'Suicide nodes' defend networks from within

 作者:干瘼逖     |      日期:2019-03-01 06:02:04
By Paul Marks A selfless act of destruction – exemplified by the way honeybees die to defend their hive – has inspired a novel way of securing computer networks against malicious hackers. The approach works by giving all the devices on a network – or “nodes” – the ability to destroy themselves, taking any nearby malevolent device with them. “Bee stingers are a relatively strong defence mechanism for protecting a hive, but whenever the bee stings, it dies,” says Tyler Moore, a security engineer at the University of Cambridge in the UK. Self-sacrifice provides a check against malicious nodes attacking legitimate ones. “Our suicide mechanism is similar in that it enables simple devices to protect a network by removing malicious devices – but at the cost of its own participation,” Moore adds. The technique they have developed, called “suicide revocation,” lets a single node decide quickly whether another node’s behaviour is malevolent and shut it down. But there’s a drastic cost: the single node must deactivate itself too. It simply broadcasts an encrypted message declaring itself and the malevolent node dead. The aim is to address an emerging risk as networks increasingly become distributed rather than centralised, says Moore’s colleague Ross Anderson. Computers on a normal network operate under the control of a central server, but distributed networks have no centralised control. Instead, organisation of the network is distributed between individual devices, which can make the network both more efficient and more robust. But this is not without risks, says Moore. “Some devices may be compromised and made to transmit misleading data. Devices must be able to detect and respond to this misbehaviour.” To protect such networks from intruders, Moore, Anderson and colleagues looked to find the most efficient and reliable way to remove misbehaving devices from ad-hoc networks. One way is for select groups of nodes to vote to “blackball” a fellow node that is behaving suspiciously. If a majority agrees, the node can thereafter be ignored. But blackballing is slow and also allows malicious nodes to vote out legitimate ones. The Cambridge team looked to nature and came up with a more elegant answer. “Suicide attacks are found widely in nature, from bees to helper T-cells in the immune system,” says Anderson. “Bees coordinate defence without high bandwidth communications. It takes them a minute or so just to communicate the general direction of a threat.” Female bees die after stinging a large animal because the act of removing its stinging barb also tears the insect’s abdomen apart – the act also alerts other bees to attack. Although the ultimate goal is different, the Cambridge team says a similar technique could protect distributed networks. “Nodes must remove themselves in addition to cheating ones to make punishment expensive,” says Moore. “Otherwise, bad nodes could remove many good nodes by falsely accusing them of misbehaviour.” “It’s an interesting proposal,” says Jeremie Miller, the lead software architect behind a distributed search engine called Search Wikia. “This approach looks to be most useful in a peer-to-peer or ad-hoc network where someone can negatively influence another party in the network.” A distributed networks approach is used by the peer-to-peer system BitTorrent, which distributes large files amongst thousands of volunteer users – allowing them to be reassembled after download. Ad-hoc wireless communications and sensor networks use a similar approach. Wireless ad-hoc networks are being planned for vehicle-to-vehicle (V2V) communications technology. This will let cars use radio signals to communicate their position and to automatically brake when collisions seem likely. The research was presented at the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks, held in Cambridge, UK,