Construction of attack-resilient and efficient overlay topologies for large-scale P2P-based IPTV infrastructures

At the moment, the convergence of the Internet and classical content distribution forms (e. g., TV), towards IPTV systems is taking place. These systems will be one of the main sources of data traffic in the near future, especially when considering HDTV streams. Current IPTV systems are based mostly on a client-server architecture that is not scalable to large user groups. Streams have to be transmitted once per subscribed client, which heavily burdens network operators as well as service providers. In recent years, Application Layer Multicast (ALM) emerged as a promising and scalable distribution method as it incorporates end-users in the distribution. However, end-users are unreliable, can be easily attacked (e. g., by DoS attacks), and are potentially malicious. Such malicious nodes may attempt to disturb the overlay construction or attack disclosed overlay nodes directly. Moreover, ALM overlays are established on top of an underlying infrastructure network, so that failures and attacks on underlay components (links or routers) may disrupt several overlay paths concurrently. Most current ALM systems are vulnerable to attacks on end-nodes and underlay components. This Ph. D. thesis addresses the resilience of ALM-based IPTV overlays to the aforementioned attack forms. Thus, this thesis presents distributed mechanisms to establish near-optimal stable IPTV topologies with respect to overlay attacks by incorporating a highly heterogeneous user set. This includes a manipulation-resistant construction of near-optimal stable topologies in the presence of internal attackers. As a result, their damage can be significantly decreased. To increase the resilience against underlay attacks, an underlay-aware construction is presented that clusters nodes to subtrees according to their network positions. Hence, the overlay dependency on single underlay components decreases. In combination with a near-optimal stable construction, the established topologies are resilient to attacks on end-nodes and underlay components at the same time. To increase the efficiency of the IPTV system, virtual ALM routers are introduced that assist in the content distribution. They are deployed directly on network routers and adapt themselves to their overlay successor set by relocating their topological positions between neighboring network routers. As a result, ALM routers considerably decrease the traffic load in networks as well as the delay at end-users. The developed approaches have been extensively evaluated both individually and in combination in an integrated system called AREA IPTV. For this evaluation, novel metrics and attacker models have been developed, e. g., a novel model for a budgetconstrained DoS attacker that is supported by malicious nodes in the topology. The resulting IPTV topologies are resilient to attacks on end-nodes and underlay components. At the same time, they induce a low delay at end-users and decrease the traffic load in the network. Thus, AREA IPTV is resilient to different attack forms and it provides an efficient and scalable distribution of IPTV content.