Removing the blinders: utilizing data-plane information to mitigate adversaries in unstructured multicast networks

Numerous collaborative Internet applications, such as video conferencing and broadcasting, have benefited tremendously from multicast services. Multicast overlay networks were proposed as a viable application level multicast architecture to overcome the scarcity of native IP multicast deployments. Many of these networks utilize adaptivity mechanisms to increase performance and provide fault tolerance for end-to-end communication. While pushing functionality to end-systems allows overlay networks to achieve better scalability, it also makes them more vulnerable since end-nodes are more likely to be compromised than core routers. Thus, end-system overlay networks are more vulnerable to malicious inside attacks coming from an attacker or group of colluding attackers that infiltrate the overlay. In particular, attacks that exploit the adaptivity mechanisms can be extremely dangerous because they target the overlay construction and maintenance while requiring no additional communication bandwidth on the attacker side. Such attacks can allow an adversary to control a significant part of the traffic and further facilitate other attacks such as selective data forwarding, cheating, traffic analysis, and attacks against availability. This work presents a solution for mitigating the effect of malicious adversaries on adaptive overlay networks by aggregating and utilizing data-plane and control-plane information to determine the reliability and utility of received information.