] >
The CIS (Content Integrity Set of rules) is responsible for fighting against a DoS (Denial of Service) attacks by stream spoiling (also known as pollution attacks). This action could be carried out by possible custom implementations of peers that might to poison∗ ∗A poisoned chunk is a chunk that seems to be OK, but which the sender has changed in such a way that when played, introduces no information (for example, a chunk filled with zeroes) or even wrong information. (by altering willfully) the content of the stream. This set of rules could be also useful in those situations where the transmission links are error-prone and the error detection mechanism of the underlaying transport protocol has been disabled.
In the CIS is proposed use a hash of the content of Chunks to discover a attacker peer. The rules are:
This mathematical model estimates the averages of poisoned chunks into a team depending of number of trusted peers , the numer of attackers peers concurrently in a team and the number of total peers (attackers or not) in the team. In addition, the model estimates the number of poisoned chunks that arrives to any peer, always in average values.
As noted in the begin of this section, the identity of the trusted peers is unknow for all except for the splitter. Moreover, the behavior of the attackers will be poison the maximun number of chunks. Note, however, that any intermediate selective situation with the chunks poisoned can be consider similar to this one (are poisoned all possible chunks) where the attackers number is lower.
Suppose initially that (only exist one trusted peer in the team). In the more favorable situation (and unlikely) for an attacker, this could reach up to chunks if in the retransmission cycle the last chunk is sent to the only one trusted peer. Moreover, It may also happen that the first poisoned chunk sent by an attacker arrives to an only one trusted peer. In this case, only one chunk is poisoned. As the position of the peers is random, the average number of poisoned chunks when and is
(10) |
Suppose that exist more of one trusted peer ( and ). As now the probability of deliver a poisoned chunk to a trusted peer increment proportionality with , the average number of poisoned chunks would be times lower, i.e., the average number of poisoned chunks would be
(11) |
Finally, if there is more of one attacker ( and ), that amount would be multiplied by (suppose that the attackers poisons the chunks in parallel), getting
(12) |
From this expression can be derived two hypotheses. The first one, that the impact of an attack depends of the ratio between number of attackers and trusted peers ( expected behavior ). And second, that when and are of the same order the average poisoned chunks tend to be In the case of exist also normal peers, clearly will increase. For example, if there is a friendly peer too, will increase in a poisoned chunk per each concurrently attacker in the team. Therefore, it’s determined that
(13) |
As seen, the latter term does not significantly affect the average number of poisoned chunks, unless the team is very large, in which case, the attack is diluted because never the number of received chunks for each peer in the same retransmission cycle can be bigger than .