P2P networks are utilized today in various contexts, for example, for file sharing or voice-over-IP. The P2P networks are classified as structured and unstructured networks. Structured P2P networks employ a globally consistent protocol to ensure that any peer can efficiently route a search to some peer that has the desired file or service. To achieve this, a structured pattern of overlay links is employed. The most common type of structured P2P networks are DHT (Distributed Hash Table) based networks. An example of a P2P DHT network is Chord (see Stoica et al., “Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications,” in Proceedings of the ACM SIGCOMM '01 Conference, San Diego, Calif., August 2001, pp. 149).
In the DHT, the information is stored among all the peers in the form of a hash table with several <key, value> pairs. When a peer in the overlay needs certain information, the peer has to perform a lookup of the key, and then to retrieve a value associated with the key if the key is stored in another peer. Traditional DHT algorithms use the concept of finger tables in order to route packets through the overlay. Each peer in a P2P overlay that uses the Chord DHT has a finger table. The finger table includes a list of pointers to other peers and a neighbor table, which is a list of the peers that are located one or few hops from the given peer. A peer is considered in this context to be a device.
For maintaining a fully functional P2P network, its peers need to constantly maintain their finger tables. This is achieved through probing other peers and observing the results. Due to the nature of the P2P networks, when all peers have correct finger tables, the whole P2P network is stable from a routing point-of-view. However, in the real world, peers constantly join and leave the P2P network, thereby, requiring the remaining peers to continuously update their finger tables. In addition, there are defective or malicious peers that drop the received data, or route the received data to a wrong peer (data forwarding problems) and these actions disrupt the functionality of the P2P network. A defective peers does not have the intention to disrupt the data traffic while a malicious peers has that intention. Thus, there are many ways in which a peer can disrupt the network. All these peers that are either defective or malicious are generically called herein as faulty peers.
As a result of the existence of the faulty peers, the network and its peers are unable to distinguish whether data forwarding problems are caused by churn (joins and/or leaves) or by a malicious peer having incentives to disrupt the network's normal operation. In other words, a peer sending information to the P2P network cannot know why the traffic is not reaching the destination peer. Moreover, even having the knowledge of an on-going attack, it is hard for a peer to mitigate the attack's effects because the culprit is unknown.
The detection of malicious peers in a P2P overlay is an ongoing problem that is yet to be completely solved. Current P2P networks do not have the ability of detecting malicious peers that misroute the packets or the ability to detect if a node is dropping the packets.
There are some approaches for achieving this functionality as discussed next. However, these approaches have their limitations. One approach is hop testing. It consists of using iterative routing to check the behavior of each hop in a route. Without iterative routing, this test is not usable and it is inefficient if the malicious peer is placed close enough to the target peer. Moreover, this approach is costly because it requires a large amount of messages to be exchanged between various peers.
Another approach is using an alternative routing path if the original routing path fails. This approach consists on analyzing the reply of the possible malicious peer, i.e., if the peer does not reply after a certain timeout or if the reply arrives too late (being therefore incorrectly routed). If this happens, the query is repeated over an alternative path. This approach only palliates the problem by trying a different path, but it does not help to localize the malicious peer.
Still another approach implements parallel routing. This approach assesses whether a node is responsible for a key or not. The approach sends one message to the suspected node using normal routing, then it sends a test message using iterative routing and an alternative path is opened. This method is not commonly used since it often generates false positives. The method also requires specially formatted messages.
From the above-discussion of the traditional approaches, it is noted that they focus on ensuring that the messages arrive to the destination, rather than detecting the peer or peers responsible for the incorrect routing and preventing them from continuing such behavior. Moreover, the existing approaches fail to prevent such behavior if the attacker is located close to the victim or if the network density is dissimilar. The existing approaches also require some amount of information regarding the full path route or the use of direct messages for each peer using expensive iterative routing. In addition, these approaches have to be performed in collaboration by several nodes.
Thus, there is a need to develop a new approach that can be performed by a single node, does not need supplementary information and also is capable to detect the position of the malicious peer. Accordingly, it would be desirable to provide devices, systems and methods that avoid the afore-described problems and drawbacks.