p2p Security Proposal S A AHSAN Rajon 0409052006

ON THE SECURITY ISSUES OF
PEER TO PEER NETWORKS

PRESENTED BY
S. A. AHSAN RAJON
STUDENT ID: 04 09 05 2006
M.ENGG. STUDENT,
COMPUTER SCIENCE AND ENGINEERING DISCIPLINE,
BANGLADESH UNIVERSITY OF ENGINEERING & TECHNOLOGY, BUET.
STUDY OBJECTIVES
 OBJECTIVES
 The main objective is to study the security
concerns of Peer-to-peer networks.
Studying Security threats of P2P Network
Identifying potential threats for P2P Network
Survey on the various existing P2P schemes with
security concerns.
Comparing the security aspects for P2P routing
schemes
Comparing the security aspects for P2P storage
schemes
Providing a framework for P2P Net Security.
ID# 0409052006 PROPOSAL PRESENTATION

September BANGLADESH
7, 2009 UNIVERSITY OF ENGINEERING AND TECHNOLOGY, BUET.
WHAT IS PEER-To-PEER(P2P) Network ???
 P2P Network is:
 The sharing of computer resources by direct exchange, rather
than requiring the intermediation of a centralized server.
 Centralized servers can sometimes be used for specific tasks
(system bootstrapping, adding new nodes to the network, obtain
global keys for data encryption).
 However, systems that rely on one or more global centralized
servers for their basic operation (e.g. for maintaining a global
index and searching through it Napster, Publius) are clearly
stretching the definition of peer to-peer. [Milojicic, 2002]
Milojicic et al. Peer to Peer

Computing, HP Laboratories,
March 2002

WHAT IS SECURITY?
 Security may be defied as the possibility to protect objects
in terms of confidentially, integrity and availability
[PFLEEGER]
 Thus the main aspects of security are [STEPHANOS]
 [PFLEEGER] Charles P Pfleeger, Security in Computing, Fourth Edition.

 [STEPHANOS] Stephanos Androutsellis Theotokis And Diomidis Spinellis, A Survey of Peer-to-
Peer Content Distribution Technologies, ACM Computing Surveys, Vol. 36, No. 4, December
2004,

WHY P2P SECURITY IS MORE COMPLEX ??
 As the nodes of a peer-to-peer network cannot rely on a central
server coordinating the exchange of content and the operation of
the entire network, they are required to actively participate by
independently and unilaterally performing tasks such as
 searching for other nodes,
 locating or caching contents,
 routing information and messages,
 connecting to or disconnecting from other neighboring nodes,
 encrypting, decrypting, retrieving, and verifying content, as well
as others.
 Providing desirable data security, that is confidentiality, authenticity

and availability in Peer to Peer Networks … is challenging as it
usually consists of a number of autonomous nodes and each node in
a general sense is free to transceive information with other(s)
whereas quality of service and anonymity is a quality factor.

WHY P2P SECURITY IS MORE COMPLEX ??
[contd.]
 NO CLEAR AND UNIFORM BORDER…HYBRID P2P
System.

ASPECTS OF SECURITY in P2P
 Prime Aspects of Security in P2P
 Security Concerns on Routing
 Security Concerns in Storage
 Security Concerns in Resource Sharing
 Security concerns on Copyrighting

SECURITY RISKS IN FILE SHARING
 IT security perceives the risks from P2P file sharing, Web
2.0, malware attacks and virtualization higher than
respondents in IT operations
 Only 36% of IT operations practitioners believe P2P file

sharing poses high or very high security risks.
 Forty-four percent of IT security practitioners consider P2P
a high or very high risk.
 P2P file sharing networks started with Napster by

enabling Internet users to share music files.
2009 Security Mega Trends Survey , Ponemon Institute
LLC, November 2008

SECURITY RISKS IN FILE SHARING
[contd.]
 Here is the
summary of
survey.
 2009 Security
Mega Trends
Survey ,
Ponemon
Institute LLC,
November
2008

SECURITY IN DATA SHARING SYSTEMS
 Availability
 Denial Of Service DOS attack
Use “amplification” mechanism of P2P system
 File availability
 File authenticity
 How do I know this is the file I am looking for?
Trust
 Anonymity
 Need anonymity at all layers of the network stack
Great debate still now…whether beneficial or detrimental
 Access Control
 Distributed Resource Management
 Usage Control
Neil Daswani, Hector Garcia-Molina, and Beverly Yang, “Open Problems in

Data-Sharing Peer-to-Peer Systems”, LNCS 2572, pp. 1–15, 2003.

SECURITY IN DATA SHARING SYSTEMS
(P2P Overlay Networks)
 Routing
 Secure nodeId assignment
 Robust routing primitives
 Ejecting misbehaving nodes
 Storage
 Quota architectures
 Distributed auditing
 Other forms of fairness
 Trust
 Trust formation
 Trust validation
Dan S. Wallach , “A Survey of Peer-to-Peer Security
Issues”, LNCS 2609, SPRINGER, pp. 42–57, 2003..

SECURITY CONCERNS FOR STRUCTURED OVERLAYS
 Structured overlays allow applications to locate

any object in a probabilistically bounded, small
number of network hops, while requiring per-
node routing tables with only a small number of
entries.
 Manipulating and Modifying this probabilistic
network-hopes and routing table of even a single
node and single entry may affect the total P2P Net
severely.
Dan S. Wallach , “A Survey of Peer-to-Peer Security Issues”, LNCS

2609, SPRINGER, pp. 42–57, 2003..

 A malicious node might give erroneous responses
to a request, both
 at the application level (returning false data to a
query, perhaps in an attempt to censor the data)
 or at the network level (returning false routes,
perhaps in an attempt to partition the network).
 Attackers might have a number of other goals,

including traffic analysis against systems that try
to provide anonymous communication, and
censorship against systems that try to provide
high availability.
 In addition to such “hard” attacks, some users may
simply wish to gain more from the network than they
give back to it.
 Such disparities could be expressed
 in terms of disk space (where an attacker wants to store
more data on p2p nodes than is allowed on the attacker’s
home node), or
 in terms of bandwidth (where an attacker refuses to use
its limited network bandwidth to transmit a file, forcing the
requester to use some other replica).

SECURITY CONCERNS FOR ROUTING OVERLAYS
 In Routing Overlay Model, to route messages efficiently,
all nodes maintain a routing table with the nodeIds of
several other nodes and their associated IP addresses.
 Moreover, each node maintains a neighbor set, consisting
of some number of nodes with nodeIds nearest itself in
the id space.
 Since nodeId assignment is random, any neighbor set
represents a random sample of all participating nodes.
 If there is any existence of any evil node in the neighbor

set, the overall assignment may be forge.

SECURITY CONCERNS OF STORAGE
 Storage is a problem of coordination.
 A user may seek to store files on a network to as a standard
data back-up measure, or to hide a document for later
retrieval.
 It is obvious that the amount of storage consumed by a
given node must be in proportion to the amount of storage
space they will give the network.
 Otherwise, free riding will result in too much data for the
storage space available.
A third party can give each client a quota, and refuse access
to the system for any part breaking their quota

POSSIBLE SECURITY ATTACKS
 The attacker in a peer-to-peer system may be the sender, the
responder, any node in the system or an outsider.
 The usual goal is to find out who the specific evil sender or
responder is, or what they are transferring.
 Alternatively, we can consider a global attacker who can see the

total network, with the additional goal of linking the sender and
receiver.
 If attackers can mostly surround a node, in any system, they can

usually degrade that node’s anonymity.
 Knowledge of the network topology is also useful for an attacker.

POSSIBLE SECURITY ATTACKS
 Time-to-Live Attacks
 Multiple Attackers or Identities
 Statistical Attacks
 Time-based attack
 Attacks as Nodes Leave or Join
 Denial of Service Attacks

SECURITY (NEW ISSUES)
 Multi-key encryption
 Anonymity requirement for Publius
 Digital Rights Management
 Reputation and Accountability
 Firewall Traversal and Hidden Peers
Milojicic et al. Peer to Peer Computing, HP Laboratories,

March 2002

SECURE ROUTING PRIMITIVES
 Secure routing primitive
 The secure routing primitive ensures that when a non-
faulty node sends a message to a key k, the message
reaches all non-faulty members in the set of replica roots
Rk with very high probability.
 Rk is defined as the set of nodes that contains, for each
member of the set of replica keys associated with k, a live
root node that is responsible for that replica key.
 In Pastry, for instance, Rk is simply a set of live nodes with
nodeIds numerically closest to the key.
 Secure routing ensures that
(1) the message is eventually delivered, despite nodes that
may corrupt, drop or misroute the message; and
(2) the message is delivered to all legitimate replica roots for
the key, despite nodes that may attempt to impersonate a
replica root.

SECURE ROUTING PRIMITIVES [contd.]
 Implementing the Secure Routing Primitive
requires the solution of three problems:
 Securely assigning nodeIds to nodes,
 Securely maintaining the routing tables, and
 Securely forwarding messages.

SECURE ROUTING PRIMITIVES [contd.]
 Secure nodeid Assignment
 ensures that an attacker cannot choose the value of nodeIds
assigned to the nodes that the attacker controls.
 Without it, the attacker could arrange to control all replicas of a
given object, or to mediate all traffic to and from a victim node.
 Secure Routing Table Maintenance

 ensures that the fraction of faulty nodes that appear in the
routing tables of correct nodes does not exceed, on average, the
fraction of faulty nodes in the entire overlay.
 Without it, an attacker could prevent correct message delivery, given
only a relatively small number of faulty nodes.
 Secure Message Forwarding

 ensures that at least one copy of a message sent to a key reaches
each correct replica root for the key with high probability.

P2P System Architecture
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories,

HPL-2002-57, March 8th, 2002

REFERENCES
 DS Wallach, A survey of peer-to-peer security issues, Lecture Notes in Computer Science, 2003 -
Springer
 E Sit, R Morris, Security considerations for peer-to-peer distributed hash tables, Proc. 1st
International Workshop on Peer-to-Peer Systems (2002 - Springer)
 M Bishop, What is computer security?, IEEE Security & Privacy, 2003.
 AW Loo, The future of peer-to-peer computing, Communications of the ACM, 2003
 R Janakiraman, M Waldvogel, Q Zhang, Indra: A peer-to-peer approach to network intrusion

detection and prevention, Twelfth IEEE International Workshops on Enabling, 2003.
 EK Lua, J Crowcroft, M Pias, R Sharma, S Lim, A survey and comparison of peer-to-peer overlay
network schemes, IEEE Communications Surveys & Tutorials, 2005
 S Androutsellis-Theotokis, D Spinellis, A survey of peer-to-peer content distribution technologies, -

ACM Computing Surveys, 2004
 N Daswani, H Garcia-Molina, B Yang , Open problems in data-sharing peer-to-peer systems, - Lecture

Notes in Computer Science, 2003 - Springer
 A Survey of Peer-to-Peer Network Security Issues, International Symposium on Software Security

(Tokyo, Japan), November 2002.

THANK YOU …


p2p Security Proposal S A AHSAN Rajon 0409052006

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

p2p Security Proposal S A AHSAN Rajon 0409052006

Uploaded by

Copyright:

Available Formats

ON THE SECURITY ISSUES OF

PEER TO PEER NETWORKS

ID# 0409052006 PROPOSAL PRESENTATION

Milojicic et al. Peer to Peer

ID# 0409052006 PROPOSAL PRESENTATION

 [PFLEEGER] Charles P Pfleeger, Security in Computing, Fourth Edition.

ID# 0409052006 PROPOSAL PRESENTATION

 Providing desirable data security, that is confidentiality, authenticity

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

 Only 36% of IT operations practitioners believe P2P file

 P2P file sharing networks started with Napster by

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

Neil Daswani, Hector Garcia-Molina, and Beverly Yang, “Open Problems in

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

 Structured overlays allow applications to locate

Dan S. Wallach , “A Survey of Peer-to-Peer Security Issues”, LNCS

ID# 0409052006 PROPOSAL PRESENTATION

 Attackers might have a number of other goals,

ID# 0409052006 PROPOSAL PRESENTATION

 If there is any existence of any evil node in the neighbor

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

 Alternatively, we can consider a global attacker who can see the

 If attackers can mostly surround a node, in any system, they can

 Knowledge of the network topology is also useful for an attacker.

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

Milojicic et al. Peer to Peer Computing, HP Laboratories,

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

 Secure Routing Table Maintenance

 Secure Message Forwarding

ID# 0409052006 PROPOSAL PRESENTATION

From Peer-to-Peer Computing, Milojicic et al, HP Laboratories,

ID# 0409052006 PROPOSAL PRESENTATION

 M Bishop, What is computer security?, IEEE Security & Privacy, 2003.

 AW Loo, The future of peer-to-peer computing, Communications of the ACM, 2003

 R Janakiraman, M Waldvogel, Q Zhang, Indra: A peer-to-peer approach to network intrusion

 S Androutsellis-Theotokis, D Spinellis, A survey of peer-to-peer content distribution technologies, -

 N Daswani, H Garcia-Molina, B Yang , Open problems in data-sharing peer-to-peer systems, - Lecture

 A Survey of Peer-to-Peer Network Security Issues, International Symposium on Software Security

ID# 0409052006 PROPOSAL PRESENTATION

ID# 0409052006 PROPOSAL PRESENTATION

You might also like