Efficient in-network content distribution : wireless resource sharing, network planning, and security / Distribution efficace des contenus dans les réseaux : partage de ressources sans fil, planification et sécurité

Mangili, Michele

15 December 2015

Au cours de ces dernières années, la quantité de trafic que les utilisateurs Internet produisent sur une base quotidienne a augmenté de façon exponentielle, principalement en raison du succès des services de streaming vidéo, tels que Netflix et YouTube. Alors que les réseaux de diffusion de contenu (Content-Delivery Networks, CDN) sont la technique standard utilisée actuellement pour servir les demandes des utilisateurs, la communauté scientifique a formulé des propositions connues sous le nom de Content-Centric Networks (CCN) pour changer la pile de protocoles réseau afin de transformer Internet en une infrastructure de distribution de contenu. Dans ce contexte, cette thèse de doctorat étudie des techniques efficaces pour la distribution de contenu numérique en tenant compte de trois problèmes complémentaires : 1) Nous considérons le scénario d’un réseau hétérogène sans fil, et nous formulons un mécanisme pour motiver les propriétaires des points d’accès à partager leur capacité WiFi et stockage cache inutilisés, en échange d’une contribution économique.2) Nous étudions le problème centralisé de planification du réseau en présence de caches distribuées et (I) nous analysons la migration optimale du réseau à CCN; (II) nous comparons les bornes de performance d’un réseau CDN avec ceux d’un CCN, et (III) nous considérons un réseau CDN virtualisé et étudions le problème stochastique de planification d’une telle infrastructure.3) Nous considérons les implications de sécurité sur le contrôle d’accès et la traçabilité, et nous formulons ConfTrack-CCN, une extension deCCN utilisée pour garantir la confidentialité, traçabilité et l’évolution de la politique d’accès, en présence de caches distribuées. / In recent years, the amount of traffic requests that Internet users generate on a daily basis has increased exponentially, mostly due to the worldwide success of video streaming services, such as Netflix and YouTube. While Content-Delivery Networks (CDNs) are the de-facto standard used nowadays to serve the ever increasing users’ demands, the scientific community has formulated proposals known under the name of Content-Centric Networks (CCN) to change the network protocol stack in order to turn the network into a content distribution infrastructure. In this context this Ph.D. thesis studies efficient techniques to foster content distribution taking into account three complementary problems:1) We consider the scenario of a wireless heterogeneous network, and we formulate a novel mechanism to motivate wireless access point owners to lease their unexploited bandwidth and cache storage, in exchange for an economic incentive.2) We study the centralized network planning problem and (I) we analyze the migration to CCN; (II) we compare the performance bounds for a CDN with those of a CCN, and (III) we take into account a virtualized CDN and study the stochastic planning problem for one such architecture.3) We investigate the security properties on access control and trackability and formulate ConfTrack-CCN: a CCN extension to enforce confidentiality, trackability and access policy evolution in the presence of distributed caches.

Réseaux sans fil

Distribution de contenu

Planification du réseau

Optimisation

Sécurité

Wireless networks

Content distribution

Network planning

Optimization

Security

Enabling Internet-Scale Publish/Subscribe In Overlay Networks

Rahimian, Fatemeh

January 2011

As the amount of data in todays Internet is growing larger, users are exposedto too much information, which becomes increasingly more difficult tocomprehend. Publish/subscribe systems leverage this problem by providingloosely-coupled communications between producers and consumers of data ina network. Data consumers, i.e., subscribers, are provided with a subscriptionmechanism, to express their interests in a subset of data, in order to be notifiedonly when some data that matches their subscription is generated by theproducers, i.e., publishers. Most publish/subscribe systems today, are basedon the client/server architectural model. However, to provide the publish/-subscribe service in large scale, companies either have to invest huge amountof money for over-provisioning the resources, or are prone to frequent servicefailures. Peer-to-peer overlay networks are attractive alternative solutions forbuilding Internet-scale publish/subscribe systems. However, scalability comeswith a cost: a published message often needs to traverse a large number ofuninterested (unsubscribed) nodes before reaching all its subscribers. Werefer to this undesirable traffic, as relay overhead. Without careful considerations,the relay overhead might sharply increase resource consumption for therelay nodes (in terms of bandwidth transmission cost, CPU, etc) and couldultimately lead to rapid deterioration of the system’s performance once therelay nodes start dropping the messages or choose to permanently abandonthe system. To mitigate this problem, some solutions use unbounded numberof connections per node, while some other limit the expressiveness of thesubscription scheme. In this thesis work, we introduce two systems called Vitis and Vinifera, fortopic-based and content-based publish/subscribe models, respectively. Boththese systems are gossip-based and significantly decrease the relay overhead.We utilize novel techniques to cluster together nodes that exhibit similarsubscriptions. In the topic-based model, distinct clusters for each topic areconstructed, while clusters in the content-based model are fuzzy and do nothave explicit boundaries. We augment these clustered overlays by links thatfacilitate routing in the network. We construct a hybrid system by injectingstructure into an otherwise unstructured network. The resulting structuresresemble navigable small-world networks, which spans along clusters of nodesthat have similar subscriptions. The properties of such overlays make theman ideal platform for efficient data dissemination in large-scale systems. Thesystems requires only a bounded node degree and as we show, through simulations,they scale well with the number of nodes and subscriptions and remainefficient under highly complex subscription patterns, high publication rates,and even in the presence of failures in the network. We also compare bothsystems against some state-of-the-art publish/subscribe systems. Our measurementsshow that both Vitis and Vinifera significantly outperform theircounterparts on various subscription and churn scenarios, under both syntheticworkloads and real-world traces. / QC 20111114

Publish/Subscribe

Content Distribution

Peer-To-Peer Overlay Network

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

Computer and Information Sciences

Data- och informationsvetenskap

Systematic Evaluations Of Security Mechanism Deployments

Sze Yiu Chau (7038539)

13 August 2019

<div>In a potentially hostile networked environment, a large diversity of security mechanisms with varying degree of sophistication are being deployed to protect valuable computer systems and digital assets. </div><div><br></div><div>While many competing implementations of similar security mechanisms are available in the current software development landscape, the robustness and reliability of such implementations are often overlooked, resulting in exploitable flaws in system deployments. In this dissertation, we systematically evaluate implementations of security mechanisms that are deployed in the wild. First, we examine how content distribution applications on the Android platform control access to their multimedia contents. With respect to a well-defined hierarchy of adversarial capabilities and attack surfaces, we find that many content distribution applications, including that of some world-renowned publications and streaming services, are vulnerable to content extraction due to the use of unjustified assumptions in their security mechanism designs and implementations. Second, we investigate the validation logic of X.509 certificate chains as implemented in various open-source TLS libraries. X.509 certificates are widely used in TLS as a means to achieve authentication. A validation logic that is overly restrictive could lead to the loss of legitimate services, while an overly permissive implementation could open door to impersonation attacks. Instead of manual analysis and unguided fuzzing, we propose a principled approach that leverages symbolic execution to achieve better coverage and uncover logical flaws that are buried deep in the code. We find that many TLS libraries deviate from the specification. Finally, we study the verification of RSA signatures, as specified in the PKCS#1 v1.5 standard, which is widely used in many security-critical network protocols. We propose an approach to automatically generate meaningful concolic test cases for this particular problem, and design and implement a provenance tracking mechanism to assist root-cause analysis in general. Our investigation revealed that several crypto and IPSec implementations are susceptible to new variants of the Bleichenbacher low-exponent signature forgery.</div>

Software Engineering

Computer Software

Computer System Security

Network security

symbolic execution

Digital signature

Public Key Infrastructure

Cryptographic protocols

Digital rights management

Content distribution

Disponibilidade de conteúdo em sistemas CDN assistidos por redes P2P

Oliveira, Jhonathan Araújo

24 September 2013

Submitted by Geyciane Santos (geyciane_thamires@hotmail.com) on 2015-06-18T14:20:29Z No. of bitstreams: 1 Dissertação- Jhonathan Araújo Oliveira.pdf: 17407325 bytes, checksum: 9ed1cb282822c8dd666684f5cc5e0219 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-06-19T21:10:55Z (GMT) No. of bitstreams: 1 Dissertação- Jhonathan Araújo Oliveira.pdf: 17407325 bytes, checksum: 9ed1cb282822c8dd666684f5cc5e0219 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-06-19T21:12:04Z (GMT) No. of bitstreams: 1 Dissertação- Jhonathan Araújo Oliveira.pdf: 17407325 bytes, checksum: 9ed1cb282822c8dd666684f5cc5e0219 (MD5) / Made available in DSpace on 2015-06-19T21:12:04Z (GMT). No. of bitstreams: 1 Dissertação- Jhonathan Araújo Oliveira.pdf: 17407325 bytes, checksum: 9ed1cb282822c8dd666684f5cc5e0219 (MD5) Previous issue date: 2013-09-24 / Scalability and high demand for resources are the main challenges that content providers face in multimedia applications based on networks. For instance, YouTube is one of the most popular delivery systems video on demand, the users send 100 hours of video every minute to its servers and more than four billion hours of video are watched every month. The CDN-P2P systems is widely recognized as a scalable alternative for multimedia content delivery in the Internet. In these systems, the peers from a peerto- peer network (P2P) share their resources thus reducing the demands on the network infrastructure for content delivery (CDN). Moreover, the CDN server to guarantee the availability of content when the peers contributions are limited by the churn, or when the content is is unprecedented to the peers of the P2P network. However, CDN-P2P systems alone do not guarantee the effectiveness of the services, since the peers output that are the only holders of a particular contents can generate congestion around the CDN server and degrade the quality of users experience. This dissertation investigates the contribution of stable peers for availability content on the on the P2P slice form a CDN-P2P system designed to distribute videos similar to those distributed by YouTube. In this way, the data were collected from the real YouTube Web site, exploring the potential of the users that have been access the playlists to characterize the stability of the peers in the system. The assumption about the effectiveness of playlists viewers int the availability content, due to the increased of the stay connnected of these users in the system and the possible popularity of contents shared by them. It was found that when a large number of the peers players pairs of the playlists spend long sessions connected, the improvement of the availability of content was in 60%. Additionally, in scenarios of low participation of players in playlists, its was the improvement outperformed in 20%. Furthermore, we evaluated how the build policies of the mesh impact the distribution system when the peers are grouped and identified as ordinaries and stable. These policies structure the portion of the P2P system through the criterias that are employed on arrival, maintenance and management of the connections of the peers, thus reducing the demands on the CDN server. / A escalabilidade e a alta demanda por recursos são os principais desafios que os provedores de conteúdo enfrentam na viabilização de aplicações multimídia baseadas em redes. No YouTube, por exemplo, um dos mais populares sistemas de distribuição de vídeo sob demanda, são enviadas 100 horas de vídeo a cada minuto aos seus servidores e mais de quatro bilhões de horas de vídeo são assistidas a cada mês. Sistemas CDN-P2P têm sido apontados como uma alternativa escalável para distribuição de conteúdo multimídia na Internet. Nesses sistemas, os pares da rede par-a-par (P2P) compartilham seus recursos, diminuindo as demandas sobre a infraestrutura da rede de distribuição de conteúdo (CDN). Por outro lado, os servidores da CDN garantem a disponibilidade de conteúdo quando as contribuições dos pares são limitadas pelo churn, ou quando o conteúdo for inédito aos pares da rede P2P. Contudo, sistemas CDN-P2P, por si só, não garantem a efetividade dos serviços, visto que a saída de pares que são os únicos detentores de um determinado conteúdo pode gerar congestionamento ao redor do servidor da CDN e degradar a qualidade de experiência dos usuários. Nesta dissertação investiga-se a contribuição de pares estáveis para disponibilidade de conteúdo na parte P2P de um sistema CDN-P2P concebido para distribuir vídeos similares aos distribuídos pelo YouTube. Para isso, dados reais foram coletados do site YouTube, explorando-se o potencial de usuários que acessam playlists para caracterizar a estabilidade dos pares no sistema. A suposição acerca da efetividade dos tocadores de playlists na disponibilidade de conteúdo deve-se Ao maior tempo de permanência desses usuários no sistema e á possível popularidade dos conteúdos por eles compartilhados. Verificou-se que quando um número grande de pares tocadores de playlists passam longas sessões conectados, a melhoria na disponibilidade de conteúdo foi de 60%. Adicionalmente em cenários de baixa participação dos tocadores de playlists a melhoria superou 20%. Em seguida, avaliou-se de que forma políticas de formação da malha impactam o sistema de distribuição estudado quando os pares são agrupados e identificados como estáveis e comuns. Estas políticas estruturam a porçãoP2P do sistema através de critérios que são empregados na chegada, na manutenção e gerência das conexões dos pares, diminuindo assim as exigências sobre o servidor da CDN.

Redes de distribuição de conteúdo

Redes par-a-par

Sistemas CDN

Políticas de formação da malha

Availability of content

Content distribution networks

Video-on-Demand

On the Resilience of Network Coding in Peer-to-Peer Networks and its Applications

Niu, Di

14 July 2009

Most current-generation P2P content distribution protocols use fine-granularity blocks to distribute content in a decentralized fashion. Such systems often suffer from a significant variation in block distributions, such that certain blocks become rare or even unavailable, adversely affecting content availability and download efficiency. This phenomenon is further aggravated by peer dynamics which is inherent in P2P networks. In this thesis, we quantitatively analyze how network coding may improve block availability and introduce resilience to peer dynamics. Since in reality, network coding can only be performed within segments, each containing a subset of blocks, we explore the fundamental tradeoff between the resilience gain of network coding and its inherent coding complexity, as the number of blocks in a segment varies. As another application of the resilience of network coding, we also devise an indirect data collection scheme based on network coding for the purpose of large-scale network measurements.

Peer-to-Peer

Content Distribution

Network Coding

File Sharing

Churn

Measurement Collection

Coding Complexity

Loss Resilience

Data Collection

Log Collection

Avalanche

BitTorrent

Generation

Segment

0544

On the Resilience of Network Coding in Peer-to-Peer Networks and its Applications

Niu, Di

14 July 2009

Most current-generation P2P content distribution protocols use fine-granularity blocks to distribute content in a decentralized fashion. Such systems often suffer from a significant variation in block distributions, such that certain blocks become rare or even unavailable, adversely affecting content availability and download efficiency. This phenomenon is further aggravated by peer dynamics which is inherent in P2P networks. In this thesis, we quantitatively analyze how network coding may improve block availability and introduce resilience to peer dynamics. Since in reality, network coding can only be performed within segments, each containing a subset of blocks, we explore the fundamental tradeoff between the resilience gain of network coding and its inherent coding complexity, as the number of blocks in a segment varies. As another application of the resilience of network coding, we also devise an indirect data collection scheme based on network coding for the purpose of large-scale network measurements.

Peer-to-Peer

Content Distribution

Network Coding

File Sharing

Churn

Measurement Collection

Coding Complexity

Loss Resilience

Data Collection

Log Collection

Avalanche

BitTorrent

Generation

Segment

0544

Slowing down to speed up : protecting users against massive attacks in content distribution systems / Atrasar para aprimorar : protegendo usuários contra ataques massivos em sistemas de distribuição de conteúdo

Santos, Flávio Roberto

January 2013

A Internet tem se tornado uma plataforma importante para interação e compartilhamento de arquivos, o que motivou uma crescente demanda por serviços eficientes. Sistemas de distribuição de conteúdo (CDS) precisaram ser criados visando modernidade e robustez. No contexto desta tese, CDS são definidos como sistemas usados para compartilhar qualquer tipo de conteúdo na Internet. Duas categorias de CDS se destacam como as mais populares: compartilhamento de arquivos e sistemas de mídia contínua. Arquiteturas par-a-par (P2P) surgiram como potenciais soluções para o aprimoramento da disseminação de conteúdo nos CDS. Nesse contexto, a popularização das arquiteturas P2P motivou a comunidade científica a investigar alguns aspectos de pesquisa desafiadores, e.g., otimização de topologias de redes, mecanismos de inicialização de sistemas e serviços de descoberta de recursos. Um desafio com interesse especial a esta tese diz respeito a mecanismos para conciliar a preferência dos usuários aos conteúdos publicados. Esse aspecto é importante para garantir uma boa qualidade de experiência (QoE) aos usuários dos sistemas, uma vez que podem existir divergências entre opiniões na descrição dos conteúdos e ações maliciosas. Esforços de pesquisa constantes têm sido feitos para combater poluição de conteúdo em CDS. Abordagens buscam construir uma base de conhecimento sobre poluidores e conteúdos poluídos para identificar e isolar conteúdos suspeitos depois que eles são publicados. Entretanto, o tempo de reação dessas abordagens até considerar um conteúdo poluído é consideravelmente longo, permitindo uma ampla disseminação de poluição. Além disso, algumas abordagens anteriores buscam polarizar conteúdos entre poluídos ou não, desconsiderando a intrínseca subjetividade acerca da classificação dos conteúdos compartilhados. O objetivo principal desta tese é propor um mecanismo para prover uma boa QoE aos usuários – agindo proativamente durante as fases iniciais da publicação dos conteúdos – e reduzir os efeitos de interferências maliciosas. Para alcançar tal objetivo, três passos principais guiaram o trabalho de pesquisa apresentado nesta tese. Primeiro, propusemos uma estratégia inovadora que opera de forma conservadora para conter a disseminação de poluição. Segundo, estendemos nossa solução para lidar com a subjetividade acerca das descrições dos conteúdos. Terceiro, tratamos o ataque de poluição como um ataque massivo. Para avaliar a solução, experimentos foram executados utilizando testes reais e simulações. Resultados ressaltaram a importância de adotar medidas de segurança para combater comportamentosmaliciosos em CDS. Na ausência de mecanismos de contramedida, pequenas proporções (10%) de atacantes foram capazes de comprometer o sistema. A instanciação da estratégia conservadora proposta nesta tese demonstrou a eficácia em atrasar usuários para contornar ataques massivos. / The Internet has become a large platform where users can interact and share personal files or third-party productions. Considering the increasing demand for efficient content sharing, modern and robust content distribution systems (CDS) need to be deployed and maintained. In the context of this thesis, CDS are defined as systems used for sharing any kind of content on the Internet. Two categories of CDS are underscored as the most popular ones: file sharing and streaming systems. Peer-to-peer (P2P) architectures have emerged as a potential solution to improve content dissemination in CDS. The popularization of P2P architectures, in the context of CDS,motivated the scientific community to investigate some challenging problems, namely network topology optimization, bootstrap mechanisms, and service discovery. One particular interesting challenge, in the context of this thesis, is related to mechanisms to approximate users to their personal interests. This is important to guarantee good quality of experience (QoE) to users when searching for content. Imprecise descriptions are likely to happen due to different users’ opinion or malicious behavior. Substantial research has been carried out to fight content pollution in CDS. Proposed approaches try to identify and isolate suspicious content after publication. The rationale is to build a base of knowledge about polluters and fake content. However, the reaction time until a content is considered polluted is considerably long, which allows pollution to get widely disseminated. Furthermore, some previous approaches attempt to polarize contents in either polluted or not, not taking into account the inherent subjectivity behind the evaluation of shared contents. The main objective of this thesis is to devise a mechanism to provide users a good QoE – by acting proactively in the early stages of content distribution life cycle – and reduce the effect of malicious interferences. To achieve that, three main steps guided the research work presented in this thesis. First, we proposed a novel strategy that operates conservatively to avoid wide pollution dissemination. Second, we extended our previous solution to cope with the subjectivity regarding content descriptions. Third, and last, we address the pollution attack as a massive attack. To evaluate our solution, a set of experiments was carried out using both real tests and simulations. Results showed the importance of adopting security measures to mitigate malicious behavior in CDS. In the absence of countermeasure mechanisms, even a small proportion (10%) of attackers was able to subvert the system. The introduction of a conservative strategy in this thesis demonstrated the efficacy of delaying users in circumventing massive attacks.

Redes : Computadores

Seguranca : Redes : Computadores

Redes P2P

Content distribution systems

Peer-to-peer systems

File sharing

Streaming systems

Tagging systems

Conservative strategies

Delaying mechanisms

Content pollution

Massive attacks

Slowing down to speed up : protecting users against massive attacks in content distribution systems / Atrasar para aprimorar : protegendo usuários contra ataques massivos em sistemas de distribuição de conteúdo

Santos, Flávio Roberto

January 2013

A Internet tem se tornado uma plataforma importante para interação e compartilhamento de arquivos, o que motivou uma crescente demanda por serviços eficientes. Sistemas de distribuição de conteúdo (CDS) precisaram ser criados visando modernidade e robustez. No contexto desta tese, CDS são definidos como sistemas usados para compartilhar qualquer tipo de conteúdo na Internet. Duas categorias de CDS se destacam como as mais populares: compartilhamento de arquivos e sistemas de mídia contínua. Arquiteturas par-a-par (P2P) surgiram como potenciais soluções para o aprimoramento da disseminação de conteúdo nos CDS. Nesse contexto, a popularização das arquiteturas P2P motivou a comunidade científica a investigar alguns aspectos de pesquisa desafiadores, e.g., otimização de topologias de redes, mecanismos de inicialização de sistemas e serviços de descoberta de recursos. Um desafio com interesse especial a esta tese diz respeito a mecanismos para conciliar a preferência dos usuários aos conteúdos publicados. Esse aspecto é importante para garantir uma boa qualidade de experiência (QoE) aos usuários dos sistemas, uma vez que podem existir divergências entre opiniões na descrição dos conteúdos e ações maliciosas. Esforços de pesquisa constantes têm sido feitos para combater poluição de conteúdo em CDS. Abordagens buscam construir uma base de conhecimento sobre poluidores e conteúdos poluídos para identificar e isolar conteúdos suspeitos depois que eles são publicados. Entretanto, o tempo de reação dessas abordagens até considerar um conteúdo poluído é consideravelmente longo, permitindo uma ampla disseminação de poluição. Além disso, algumas abordagens anteriores buscam polarizar conteúdos entre poluídos ou não, desconsiderando a intrínseca subjetividade acerca da classificação dos conteúdos compartilhados. O objetivo principal desta tese é propor um mecanismo para prover uma boa QoE aos usuários – agindo proativamente durante as fases iniciais da publicação dos conteúdos – e reduzir os efeitos de interferências maliciosas. Para alcançar tal objetivo, três passos principais guiaram o trabalho de pesquisa apresentado nesta tese. Primeiro, propusemos uma estratégia inovadora que opera de forma conservadora para conter a disseminação de poluição. Segundo, estendemos nossa solução para lidar com a subjetividade acerca das descrições dos conteúdos. Terceiro, tratamos o ataque de poluição como um ataque massivo. Para avaliar a solução, experimentos foram executados utilizando testes reais e simulações. Resultados ressaltaram a importância de adotar medidas de segurança para combater comportamentosmaliciosos em CDS. Na ausência de mecanismos de contramedida, pequenas proporções (10%) de atacantes foram capazes de comprometer o sistema. A instanciação da estratégia conservadora proposta nesta tese demonstrou a eficácia em atrasar usuários para contornar ataques massivos. / The Internet has become a large platform where users can interact and share personal files or third-party productions. Considering the increasing demand for efficient content sharing, modern and robust content distribution systems (CDS) need to be deployed and maintained. In the context of this thesis, CDS are defined as systems used for sharing any kind of content on the Internet. Two categories of CDS are underscored as the most popular ones: file sharing and streaming systems. Peer-to-peer (P2P) architectures have emerged as a potential solution to improve content dissemination in CDS. The popularization of P2P architectures, in the context of CDS,motivated the scientific community to investigate some challenging problems, namely network topology optimization, bootstrap mechanisms, and service discovery. One particular interesting challenge, in the context of this thesis, is related to mechanisms to approximate users to their personal interests. This is important to guarantee good quality of experience (QoE) to users when searching for content. Imprecise descriptions are likely to happen due to different users’ opinion or malicious behavior. Substantial research has been carried out to fight content pollution in CDS. Proposed approaches try to identify and isolate suspicious content after publication. The rationale is to build a base of knowledge about polluters and fake content. However, the reaction time until a content is considered polluted is considerably long, which allows pollution to get widely disseminated. Furthermore, some previous approaches attempt to polarize contents in either polluted or not, not taking into account the inherent subjectivity behind the evaluation of shared contents. The main objective of this thesis is to devise a mechanism to provide users a good QoE – by acting proactively in the early stages of content distribution life cycle – and reduce the effect of malicious interferences. To achieve that, three main steps guided the research work presented in this thesis. First, we proposed a novel strategy that operates conservatively to avoid wide pollution dissemination. Second, we extended our previous solution to cope with the subjectivity regarding content descriptions. Third, and last, we address the pollution attack as a massive attack. To evaluate our solution, a set of experiments was carried out using both real tests and simulations. Results showed the importance of adopting security measures to mitigate malicious behavior in CDS. In the absence of countermeasure mechanisms, even a small proportion (10%) of attackers was able to subvert the system. The introduction of a conservative strategy in this thesis demonstrated the efficacy of delaying users in circumventing massive attacks.

Redes : Computadores

Seguranca : Redes : Computadores

Redes P2P

Content distribution systems

Peer-to-peer systems

File sharing

Streaming systems

Tagging systems

Conservative strategies

Delaying mechanisms

Content pollution

Massive attacks

Slowing down to speed up : protecting users against massive attacks in content distribution systems / Atrasar para aprimorar : protegendo usuários contra ataques massivos em sistemas de distribuição de conteúdo

Santos, Flávio Roberto

January 2013

A Internet tem se tornado uma plataforma importante para interação e compartilhamento de arquivos, o que motivou uma crescente demanda por serviços eficientes. Sistemas de distribuição de conteúdo (CDS) precisaram ser criados visando modernidade e robustez. No contexto desta tese, CDS são definidos como sistemas usados para compartilhar qualquer tipo de conteúdo na Internet. Duas categorias de CDS se destacam como as mais populares: compartilhamento de arquivos e sistemas de mídia contínua. Arquiteturas par-a-par (P2P) surgiram como potenciais soluções para o aprimoramento da disseminação de conteúdo nos CDS. Nesse contexto, a popularização das arquiteturas P2P motivou a comunidade científica a investigar alguns aspectos de pesquisa desafiadores, e.g., otimização de topologias de redes, mecanismos de inicialização de sistemas e serviços de descoberta de recursos. Um desafio com interesse especial a esta tese diz respeito a mecanismos para conciliar a preferência dos usuários aos conteúdos publicados. Esse aspecto é importante para garantir uma boa qualidade de experiência (QoE) aos usuários dos sistemas, uma vez que podem existir divergências entre opiniões na descrição dos conteúdos e ações maliciosas. Esforços de pesquisa constantes têm sido feitos para combater poluição de conteúdo em CDS. Abordagens buscam construir uma base de conhecimento sobre poluidores e conteúdos poluídos para identificar e isolar conteúdos suspeitos depois que eles são publicados. Entretanto, o tempo de reação dessas abordagens até considerar um conteúdo poluído é consideravelmente longo, permitindo uma ampla disseminação de poluição. Além disso, algumas abordagens anteriores buscam polarizar conteúdos entre poluídos ou não, desconsiderando a intrínseca subjetividade acerca da classificação dos conteúdos compartilhados. O objetivo principal desta tese é propor um mecanismo para prover uma boa QoE aos usuários – agindo proativamente durante as fases iniciais da publicação dos conteúdos – e reduzir os efeitos de interferências maliciosas. Para alcançar tal objetivo, três passos principais guiaram o trabalho de pesquisa apresentado nesta tese. Primeiro, propusemos uma estratégia inovadora que opera de forma conservadora para conter a disseminação de poluição. Segundo, estendemos nossa solução para lidar com a subjetividade acerca das descrições dos conteúdos. Terceiro, tratamos o ataque de poluição como um ataque massivo. Para avaliar a solução, experimentos foram executados utilizando testes reais e simulações. Resultados ressaltaram a importância de adotar medidas de segurança para combater comportamentosmaliciosos em CDS. Na ausência de mecanismos de contramedida, pequenas proporções (10%) de atacantes foram capazes de comprometer o sistema. A instanciação da estratégia conservadora proposta nesta tese demonstrou a eficácia em atrasar usuários para contornar ataques massivos. / The Internet has become a large platform where users can interact and share personal files or third-party productions. Considering the increasing demand for efficient content sharing, modern and robust content distribution systems (CDS) need to be deployed and maintained. In the context of this thesis, CDS are defined as systems used for sharing any kind of content on the Internet. Two categories of CDS are underscored as the most popular ones: file sharing and streaming systems. Peer-to-peer (P2P) architectures have emerged as a potential solution to improve content dissemination in CDS. The popularization of P2P architectures, in the context of CDS,motivated the scientific community to investigate some challenging problems, namely network topology optimization, bootstrap mechanisms, and service discovery. One particular interesting challenge, in the context of this thesis, is related to mechanisms to approximate users to their personal interests. This is important to guarantee good quality of experience (QoE) to users when searching for content. Imprecise descriptions are likely to happen due to different users’ opinion or malicious behavior. Substantial research has been carried out to fight content pollution in CDS. Proposed approaches try to identify and isolate suspicious content after publication. The rationale is to build a base of knowledge about polluters and fake content. However, the reaction time until a content is considered polluted is considerably long, which allows pollution to get widely disseminated. Furthermore, some previous approaches attempt to polarize contents in either polluted or not, not taking into account the inherent subjectivity behind the evaluation of shared contents. The main objective of this thesis is to devise a mechanism to provide users a good QoE – by acting proactively in the early stages of content distribution life cycle – and reduce the effect of malicious interferences. To achieve that, three main steps guided the research work presented in this thesis. First, we proposed a novel strategy that operates conservatively to avoid wide pollution dissemination. Second, we extended our previous solution to cope with the subjectivity regarding content descriptions. Third, and last, we address the pollution attack as a massive attack. To evaluate our solution, a set of experiments was carried out using both real tests and simulations. Results showed the importance of adopting security measures to mitigate malicious behavior in CDS. In the absence of countermeasure mechanisms, even a small proportion (10%) of attackers was able to subvert the system. The introduction of a conservative strategy in this thesis demonstrated the efficacy of delaying users in circumventing massive attacks.

Redes : Computadores

Seguranca : Redes : Computadores

Redes P2P

Content distribution systems

Peer-to-peer systems

File sharing

Streaming systems

Tagging systems

Conservative strategies

Delaying mechanisms

Content pollution

Massive attacks

Gerenciamento de conteúdo multimídia em redes cdn-p2p.

Libório Filho, João da Mata

22 March 2012

Made available in DSpace on 2015-04-11T14:03:13Z (GMT). No. of bitstreams: 1 DISSERTACAO JOAO DA MATA.pdf: 5833486 bytes, checksum: fd81987d9b1e9ac8f9bb648058db273b (MD5) Previous issue date: 2012-03-22 / Fundação de Amparo à Pesquisa do Estado do Amazonas / Scalability and high demand for resources are the main challenges that content providers face to deploy Video-on-Demand applications. The most popular site for sharing videos, YouTube, has over 4 billion videos viewed a day and 60 hours of video are uploaded every minute. Hybrid systems (CDN-P2P) have been proposed as a scalable and cost effective solution for VoD distribution. In these systems, peers share their resources decreasing demand on the content distribution network infrastructure (CDN). On the other hand, the CDN s servers guarantee the availability of content when peers contributions are limited by churn. However, in these systems, the content distributed must be managed so that the CDN servers workload is minimized. An issue to be investigated is the impact of churn, i.e the effect of cycle of peers join and leave, on management policies. Carried studies showed that the performance of policies improves as the storage capacity of peers increases. However, this increasement does not impact proportionately the performance of policies. Later on, we proposed, implemented and evaluated four object management policies derived from data in YouTube video collections. These policies use information left by users or generated by the video distribution system to measure the value of objects. We found that the proposed policies were able to improve the availability of content in more than 70%, compared to the LFU policy, and more than 50% compared to GDSP policy. / A escalabilidade e a alta demanda por recursos s ao os principais desafios que os provedores de conte´udo enfrentam na viabiliza¸c ao de aplica¸c oes de v´ıdeos sob demanda (VoD). O site mais popular de compartilhamento de v´ıdeos, o YouTube, tem mais de 4 bilh oes de visualiza¸c oes por dia e 60 horas de v´ıdeo s ao armazenadas a cada minuto em seus servidores. Sistemas h´ıbridos (CDN-P2P) t em sido apresentado como uma solu¸c ao escal´avel para distribui¸c ao de VoD. Nesses sistemas, pares compartilham seus recursos diminuindo a demanda sobre a infraestrutura da rede de distribui¸c ao de conte´udo (CDN). Por outro lado, os servidores da CDN garantem a disponibilidade de conte´udo quando as contribui¸c oes dos pares s ao limitadas pelo churn, ou quando o conte´udo for in´edito aos pares da rede par a par (P2P). No entanto, o conte´udo distribu´ıdo nesses sistemas precisa ser gerenciado, de forma que a carga de trabalho submetida aos servidores da CDN seja minimizada. Uma quest ao a ser investigada nesse sistema ´e o impacto do churn, isto ´e, o efeito criado pelo ciclo de entrada e sa´ıda dos pares sobre os mecanismos de ger encia do conte´udo distribu´ıdo pelo sistema. Nesta disserta¸c ao avalia-se o impacto do churn no desempenho de pol´ıticas de gerenciamento de objetos em sistemas CDN-P2P; verificou-se que o impacto no desempenho das pol´ıticas diminui com o aumento da capacidade de armazenamento dos pares, no entanto, esse aumento n ao impacta proporcionalmente a performance das pol´ıticas. Em seguida, s ao propostas, implementadas e avaliadas quatro pol´ıticas de gerenciamento de objetos derivadas a partir de dados reais obtidos de cole¸c oes de v´ıdeos do YouTube. Essas pol´ıticas exploram informa¸c oes deixadas pelos usu´arios ou geradas pelo sistema de distribui¸c ao dos v´ıdeos para mensurar o valor de um objeto. A suposi¸c ao acerca da efetividade dessas informa¸c oes na valora¸c ao dos objetos ´e devido `a influ encia do sistema de recomenda¸c ao do YouTube no acesso a seu conte´udo, pois esse sistema utiliza-se dessas informa¸c oes para indicar v´ıdeos aos usu´arios. As pol´ıticas propostas foram capazes de melhorar a disponibilidade do conte´udo em mais de 70%, comparada `a disponibilidade proporcionada pela pol´ıtica LFU e mais de 50%, comparada `a pol´ıtica GDSP.

Redes de distribuição de conteúdo

Redes par a par

Conteúdo gerado