Cryptography Reference
In-Depth Information
ring-based routing structure and ID space has been well-studied allowing us to com-
pare our performance results with others when the network is not under attack. This
validates our approach beyond the results of a mere simulation. Second, the structural
differences among variants of DHT implementations are not discernible in terms of
robustness. Indeed, most of the hash-based systems use a common architecture that
employs key-based routing [6]. Among many configurable parameters for Chord, we
considered
successor list size
to be the most important one to the reliability and stability
of the system. This was varied with different values to see its impact on the system's
maintenance cost and reliability.
Hybrid System.
This model aims to achieve better network performance similar to the
centralized systems while maintaining the reliability of the purely decentralized ap-
proaches. In hybrid systems, all nodes initially join both a decentralized and a cen-
tralized signaling channel. For instance, a super-node in the hybrid network is the cen-
tralized entity for its sub-network as well as a regular participant in the DHT channel.
Therefore, the hybrid designs inherit all their configuration parameters. Moreover, peers
in the hybrid network can utilize the primary (centralized) and secondary (decentralized)
signaling channels either in
serial
or
parallel
. In our implementation of hybrid systems,
frequent operations such as querying were done first using the centralized and then the
decentralized signaling path. This increases performance under normal operations while
maintaining robustness in case of attacks. However, for less frequent but more critical
functions, such as publishing new information, we used both channels at the same time
to increase resilience without severely impacting the performance of the network.
4.2
Models for Alert Distribution
Publish-Subscribe Model.
In this model, peers have the option to subscribe to certain
classes of security events.
Polling
and
pushing
are available choices to implement this
model. For our experiments, we used the
polling
model with 30 seconds of polling
interval. This is a cost-effective and easy-to-implement solution, widely adopted by
most vendors for their online patching system.
Distributed Sensors Model.
In this model, participants with proper permission can be
sensors who can detect security incidents and initiate the alert propagation process. This
is typical model used to deploy large scale defense posture but it also comes with issues
of trust - the security information's integrity and node authentication. For our experi-
ment, only nodes with proper permission can publish new message to subscribers. Their
integrity is examined by super-nodes, in the case of centralized and hybrid mechanisms,
or peering nodes in charge of the ID segment, for distributed schemes.
5
Evaluation
In the section, we describe evaluation results for the alert distribution systems imple-
mented with three different control mechanisms. First, we explain the evaluation met-
rics and then we talk about the reason behind the choice of the Oversim simulation
framework. Lastly, we discuss our evaluation results with and without global adver-
saries. For each evaluation instance, all results are averaged over at least 10 iterations.
Search WWH ::
Custom Search