CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks

Ghada Almashaqbeh, Kevin Kelley, Allison Bishop, Justin Cappos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Peer-Assisted content distribution networks (CDNs)have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-To-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work. In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-Assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth-enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.

    Original languageEnglish (US)
    Title of host publication2019 IEEE Conference on Communications and Network Security, CNS 2019
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages250-258
    Number of pages9
    ISBN (Electronic)9781538671177
    DOIs
    StatePublished - Jun 2019
    Event2019 IEEE Conference on Communications and Network Security, CNS 2019 - Washington, United States
    Duration: Jun 10 2019Jun 12 2019

    Publication series

    Name2019 IEEE Conference on Communications and Network Security, CNS 2019

    Conference

    Conference2019 IEEE Conference on Communications and Network Security, CNS 2019
    CountryUnited States
    CityWashington
    Period6/10/196/12/19

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture
    • Information Systems and Management
    • Safety, Risk, Reliability and Quality

    Fingerprint Dive into the research topics of 'CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks'. Together they form a unique fingerprint.

    Cite this