliable Distributed Systems, pages 134--143, Lausanne, Switzerland, October 1999. Google ScholarDigital Library
- Y. Minsky, A. Trachtenberg, and R. Zippel. Set reconciliation with nearly optimal communication complexity. IEEE Transactions on Information Theory, 49(9):2212--2218, September 2003. Google ScholarDigital Library
- V. Pai, K. Kumar, K. Tamilmani, V. Sambamurthy, and A. E. Mohr. Chainsaw: Eliminating trees from overlay multicast. In Proc. of the 4th Int. Workshop on Peer-To-Peer Systems, Ithaca, NY, February 2005. Google ScholarDigital Library
- L. Peterson, S. Shenker, and J. Turner. Overcoming the Internet impasse through virtualization. In Third Workshop on Hot Topics in Networking (HotNets-III), San Diego, CA, November 2004.Google Scholar
- P. Pietzuch, J. Shneidman, J. Ledlie, M. Welsh, M. Seltzer, and M. Roussopoulos. Evaluating DHT-based service placement for stream-based overlays. In Proc. of the 4th Int. Workshop on Peer-To-Peer Systems, Ithaca, NY, February 2005. Google ScholarDigital Library
- K. Potter Kihlstrom, L. E. Moser, and P. M. Melliar-Smith. The SecureRing protocols for securing group communication. In Proc. of the the 31st Hawaii Int. Conf. on System Sciences, volume 3, pages 317--326, Kona, HI, January 1998. Google ScholarDigital Library
- M. K. Reiter. A secure group membership protocol. IEEE Transactions on Software Engineering, 22(1):31--42, January 1996. Google ScholarDigital Library
- R. Rodrigues and C. Blake. When multi-hop peer-to-peer routing matters. In Proc. of the 3rd Int. Workshop on Peer-to-Peer Systems, La Jolla, CA, February 2004. Google ScholarDigital Library
- A. Singh, M. Castro, P. Druschel, and A. Rowstron. Defending against Eclipse attacks on overlay networks. In Proc. of the 11th European SIGOPS Workshop, Leuven, Belgium, September 2004. ACM. Google ScholarDigital Library
- E. Sit and R. T. Morris. Security considerations for peer-to-peer distributed hash tables. In Proc. of the 1st Int. Workshop on Peer-To-Peer Systems, Cambridge, MA, March 2002. Google ScholarDigital Library
- R. van Renesse, Y. Minsky, and M. Hayden. A gossip-style failure detection service. In Proc. of Middleware. 98, pages 55--70, The Lake District, UK, September 1998. IFIP. Google ScholarDigital Library
- S. Voulgaris, D. Gavidia, and M. van Steen. CYCLON: Inexpensive membership management for unstructured P2P overlays. Journal of Network and Systems Management, 13(2), June 2005. Special issue on Self-Managing Systems and Networks.Google ScholarCross Ref
- L. Zhou and R. van Renesse. P6P: A peer-to-peer approach to Internet infrastructure. In Proc. of the 3rd Int. Workshop on Peer-To-Peer Systems, San Diego, CA, February 2004. Google ScholarDigital Library
Recommendations
Fireflies: scalable support for intrusion-tolerant network overlays
Proceedings of the 2006 EuroSys conferenceThis paper describes and evaluates Fireflies, a scalable protocol for supporting intrusion-tolerant network overlays. While such a protocol cannot distinguish Byzantine nodes from correct nodes in general, Fireflies provides correct nodes with a ...
Communicating via fireflies: geographic routing on duty-cycled sensors
IPSN '07: Proceedings of the 6th international conference on Information processing in sensor networksGeographic routing is a useful and scalable point-to-point communication primitive for wireless sensor networks. However, previous work on geographic routing makes the unrealistic assumption that all the nodes in the network are awake during routing. ...
Fireflies: A Secure and Scalable Membership and Gossip Service
An attacker who controls a computer in an overlay network can effectively control the entire overlay network if the mechanism managing membership information can successfully be targeted. This article describes Fireflies, an overlay network protocol ...
Comments