Hi there,
In this blog I will report about my activity and progress in GSoC project. The aim of project is to implement defense strategies against malicious activity in P2PSP network.
The P2PSP is an application layer protocol for the real-time streaming of multimedia content over the Internet. Many thanks to the community for accepting me as their GSoC student.
According to the schedule, described in my proposal, the goal of the first week is to implement malicious peer.
There are many types of attacks in p2p-networks, like bad-mouth attacks, selective attacks and so on. Current implementation of the malicious peer can only send poisioned chunks to the rest of team. It is needed to improve this implementation for testing more real scenarios of attacks, but for the first time it should be enough.
Command to run simple malicious peer:
Argument --malicious forces peer to send poisoned chunks to the rest of team. This is achieved by replacing standard socket of peer to special malicious socket. When peer wants to send chunks to other peers, it sends poisoned chunk. Here is code from MaliciousSocket class:
But here is one problem (in current impl of malicious peer): when peer doesn't receive chunks from splitter, it won't send chunks to the rest of team, but in real life, peer will send poisoned chunks always, in order to compromise the P2PSP network. I will implement this functionality later.
Also, I have implemented the first variant of STrPe. There are two steps: implement logic for trusted peer and implement logic for splitter.
The goal of trusted peer is to send hashes of chunks to the splitter. I have chosen the crc32 hash. The CRC32 generates the 4 byte integer (no string like sha or md5 hashes). Here is code sample from TrustedPeer class (to implement logic of trusted peer (in strpe) it is enough to override process_next_message function of peer):
As you can see, the trusted peer sends every 255 chunk to splitter. Here is problem too - the counter should count for each peer. Now, it is possible, that the trusted peer will never send the chunk from malicious peer.
Now splitter - splitter should check that hashes for chunks matches with chunks splitter sends. Some code:
The function moderate_the_team is overrided and when the size of message equals 8 bytes, the process_chunk_hash_message function is called.
You can see all the code in my fork of p2psp: https://github.com/ishakirov/p2psp
Also, here is diff with original repo: https://github.com/P2PSP/p2psp/compare/master...ishakirov:master
Here is commands for testing all the parts of STrPe mechanism:
Thanks!
In this blog I will report about my activity and progress in GSoC project. The aim of project is to implement defense strategies against malicious activity in P2PSP network.
The P2PSP is an application layer protocol for the real-time streaming of multimedia content over the Internet. Many thanks to the community for accepting me as their GSoC student.
According to the schedule, described in my proposal, the goal of the first week is to implement malicious peer.
There are many types of attacks in p2p-networks, like bad-mouth attacks, selective attacks and so on. Current implementation of the malicious peer can only send poisioned chunks to the rest of team. It is needed to improve this implementation for testing more real scenarios of attacks, but for the first time it should be enough.
Command to run simple malicious peer:
$ cd /path/to/p2psp/src/
$ ./peer.py --use_localhost --malicious Argument --malicious forces peer to send poisoned chunks to the rest of team. This is achieved by replacing standard socket of peer to special malicious socket. When peer wants to send chunks to other peers, it sends poisoned chunk. Here is code from MaliciousSocket class:
def sendto(self, string, address): if len(string) == struct.calcsize(self.message_format): return self._sock.sendto(self.get_poisoned_chunk(string), address) else: return self._sock.sendto(string, address) def get_poisoned_chunk(self, message): chunk_number, chunk = struct.unpack(self.message_format, message) return struct.pack(self.message_format, chunk_number, '0')
But here is one problem (in current impl of malicious peer): when peer doesn't receive chunks from splitter, it won't send chunks to the rest of team, but in real life, peer will send poisoned chunks always, in order to compromise the P2PSP network. I will implement this functionality later.
Also, I have implemented the first variant of STrPe. There are two steps: implement logic for trusted peer and implement logic for splitter.
The goal of trusted peer is to send hashes of chunks to the splitter. I have chosen the crc32 hash. The CRC32 generates the 4 byte integer (no string like sha or md5 hashes). Here is code sample from TrustedPeer class (to implement logic of trusted peer (in strpe) it is enough to override process_next_message function of peer):
def process_next_message(self): chunk_number = Peer_DBS.process_next_message(self) if chunk_number > 0 and self.counter == 0: chunk = self.chunks[chunk_number % self.buffer_size] msg = struct.pack('Hi', chunk_number, binascii.crc32(chunk)) self.team_socket.sendto(msg, self.splitter) self.counter = (self.counter + 1) % 255 return chunk_number
As you can see, the trusted peer sends every 255 chunk to splitter. Here is problem too - the counter should count for each peer. Now, it is possible, that the trusted peer will never send the chunk from malicious peer.
Now splitter - splitter should check that hashes for chunks matches with chunks splitter sends. Some code:
def process_chunk_hash_message(self, message): chunk_number, hash = struct.unpack('Hi', message) chunk_message = self.buffer[chunk_number % self.BUFFER_SIZE] chunk = struct.unpack(self.get_message_format(), chunk_message)[1] if binascii.crc32(chunk) != hash: peer = self.destination_of_chunk[chunk_number % self.BUFFER_SIZE] self.punish_malicious_peer(peer)
The function moderate_the_team is overrided and when the size of message equals 8 bytes, the process_chunk_hash_message function is called.
You can see all the code in my fork of p2psp: https://github.com/ishakirov/p2psp
Also, here is diff with original repo: https://github.com/P2PSP/p2psp/compare/master...ishakirov:master
Here is commands for testing all the parts of STrPe mechanism:
$ cd /path/to/p2psp/src/
$ vlc Big_Buck_Bunny_small.ogv --sout "#duplicate{dst=standard{mux=ogg,dst=,access=http}}" &
$ xterm -e "./splitter.py --source_port 8080 --strpe" &
$ xterm -e "./peer.py --use_localhost" &
$ vlc http://localhost:9999 &
$ xterm -e "./peer.py --use_localhost --player_port 10000 --trusted" &
$ vlc http://localhost:10000 &
$ xterm -e "./peer.py --use_localhost --player_port 10001 --malicious" &
$ vlc http://localhost:10001 &
Thanks!
Комментариев нет:
Отправить комментарий