4.11 The Content Integrity Set of rules

The CIS (Content Integrity Set of rules) is responsible for fighting against a DoS (Denial of Service) attacks by stream spoiling (also known as pollution attacks). This action could be carried out by possible custom implementations of peers that might to poison A poisoned chunk is a chunk that seems to be OK, but which the sender has changed in such a way that when played, introduces no information (for example, a chunk filled with zeroes) or even wrong information. (by altering willfully) the content of the stream. This set of rules could be also useful in those situations where the transmission links are error-prone and the error detection mechanism of the underlaying transport protocol has been disabled.

In the CIS is proposed use a hash of the content of Chunks to discover a attacker peer. The rules are:

  1. One or more peers of the team are selected as trusted peers so that only the splitter knows of its existence through of endpoint of each them. It’s possible that all peers in the team are trusted-peers except the attacker.
  2. The trusted peers create a hash (fingerprint) for a number of received chunks (included the chunk number) plus an other hash of the endpoint from where each chunk has been received. Depending on the computational power available in the trusted peer host, all or a subset (can be random) of chunks are processed.
  3. The hashes (both chunks and endpoints) are sent to the splitter, which checks if the received chunks have been altered (calculate the hash is necessary).
  4. The splitter knows what chunk has been sent to each peer. Therefore if the splitter receives a hash that does not match the one he has calculated can deduce that one of the chunks was altered and depending on the number of corresponding chunk is able to determine to which peer was sent the altered chunk (note that all chunks follow the following process: the chunk first travels from the splitter to a peer which sends it to all other peers of the team).
  5. When the number of altered/peer exceeds a treshold, the peer is rejected of the team. This is achieved not sending more chunks to the attacker(s) peer(s). Moreover the splitter sends a reject message that contain the endpoint of the attacker to all peers of the team, this ensures that the attacker is removed from the peers list of all peers of the team as soon as possible.

4.11.1 A model of the impact of an attack

This mathematical model estimates the averages of poisoned chunks X into a team depending of number of trusted peers T, the numer of attackers peers A concurrently in a team and the P number of total peers (attackers or not) in the team. In addition, the model estimates the number of poisoned chunks that arrives to any peer, always in average values.

As noted in the begin of this section, the identity of the trusted peers is unknow for all except for the splitter. Moreover, the behavior of the attackers will be poison the maximun number of chunks. Note, however, that any intermediate selective situation with the chunks poisoned can be consider similar to this one (are poisoned all possible chunks) where the attackers number is lower.

Suppose initially that T = 1 (only exist one trusted peer in the team). In the more favorable situation (and unlikely) for an attacker, this could reach up to P 1 chunks if in the retransmission cycle the last chunk is sent to the only one trusted peer. Moreover, It may also happen that the first poisoned chunk sent by an attacker arrives to an only one trusted peer. In this case, only one chunk is poisoned. As the position of the peers is random, the average number of poisoned chunks when A = 1 and T = 1 is

X = P 1 + 1 2 = P 2 (10)

Suppose that exist more of one trusted peer (T > 1 and A = 1). As now the probability of deliver a poisoned chunk to a trusted peer increment proportionality with T, the average number of poisoned chunks would be T times lower, i.e., the average number of poisoned chunks would be

X = P 2T (11)

Finally, if there is more of one attacker (T > 1 and A > 1), that amount would be multiplied by A (suppose that the A attackers poisons the chunks in parallel), getting

X = AP 2T (12)

From this expression can be derived two hypotheses. The first one, that the impact of an attack depends of the ratio between number of attackers and trusted peers ( expected behavior ). And second, that when A and T are of the same order the average poisoned chunks tend to be P2 In the case of exist also normal peers, clearly X will increase. For example, if there is a friendly peer too, X will increase in a poisoned chunk per each concurrently attacker in the team. Therefore, it’s determined that

X = AP 2T + (P A T) (13)

As seen, the latter term does not significantly affect the average number of poisoned chunks, unless the team is very large, in which case, the attack is diluted because never the number of received chunks for each peer in the same retransmission cycle can be bigger than A.