Towards Robust Overlay Networks: Enhancing Adaptivity Mechanisms with Byzantine-Resilience

Adaptive measurement-based overlay networks offer increased performance and resilience to benign failures for end-to-end communication by using aggressive adaptivity mechanisms. These mechanisms dynamically optimize applicationcentric metrics such as latency, jitter, bandwidth, and loss rate. However, end-systems are more vulnerable than core routers, making overlay networks susceptible to malicious attacks coming from untrusted outsiders, and especially from trusted (but compromised) members of the overlay. Unlike outsider attacks, insider (or Byzantine) attacks can not be prevented by simply deploying cryptographic authentication mechanisms. In this work, we identify and classify insider attacks against adaptivity mechanisms in overlay networks and demonstrate several of them against the ESM/Narada multicast overlay system. The attacks target the overlay network construction, maintenance, and availability and allow malicious nodes to control significant traffic in the network, facilitating further attacks such as selective forwarding and traffic analysis. We believe this work is the first to classify insider attacks against adaptivity mechanisms in distributed systems and the first to propose techniques to enhance the adaptivity mechanisms with Byzantine-resilience. We demonstrate the effectiveness of the newly proposed techniques through real-life deployments and emulations conducted on the PlanetLab and DETER testbeds, respectively.