Technical Report MSC-2015-04

Title: Defending Against Eclipse Attacks in Unstructured Overlays
Authors: Ido Gonen
Supervisors: Roy Friedman
PDFCurrently accessibly only within the Technion network
Abstract: Overlays play a central role in the scalability of many peer-to-peer (P2P) networks and large scale data-center systems. The Eclipse attack has been identified as one of the major potential attacks against overlays. In Eclipse attacks, an attacker that controls a small portion of the nodes in the system eclipses a large fraction of the correct nodes. By eclipsing correct nodes, attackers isolate correct nodes from the rest of the system, and thereby can completely control what these nodes see and know about the network. To the best of our knowledge, previous works on defending against Eclipse attacks focused only on structured P2P overlays, where there are structural constraints on the identities of a node's neighbors. However, structured overlays tend to be much less robust and scalable than unstructured ones. In this work, we present a novel approach to defend against Eclipse attacks in unstructured overlays, where there are no a-priori constraints on a node's neighbors other than possibly its degree. Our defense bounds the degree of nodes in the overlay and uses a decentralized self-discovered monitoring service called BMON to enforce this bound. In practice, correct nodes disconnect from neighbors whose degree is above a given threshold, thereby bounding the degree of nodes in the overlay. The degree bounding reduces the likelihood of an Eclipse attack to be successfully mounted, as a malicious node is prevented from being the overlay neighbor of too many correct nodes. The work presents the defense protocol, including a detailed description of BMON and its analysis.
CopyrightThe above paper is copyright by the Technion, Author(s), or others. Please contact the author(s) for more information

Remark: Any link to this technical report should be to this page (, rather than to the URL of the PDF files directly. The latter URLs may change without notice.

To the list of the MSC technical reports of 2015
To the main CS technical reports page

Computer science department, Technion