The Pollution Attack in P2P Live
Video Streaming: Measurement
Results and Defenses
Prithula Dhungel
Xiaojun Hei
Keith W. Ross
Nitesh Saxena
Polytechnic University
1
The Pollution Attack
• Attacker joins an ongoing video
channel
• Attacker advertises it has a large
number of chunks
• When neighbors request chunks,
attacker sends bogus chunks
• Receiver plays back bogus chunks
• Each receiver may further forward
the polluted chunks
2
Peer
Peer
request
Peer
Polluter
Peer
Peer
Peer
Peer
3
Contributions
• Identified the pollution attack in P2P
live video streaming applications
• Verify via experimental results (in
PPLive) that pollution attack can be
devastating
• Survey possible defenses against the
attack
4
Pollution Experiment
Figure: PPLive pollution experiment setup
5
Measurement Results (1)
Figure: Number of peers viewing channel over experiment periods
6
Brooklyn Peer
Figure: Clean and polluted chunks to/from Brooklyn peer
7
Hong Kong Peer
Figure: Clean and polluted chunks to/from Hong Kong peer
8
Pollution Defense Mechanisms
• Blacklisting
• Traffic Encryption
• Chunk Signing
– Sign-All Approach
– Signature-Amortization Approaches
• Star Chaining
• Merkle Tree
– Sign-and-Correct Approach
9
Chunk Signing
• Use PKI
• Every video source has public-private key pair
• Source uses private key to sign the chunks
• Receiver uses public key of source to verify
integrity of chunk
10
“Sign-All” (1)
• Source
– Source signs each chunk
– Sends signature (“authentication
information”) with corresponding chunk
• Receiver
– Verifies each chunk individually using
authentication information and public key
of source
11
“Sign-All” (2)
 Chunk processing independence
 Bandwidth overhead
- For a stream of m chunks, m signatures
For 372 kbps channel with chunk size of
4000 bytes, around 3%
 Computation overhead
- 1 (expensive) signature operation per chunk
12
“Block Signing”
• Chunks organized into blocks
– Each block contains n chunks
• After generating n chunks, hash
concatenation of all hashes, and sign
result
• Reduces computation
• But can’t verify individual chunks
13
“Star Chaining”
• Chunks organized into blocks
– Each block contains n chunks
• After generating n chunks, calculate
authentication information for each chunk
– Signed hash of concatenation of all chunk hashes
– Along with, all hashes of other n-1 chunks
• Receiver, chunk by chunk:
– Applies public key to get hash of hashes
– Verifies by concatenating hash of current chunk
with those of the n-1 chunks, and taking hash
14
“Star Chaining”
 Computation overhead –> 1 signature per block
 Loss –> If some chunks are lost in block, can
still decode rest
 Bandwidth overhead -> for block of n chunks,
n-1 hashes + n signatures
For channel of bitrate 372 kbps and chunk size
of 4000 bytes, n = 32, about 16%
15
“Merkle Tree”
 Computation overhead –> 1 signature per block
 Loss –> If some chunks are lost in block, can still
decode rest
 Bandwidth overhead -> nlog2n hashes + n signatures
(about 5%)
16
Conclusion
• The pollution attack can be devastating
• Defenses:
– Signature Amortization (Merkle Tree) – less computational
overhead and delay at receiver but more bandwidth overhead
– Sign-and-Correct – less bandwidth requirement but higher
processing delay and computational requirement
• Based on requirements of the application, either of
the two could be used
17
References
[1] C. K.Wong and S. S. Lam. Digital
signatures for flows and multicasts.
IEEE/ACM Trans. Netw., 1999.
[2] A. Lysyanskaya, R. Tamassia, and N.
Triandopoulos. Multicast authentication
in fully adversarial networks. In IEEE
Symposium on Security and Privacy,
2004.
18
Thank You!