CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks

Ghada Almashaqbeh, Kevin Kelley, Allison Bishop, Justin Cappos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Peer-Assisted content distribution networks (CDNs)have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-To-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work. In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-Assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth-enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.

    Original languageEnglish (US)
    Title of host publication2019 IEEE Conference on Communications and Network Security, CNS 2019
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages250-258
    Number of pages9
    ISBN (Electronic)9781538671177
    DOIs
    StatePublished - Jun 1 2019
    Event2019 IEEE Conference on Communications and Network Security, CNS 2019 - Washington, United States
    Duration: Jun 10 2019Jun 12 2019

    Publication series

    Name2019 IEEE Conference on Communications and Network Security, CNS 2019

    Conference

    Conference2019 IEEE Conference on Communications and Network Security, CNS 2019
    CountryUnited States
    CityWashington
    Period6/10/196/12/19

    Fingerprint

    Electric power distribution
    Data transfer
    Hybrid systems
    Servers
    Productivity
    Bandwidth
    Distribution network
    Attack
    Costs
    Experiments
    Peers

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture
    • Information Systems and Management
    • Safety, Risk, Reliability and Quality

    Cite this

    Almashaqbeh, G., Kelley, K., Bishop, A., & Cappos, J. (2019). CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks. In 2019 IEEE Conference on Communications and Network Security, CNS 2019 (pp. 250-258). [8802825] (2019 IEEE Conference on Communications and Network Security, CNS 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2019.8802825

    CAPnet : A Defense Against Cache Accounting Attacks on Content Distribution Networks. / Almashaqbeh, Ghada; Kelley, Kevin; Bishop, Allison; Cappos, Justin.

    2019 IEEE Conference on Communications and Network Security, CNS 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 250-258 8802825 (2019 IEEE Conference on Communications and Network Security, CNS 2019).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Almashaqbeh, G, Kelley, K, Bishop, A & Cappos, J 2019, CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks. in 2019 IEEE Conference on Communications and Network Security, CNS 2019., 8802825, 2019 IEEE Conference on Communications and Network Security, CNS 2019, Institute of Electrical and Electronics Engineers Inc., pp. 250-258, 2019 IEEE Conference on Communications and Network Security, CNS 2019, Washington, United States, 6/10/19. https://doi.org/10.1109/CNS.2019.8802825
    Almashaqbeh G, Kelley K, Bishop A, Cappos J. CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks. In 2019 IEEE Conference on Communications and Network Security, CNS 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 250-258. 8802825. (2019 IEEE Conference on Communications and Network Security, CNS 2019). https://doi.org/10.1109/CNS.2019.8802825
    Almashaqbeh, Ghada ; Kelley, Kevin ; Bishop, Allison ; Cappos, Justin. / CAPnet : A Defense Against Cache Accounting Attacks on Content Distribution Networks. 2019 IEEE Conference on Communications and Network Security, CNS 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 250-258 (2019 IEEE Conference on Communications and Network Security, CNS 2019).
    @inproceedings{026f4251176949c1b4d31a4cbd8f36d2,
    title = "CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks",
    abstract = "Peer-Assisted content distribution networks (CDNs)have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-To-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work. In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-Assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth-enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.",
    author = "Ghada Almashaqbeh and Kevin Kelley and Allison Bishop and Justin Cappos",
    year = "2019",
    month = "6",
    day = "1",
    doi = "10.1109/CNS.2019.8802825",
    language = "English (US)",
    series = "2019 IEEE Conference on Communications and Network Security, CNS 2019",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",
    pages = "250--258",
    booktitle = "2019 IEEE Conference on Communications and Network Security, CNS 2019",

    }

    TY - GEN

    T1 - CAPnet

    T2 - A Defense Against Cache Accounting Attacks on Content Distribution Networks

    AU - Almashaqbeh, Ghada

    AU - Kelley, Kevin

    AU - Bishop, Allison

    AU - Cappos, Justin

    PY - 2019/6/1

    Y1 - 2019/6/1

    N2 - Peer-Assisted content distribution networks (CDNs)have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-To-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work. In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-Assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth-enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.

    AB - Peer-Assisted content distribution networks (CDNs)have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-To-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work. In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-Assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth-enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.

    UR - http://www.scopus.com/inward/record.url?scp=85071720331&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85071720331&partnerID=8YFLogxK

    U2 - 10.1109/CNS.2019.8802825

    DO - 10.1109/CNS.2019.8802825

    M3 - Conference contribution

    AN - SCOPUS:85071720331

    T3 - 2019 IEEE Conference on Communications and Network Security, CNS 2019

    SP - 250

    EP - 258

    BT - 2019 IEEE Conference on Communications and Network Security, CNS 2019

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -