Prevention of Index-Poisoning DDoS Attacks in Peer-to-Peer File-Sharing Networks

A major security threat to the normal use and legal sharing of peer-to-peer (P2P) resources is DDoS (distributed denial-of-service) attacks caused by file index poisoning. This type of attacks exploits the design vulnerability of P2P networks. By populating unprotected peers with poisoned file indexes, attacker can cause DDoS flooding attacks on arbitrary hosts, even outside of the P2P network. We solve the index-poisoning problem in P2P file-sharing systems using identity-based cryptography to establish peer accountability. With accountability, all peers remain anonymous but their file indexes can be traced back to the original sending address without contacting the sender. We prove that accountability effectively prevents a peer from launching indexpoisoning attacks. A new reliable index-exchange protocol (RIEP) is proposed to enforce peer accountability. This protocol is applicable to all P2P file-sharing networks, either structured or unstructured. The system is designed to allow gradual transition of peers to become RIEP-enabled. We develop analytical models to characterize the poison propagation patterns with and without RIEP defense. These poisoning models are validated by simulated RIEP experiments on P2P networks over one million nodes. The reported experimental results support the advantages predicted by the theoretical models. These results prove the effectiveness of using RIEP to prevent index-poisoning DDoS attacks. We also discuss the implementation of the RIEP scheme and its limitations in real-life P2P networks.