# CAPnet: A Defense Against Cache Accounting Attacks on Content   Distribution Networks

**Authors:** Ghada Almashaqbeh, Kevin Kelley, Allison Bishop, Justin Cappos

arXiv: 1906.10272 · 2019-06-26

## TL;DR

CAPnet introduces a lightweight puzzle-based method to ensure cache accountability in peer-assisted CDNs, effectively preventing collusion attacks while maintaining high scalability and performance for content delivery.

## Contribution

This paper presents CAPnet, a novel cache accountability scheme that bounds the effectiveness of accounting attacks in hybrid CDN systems using a lightweight puzzle mechanism.

## Key findings

- Caches can be held accountable with minimal overhead.
- The system scales to hundreds of thousands of clients.
- Puzzle solving rate supports high-definition video streaming.

## Abstract

Peer-assisted content distribution networks(CDNs) have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-to-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work.   In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content (or at least an amount of data within a pre-configured bound) has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth - enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.10272/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1906.10272/full.md

## References

24 references — full list in the complete paper: https://tomesphere.com/paper/1906.10272/full.md

---
Source: https://tomesphere.com/paper/1906.10272