Post on 26-Mar-2015
© 2004-5 Ravi Sandhuwww.list.gmu.edu
Security Issues in P2P Systems
Prof. Ravi SandhuLaboratory for Information Security Technology
George Mason University
www.list.gmu.edu
sandhu@gmu.edu
2
© 2004 Ravi Sandhuwww.list.gmu.edu
Mainframe → Client-Server → P2P
• Mainframe era:• 1970’s• Dumb terminals connected to a big mainframe • Mainframes possibly networked together
• Client-server:• Late 1980’s• Many clients, 1 user per client• Dedicated servers• Single client can access multiple servers• Significant computing resources on client
• Peer-to-Peer (P2P)• Late 1990’s• Each computer is a client and a server• Takes on whatever role is appropriate for a given task at a given time• Harnesses computing and communication power of the entire network
3
© 2004 Ravi Sandhuwww.list.gmu.edu
P2P versus Client-Server: Idealized View
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
4
© 2004 Ravi Sandhuwww.list.gmu.edu
No Clear Border
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
5
© 2004 Ravi Sandhuwww.list.gmu.edu
Hybrid P2P Systems
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
6
© 2004 Ravi Sandhuwww.list.gmu.edu
P2P Perspective
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
7
© 2004 Ravi Sandhuwww.list.gmu.edu
Napster
From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003
8
© 2004 Ravi Sandhuwww.list.gmu.edu
Power Server
From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003
9
© 2004 Ravi Sandhuwww.list.gmu.edu
Power Server Coordinator
From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003
10
© 2004 Ravi Sandhuwww.list.gmu.edu
Comparison of Different P2P Models
From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003
11
© 2004 Ravi Sandhuwww.list.gmu.edu
Taxonomy of Computer Systems
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
12
© 2004 Ravi Sandhuwww.list.gmu.edu
Taxonomy of P2P Systems
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
13
© 2004 Ravi Sandhuwww.list.gmu.edu
Classification of P2P Systems
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
14
© 2004 Ravi Sandhuwww.list.gmu.edu
Taxonomy of P2P Applications
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
15
© 2004 Ravi Sandhuwww.list.gmu.edu
Taxonomy of P2P Markets
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
16
© 2004 Ravi Sandhuwww.list.gmu.edu
P2P Markets versus P2P Applications
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
17
© 2004 Ravi Sandhuwww.list.gmu.edu
P2P System Architecture
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
18
© 2004 Ravi Sandhuwww.list.gmu.edu
Security Issues in P2P Systems
• Many old issues carry over
• New issues emerge
• Old issues are re-emphasized
19
© 2004 Ravi Sandhuwww.list.gmu.edu
Security
• Protection against malicious downloaded P2P application code
• Enabling technologies• Java sandboxing• Trusted computing
From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003
Old issue re-emphasized
20
© 2004 Ravi Sandhuwww.list.gmu.edu
Security (claimed to be new issues)
• Multi-key encryption• Annonymity requirement for Publius
• Sandboxing
• Digital Rights Management
• Reputation and Accountability
• Firewall Traversal and Hidden Peers
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
21
© 2004 Ravi Sandhuwww.list.gmu.edu
Annonymity (is this a security issue?)
From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002
22
© 2004 Ravi Sandhuwww.list.gmu.edu
Security in Data Sharing Systems• Availability
• DOS attack, e.g., chosen-victim attack– Use “amplification” mechanism of P2P system
• File availability• File authenticity
• How do I know this is the file I am looking for?• Anonymity
• Lots of work in this area• Need anonymity at all layers of the network stack
• Access Control• DRM• Usage Control
From Open Problems in Data-Sharing Peer-to-PeerSystems, Neil Daswani, Hector Garcia-Molina, and Beverly Yang, LNCS 2572, pp. 1–15, 2003.
23
© 2004 Ravi Sandhuwww.list.gmu.edu
Security in Data Sharing Systems(P2P Overlay Networks)
• Routing• Secure nodeId assignment• Robust routing primitives• Ejecting misbehaving nodes
• Storage• Quota architectures• Distributed auditing• Other forms of fairness
• Trust
From A Survey of Peer-to-Peer Security Issues, Dan S.Wallach, LNCS 2609, pp. 42–57, 2003..