Robust, fault-tolerant majority based key-value data store supporting multiple data consistency

Khan, Tareq Jamal

January 2011

Web 2.0 has significantly transformed the way how modern society works now-a-days. In today‘s Web, information not only flows top down from the web sites to the readers; but also flows bottom up contributed by mass user. Hugely popular Web 2.0 applications like Wikis, social applications (e.g. Facebook, MySpace), media sharing applications (e.g. YouTube, Flickr), blogging and numerous others generate lots of user generated contents and make heavy use of the underlying storage. Data storage system is the heart of these applications as all user activities are translated to read and write requests and directed to the database for further action. Hence focus is on the storage that serves data to support the applications and its reliable and efficient design is instrumental for applications to perform in line with expectations. Large scale storage systems are being used by popular social networking services like Facebook, MySpace where millions of users‘ data have been stored and fully accessed by these companies. However from users‘ point of view there has been justified concern about user data ownership and lack of control over personal data. For example, on more than one occasions Facebook have exercised its control over users‘ data without respecting users‘ rights to ownership of their own content and manipulated data for its own business interest without users‘ knowledge or consent. The thesis proposes, designs and implements a large scale, robust and fault-tolerant key-value data storage prototype that is peer-to-peer based and intends to back away from the client-server paradigm with a view to relieving the companies from data storage and management responsibilities and letting users control their own personal data. Several read and write APIs (similar to Yahoo!‘s P NUTS but different in terms of underlying design and the environment they are targeted for) with various data consistency guarantees are provided from which a wide range of web applications would be able to choose the APIs according to their data consistency, performance and availability requirements. An analytical comparison is also made against the PNUTS system that targets a more stable environment. For evaluation, simulation has been carried out to test the system availability, scalability and fault-tolerance in a dynamic environment. The results are then analyzed and conclusion is drawn that the system is scalable, available and shows acceptable performance.

Web 2.0 applications

peer-to-peer (P2P) system

key-value data store

relaxed consistency

Distributed Hash Table (DHT)

majority based quorum technique

Engineering and Technology

Teknik och teknologier

Supervision des réseaux pair à pair structurés appliquée à la sécurité des contenus / Monitoring of structured P2P networks applied to the security of contents

Cholez, Thibault

23 June 2011

L'objectif de cette thèse est de concevoir et d'appliquer de nouvelles méthodes de supervision capables d'appréhender les problèmes de sécurité affectant les données au sein des réseaux P2P structurés (DHT). Ceux-ci sont de deux types. D'une part les réseaux P2P sont utilisés pour diffuser des contenus illégaux dont l'activité est difficile à superviser. D'autre part, l'indexation des contenus légitimes peut être corrompue (attaque Sybil).Nous proposons tout d'abord une méthode de supervision des contenus basée sur l'insertion de sondes et le contrôle du mécanisme d'indexation du réseau. Celle-ci permet d'attirer l'ensemble des requêtes des pairs pour un contenu donné, puis de vérifier leur intention en générant des appâts très attractifs. Nous décrivons ainsi les faiblesses du réseau permettant la mise en oeuvre de notre méthode en dépit des protections existantes. Nous présentons les fonctionnalités de notre architecture et en évaluons l'efficacité sur le réseau P2P KAD avant de présenter un déploiement réel ayant pour but l'étude des contenus pédophiles.Nous considérons ensuite la sécurité des données indexées dans une DHT. Nous supervisons le réseau KAD et montrons que celui-ci est victime d'une pollution particulièrement néfaste affectant 2/3 des fichiers mais aussi de nombreuses attaques ciblées affectant la sécurité des contenus stockés. Nous proposons un moyen de détecter efficacement cette dernière attaque en analysant la distribution des identifiants des pairs autour d'une référence ainsi qu'une contre-mesure permettant de protéger les pairs à un coût négligeable. Nous terminons par l'évaluation de la protection au sein de réseaux P2P réels. / The purpose of this thesis is to design and implement new monitoring solutions which are able to deal with the security issues affecting data stored in large structured P2P networks (DHT). There are two major types of issues. First, P2P networks are used to spread illegal contents whose activity is difficult to monitor accurately. Second, the indexation of regular contents can be corrupted (Sybil attack).We first designed a new approach to monitor contents based on the insertion of distributed probes in the network to take control of the indexation mechanism. The probes can attract all the related requests for a given content and assess the peers intent to access it by generating very attractive honeypots. We describe the weaknesses of the network allowing our solution to be effective despite recent protection mechanisms. We then present the services offered by our monitoring architecture and we evaluate its efficiency on KAD. We also present a real deployment whose purpose is to study pedophile contents on this network.Then, we focus on data integrity in distributed hash tables. We performed large scale monitoring campaigns on the KAD network. Our observations show that it suffers from a very harmful pollution of its indexation mechanism affecting 2/3 of the shared files and from a large number of localized attacks targeting contents. To mitigate these threats, we propose a new efficient way to detect attacks by analysing the distribution of the peers' ID found around an entry after a DHT lookup and a counter-measure which can protect the peers at a negligible cost. Finally, we evaluate our solution in real P2P networks.

Réseaux P2P

Table de hachage distribuée

KAD

Supervision

Pots de miel

Indexation des contenus

Sécurité

Attaque Sybil

Détection d'attaques

Défense

Pollution des contenus

P2P networks

Distributed Hash Table

KAD

Monitoring

Honeypot

Content indexation

Security

Sybil attack

Attack detection

Defense

Content pollution

Uma arquitetura de nomeação para a internet utilizando redes virtuais

Sousa, Joelle Quaini

26 November 2007

Made available in DSpace on 2016-06-02T19:05:31Z (GMT). No. of bitstreams: 1 2017.pdf: 2776743 bytes, checksum: cc39daf3470ef4356480296d650d108c (MD5) Previous issue date: 2007-11-26 / Regarding new computational and networking requisites such as wireless networks, mutihoming interfaces, load-balancing mechanisms and several other middleboxes [1] present today, these facts, allied to the static and conservative nature of the Internet and its sheer size turn the capability to correct these problems an almost impossible attempt, as it demands structural changes. In the Internet inception, in the late 70th, neither mobility nor multihoming where foreseen in its original intents. In this sense, the proposition of a novel naming architecture for the Internet to identify univocally services and data, irrespective to its node characteristics, would have an acute changing effect and will allow its elements to be precisely represented and authenticated. In order to achieve these purposes, the use of Virtual Networks was considered as it allows the incremental introduction of new technologies, protocols and applications being itself a more viable alternative when compared to several failed attempts to introduce new structural changes to the Internet [2; 3]. A proposal for a taxonomy for Virtual Networks was described here as a result of a site survey that was conducted to function as subject to this architecture proposition. Besides, a literature investigation of related projects followed by a network testbed of several protocols originated the proposition of a Layered Naming Architecture for the Internet using Virtual Networks. / Face a vários novos requisitos de comunicação demandados por equipamentos em desenvolvimento constante, tais como computadores móveis portadores de múltiplas interfaces comunicantes, devido à inserção de diversos middleboxes [1], o modelo arquitetural TCP/IP necessita ser aprimorado para suportar novas tecnologias e protocolos. Originalmente, quando a Internet foi projetada, no final dos anos 70 nem mobilidade nem multihoming (i.e. equipamento com diversas conectividades físicas simultâneas) foram considerados. Pela proposição de uma nova arquitetura de nomeação para a Internet, que seja capaz de identificar univocamente qualquer entidade comunicante, bem como proporcionar suporte às tecnologias já extensamente utilizadas, este trabalho objetivou promover a mobilidade e o suporte a diversos middleboxes para a Internet, principalmente no que diz respeito à identificação e à autenticação de nós e objetos (i.e. serviços, dados e usuários). Almejando atingir tal objetivo utilizou-se a tecnologia de Redes Virtuais, que permite uma adesão incremental de suas funcionalidades, protocolos e aplicações. Esta abordagem não representa, portanto, um modelo cujas mudanças à arquitetura da Internet causam-lhe transformações estruturais, diferentemente de outras propostas que abordaram este problema desta forma sem sucesso [2; 3]. Para tanto, uma taxonomia de Redes Virtuais foi proposta e avaliada por um estudo de caso que compreendeu a sua aplicação prática. Além disso, realizou-se uma análise de bancada de redes de diversos protocolos e o estudo das propostas da literatura associada. Tais realizações culminaram na proposta de uma Arquitetura de Nomeação para a Internet utilizando Redes Virtuais Overlay.

Redes de computação protocolos

DNS

Internet (Redes de computação)

Banco de dados

Arquitetura TCP/IP

Overlays

Redes virtuais

Tabelas hash distribuídas

Distributed hash table

TCP/IP architecture

Virtual networks

Monitorování peerů sdílejících torrenty / Torrent Peer Monitoring

Bezděk, David

January 2018

This master's thesis deals with analysis and implementation of methods for BitTorrent monitoring focusing on the Mainline DHT protocol. The aim of the thesis was to create a system, that will be looking for BitTorrent peers that participe in the illegal file distribution. Another task of the system was to collect and analyze data for counting size of the BitTorrent network. That was achieved by taking over of existing method. The system was designed and implemented as a module for monitoring of cybernetic crime. It also defines an interface for storing and sharing data, that provides data evaluation, easy data manipulation and serves for possible future extensions.

An Efficient and Secure Overlay Network for General Peer-to-Peer Systems

WANG, HONGHAO

22 April 2008

No description available.

Computer Science

Peer-to-Peer

Overlay Network

Overlay Routing

Overlay Structure

Distributed Hash Table (DHT)

Network Topology

Network Aware

Network Locality

Network Proximity

Network Security

Secure Routing

System Churn