Our Brothers’ Keepers: Secure Routing with High Performance

  • Alex Brodsky
  • Scott Lindenberg
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5340)


The Trinity [1] spam classification system is based on a distributed hash table that is implemented using a structured peer-to-peer overlay. Such an overlay must be capable of processing hundreds of messages per second, and must be able to route messages to their destination even in the presence of failures and malicious peers that misroute packets or inject fraudulent routing information into the system. Typically there is tension between the requirements to route messages securely and efficiently in the overlay.

We describe a secure and efficient routing extension that we developed within the I3 [2] implementation of the Chord [3] overlay. Secure routing is accomplished through several complementary approaches: First, peers in close proximity form overlapping groups that police themselves to identify and mitigate fraudulent routing information. Second, a form of random routing solves the problem of entire packet flows passing through a malicious peer. Third, a message authentication mechanism links each message to it sender, preventing spoofing. Fourth, each peer’s identifier links the peer to its network address, and at the same time uniformly distributes the peers in the key-space.

Lastly, we present our initial evaluation of the system, comprising a 255 peer overlay running on a local cluster. We describe our methodology and show that the overhead of our secure implementation is quite reasonable.


Secure routing peer authentication distributed hash tables 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brodsky, A., Brodsky, D.: A distributed content independent method for spam detection. In: Proc. of the 1st USENIX Workshop on Hot Topics in Understanding Botnet (2007)Google Scholar
  2. 2.
    Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet indirection infrastructure. IEEE/ACM Transactions on Networks 12(2), 205–218 (2004)CrossRefzbMATHGoogle Scholar
  3. 3.
    Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. In: Proc. of the ACM SIGCOMM 2001 Conference (2001)Google Scholar
  4. 4.
    Maniatis, P., Rosenthal, D., Roussopoulos, M., Baker, M., Giuli, T., Muliadi, Y.: Preserving peer replicas by rate-limited sampled voting. In: Proc. of the 19th ACM Symposium on Operating Systems Principles (2003)Google Scholar
  5. 5.
    Sit, E., Morris, R.: Security considerations for peer-to-peer distributed hash tables. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, D.: Secure routing for structured peer-to-peer overlay networks. In: Proc. of the 5th ACM Symposium on Operating System Design and Implementation (2002)Google Scholar
  7. 7.
    Mockapetris, P.: RFC 1034 – Domain Names - Concepts and Facilities. Internet Engineering Task Force (1987)Google Scholar
  8. 8.
    Mockapetris, P.: RFC 1035 – Domain Names - Implementation and Specification. Internet Engineering Task Force (1987)Google Scholar
  9. 9.
    Leighton, T., Maggs, B., Ranade, A., Rao, S.: Randomized routing and sorting on fixed-connection networks. J. Algorithms 17(1), 157–205 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Wallach, D.: A survey of peer-to-peer security issues. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 42–57. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A scalable content-addressable network. In: Proc. of the ACM SIGCOMM 2001 Conference, pp. 161–172 (2001)Google Scholar
  12. 12.
    Rowstron, A., Druschel, P.: Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, p. 329. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Zhao, B., Kubiatowicz, J., Joseph, A.: Tapestry: An infrastructure for fault-tolerant wide-area location androuting. Technical report (April 04, 2001)Google Scholar
  14. 14.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  15. 15.
    Haeberlen, A., Kouznetsov, P., Druschel, P.: Peerreview: practical accountability for distributed systems. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles, pp. 175–188 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Alex Brodsky
    • 1
  • Scott Lindenberg
    • 1
  1. 1.University of WinnipegWinnipegCanada

Personalised recommendations