© 2004-5 Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

© 2004-5 Ravi Sandhuwww.list.gmu.edu

Security Issues in P2P Systems

Prof. Ravi SandhuLaboratory for Information Security Technology

George Mason University

www.list.gmu.edu

[email protected]

2

© 2004 Ravi Sandhuwww.list.gmu.edu

Mainframe → Client-Server → P2P

• Mainframe era:• 1970’s• Dumb terminals connected to a big mainframe • Mainframes possibly networked together

• Client-server:• Late 1980’s• Many clients, 1 user per client• Dedicated servers• Single client can access multiple servers• Significant computing resources on client

• Peer-to-Peer (P2P)• Late 1990’s• Each computer is a client and a server• Takes on whatever role is appropriate for a given task at a given time• Harnesses computing and communication power of the entire network

3


P2P versus Client-Server: Idealized View

From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

4


No Clear Border


5


Hybrid P2P Systems


6


P2P Perspective


7


Napster

From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

8


Power Server


9


Power Server Coordinator


10


Comparison of Different P2P Models


11


Taxonomy of Computer Systems


12


Taxonomy of P2P Systems


13


Classification of P2P Systems


14


Taxonomy of P2P Applications


15


Taxonomy of P2P Markets


16


P2P Markets versus P2P Applications


17


P2P System Architecture


18


Security Issues in P2P Systems

• Many old issues carry over

• New issues emerge

• Old issues are re-emphasized

19


Security

• Protection against malicious downloaded P2P application code

• Enabling technologies• Java sandboxing• Trusted computing


Old issue re-emphasized

20


Security (claimed to be new issues)

• Multi-key encryption• Annonymity requirement for Publius

• Sandboxing

• Digital Rights Management

• Reputation and Accountability

• Firewall Traversal and Hidden Peers


21


Annonymity (is this a security issue?)


22


Security in Data Sharing Systems• Availability

• DOS attack, e.g., chosen-victim attack– Use “amplification” mechanism of P2P system

• File availability• File authenticity

• How do I know this is the file I am looking for?• Anonymity

• Lots of work in this area• Need anonymity at all layers of the network stack

• Access Control• DRM• Usage Control

From Open Problems in Data-Sharing Peer-to-PeerSystems, Neil Daswani, Hector Garcia-Molina, and Beverly Yang, LNCS 2572, pp. 1–15, 2003.

23


Security in Data Sharing Systems(P2P Overlay Networks)

• Routing• Secure nodeId assignment• Robust routing primitives• Ejecting misbehaving nodes

• Storage• Quota architectures• Distributed auditing• Other forms of fairness

• Trust

From A Survey of Peer-to-Peer Security Issues, Dan S.Wallach, LNCS 2609, pp. 42–57, 2003..

Documents

© 2004-5 Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University