25
Peer-to-Peer Peer-to-Peer Networks & Music Networks & Music File Sharing File Sharing Tim Caserza Tim Caserza COEN 150 COEN 150 Holliday Holliday 6-2-04 6-2-04

Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Embed Size (px)

Citation preview

Page 1: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Peer-to-Peer Peer-to-Peer Networks & Networks & Music File Music File

SharingSharingTim CaserzaTim CaserzaCOEN 150COEN 150HollidayHolliday6-2-046-2-04

Page 2: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

OutlineOutline

What is peer-to-peer?What is peer-to-peer? History of peer-to-peerHistory of peer-to-peer Peer-to-Peer network designsPeer-to-Peer network designs The RIAA, the law, and music file The RIAA, the law, and music file

sharingsharing Peer-to-peer network security Peer-to-peer network security

concernsconcerns ConclusionConclusion

Page 3: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

What is Peer-to-Peer?What is Peer-to-Peer? Two main structures of network applicationsTwo main structures of network applications

Client/ServerClient/Server Peer-to-Peer (P2P)Peer-to-Peer (P2P)

Very simple example of client/server model: Very simple example of client/server model: web serversweb servers User’s web browser (client) requests a page from a User’s web browser (client) requests a page from a

web server. The web server processes the request web server. The web server processes the request and returns the appropriate content, displayed in and returns the appropriate content, displayed in user’s browser.user’s browser.

Server never requests a page from clientServer never requests a page from client Client disconnects from server once response is Client disconnects from server once response is

receivedreceived One-way transferOne-way transfer

Page 4: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

What is Peer-to-Peer? What is Peer-to-Peer? (continued)(continued)

Another example of client/server Another example of client/server model: File Transfer Protocol (FTP)model: File Transfer Protocol (FTP) User (client) connects to FTP server. User (client) connects to FTP server.

Client can browse files on server as well Client can browse files on server as well as upload and download files.as upload and download files.

Server cannot request files from client.Server cannot request files from client. Only one file transfer at a time, multiple Only one file transfer at a time, multiple

requests get queued.requests get queued. Client disconnects when he is finished.Client disconnects when he is finished.

Page 5: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

That’s great and all, but That’s great and all, but you still haven’t told us you still haven’t told us

what P2P iswhat P2P is P2PP2P

Everyone is both a client and a server (node)Everyone is both a client and a server (node) If you want a file from another user, you If you want a file from another user, you

download it (client). If another user wants a file download it (client). If another user wants a file from you, they download it from you/you upload from you, they download it from you/you upload it to them (server).it to them (server).

Multi-threaded: you can send and receive Multi-threaded: you can send and receive multiple files simultaneously.multiple files simultaneously.

Nodes connected to each other through a Nodes connected to each other through a networknetwork

Clients disconnect when they are finishedClients disconnect when they are finished

Page 6: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

History and Explanation of History and Explanation of Peer-to-Peer NetworksPeer-to-Peer Networks

UsenetUsenet NapsterNapster GnutellaGnutella GiaGia

Page 7: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

UsenetUsenet Originally designed to allow a UNIX computer Originally designed to allow a UNIX computer

to dial into another computer, exchange files to dial into another computer, exchange files and disconnectand disconnect

Has grown into an enormous news network Has grown into an enormous news network which uses the Network News Transport which uses the Network News Transport Protocol to enable a computer to efficiently Protocol to enable a computer to efficiently find newsgroups and read and post messagesfind newsgroups and read and post messages

Decentralized network– no one central Decentralized network– no one central authority, only thousands of individual nodes authority, only thousands of individual nodes that allow users to search through that allow users to search through newsgroupsnewsgroups

Paved the way for modern P2P networksPaved the way for modern P2P networks

Page 8: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

NapsterNapster Before Napster, music mainly shared through FTP Before Napster, music mainly shared through FTP

serversservers Developed by Shawn Fanning in 1999 as a means for Developed by Shawn Fanning in 1999 as a means for

people around the world to download music files and people around the world to download music files and share their own collections with other users on its share their own collections with other users on its networknetwork

Users connected to a centralized Napster server and Users connected to a centralized Napster server and the names of their shared files were sent and stored the names of their shared files were sent and stored on the central server on the central server

To search, a request was sent to the Napster server, To search, a request was sent to the Napster server, which searched its database for the requested song which searched its database for the requested song and replied with the locations of users on the network and replied with the locations of users on the network with the song available for download with the song available for download

Centralized server was the cause for the downfall of Centralized server was the cause for the downfall of NapsterNapster

Page 9: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

GnutellaGnutella The answer to centralized server problemsThe answer to centralized server problems Developed in 2000 by Justin Frankel and Tom Developed in 2000 by Justin Frankel and Tom

Pepper Pepper Uses decentralized serversUses decentralized servers

If one server is shut down the network is still thereIf one server is shut down the network is still there Many servers are in other countries with different lawsMany servers are in other countries with different laws Nearly impossible to shut down an entire networkNearly impossible to shut down an entire network

Searching uses “flooding”Searching uses “flooding” A search sends a request to all its neighbor nodes, A search sends a request to all its neighbor nodes,

which search their shared folders and forward the which search their shared folders and forward the search to all their neighbors, and so on until the entire search to all their neighbors, and so on until the entire network is searchednetwork is searched

Nodes are repeatedly searched many timesNodes are repeatedly searched many times Very inefficient, poor scalabilityVery inefficient, poor scalability

Page 10: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Problem With Napster and Problem With Napster and Gnutella NetworksGnutella Networks

Developed by one or two programmers, Developed by one or two programmers, rather than a team or group of programmersrather than a team or group of programmers

Did not have efficiency and scalability in Did not have efficiency and scalability in mindmind

Popularity of file sharing has caused Popularity of file sharing has caused researchers to take interest in the future of researchers to take interest in the future of P2P networksP2P networks

Researchers and engineers working to Researchers and engineers working to techniques to increase efficiency and techniques to increase efficiency and scalabilityscalability

Page 11: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

GiaGia

Still in developmentStill in development Search uses a random walk rather than Search uses a random walk rather than

floodingflooding Each node asks a “random” neighbor, who Each node asks a “random” neighbor, who

asks a “random” neighborasks a “random” neighbor Every node is “smart”Every node is “smart”

Aware of the connection speed and the number Aware of the connection speed and the number of shares on its neighbors of shares on its neighbors

Random walks are biased towards nodes Random walks are biased towards nodes more capable of handling many requests more capable of handling many requests

Page 12: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Still Not There YetStill Not There Yet

Gia is much more efficient and Gia is much more efficient and scalable than Gnutella, but still not scalable than Gnutella, but still not even close to the ideal solutioneven close to the ideal solution

Random walks are still very Random walks are still very inefficient, but they greatly reduce inefficient, but they greatly reduce duplicate queries of the same node duplicate queries of the same node in the same search in the same search

Doesn’t flood the networkDoesn’t flood the network

Page 13: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

The Recording Industry The Recording Industry Association of America Association of America

(RIAA)(RIAA) A trade group that represents the recording A trade group that represents the recording

industry and is responsible for recording and industry and is responsible for recording and distributing 90% of the music in the U.S. distributing 90% of the music in the U.S.

Biggest opponent to using peer-to-peer file Biggest opponent to using peer-to-peer file sharing for the purpose of sharing copyrighted sharing for the purpose of sharing copyrighted files illegally files illegally

Before Napster, the RIAA mainly dealt with Before Napster, the RIAA mainly dealt with tracking down illegal CD manufacturing facilitiestracking down illegal CD manufacturing facilities

Sued Napster for aiding its users in illegally Sued Napster for aiding its users in illegally distributing copyrighted music by providing a distributing copyrighted music by providing a central server for anyone to connect to and central server for anyone to connect to and distribute copyrighted music distribute copyrighted music

Page 14: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

P2P Music Sharing’s Effect P2P Music Sharing’s Effect on the RIAAon the RIAA

Page 15: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

The RIAA Takes ActionThe RIAA Takes Action January 2003 – RIAA begins filing January 2003 – RIAA begins filing

subpoenas to ISPs to release the identities subpoenas to ISPs to release the identities of the users that they had identified as of the users that they had identified as illegally sharing large amounts of musicillegally sharing large amounts of music

September 2003 – RIAA files 261 September 2003 – RIAA files 261 copyright lawsuits against individuals copyright lawsuits against individuals Offered amnesty to any of the 261 who Offered amnesty to any of the 261 who

promised to stop illegally downloading and promised to stop illegally downloading and sharing music filessharing music files

One and only warning to people illegally One and only warning to people illegally sharing musicsharing music

Page 16: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

RIAA Lawsuit StatisticsRIAA Lawsuit Statistics

As of the end of March 2004:As of the end of March 2004: 1977 people have been sued1977 people have been sued Thousands of small-scale sharers have Thousands of small-scale sharers have

received warningsreceived warnings Roughly one-fifth of those sued by the Roughly one-fifth of those sued by the

RIAA have settled out of court with the RIAA have settled out of court with the RIAA RIAA

Average settlement: $3000 fineAverage settlement: $3000 fine No lawsuits have been brought to trial No lawsuits have been brought to trial

yet yet

Page 17: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

How They Track How They Track Illegal File-SharersIllegal File-Sharers

Have programs to search the network for specific Have programs to search the network for specific files that are being shared illegallyfiles that are being shared illegally IP addresses of any responses are recordedIP addresses of any responses are recorded

RIAA determines the ISP hosting the IP address RIAA determines the ISP hosting the IP address linked to illegally sharing fileslinked to illegally sharing files Contacts the ISPContacts the ISP Informs them of the illegal activity Informs them of the illegal activity Lets them know they will be sued if the offending Lets them know they will be sued if the offending

material is not removed material is not removed ISP determines who was using the IP address at ISP determines who was using the IP address at

the time of the infraction the time of the infraction Shuts off their internet accessShuts off their internet access Contacts them and inform them of the situation Contacts them and inform them of the situation

Page 18: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Problems With the Problems With the ProcessProcess

RIAA might record wrong IP addressRIAA might record wrong IP address IP spoofing utilities availableIP spoofing utilities available Connections through proxiesConnections through proxies Open-source P2P applicationsOpen-source P2P applications

ISP might connect wrong person with IP ISP might connect wrong person with IP addressaddress

““Sue first and ask questions later” attitudeSue first and ask questions later” attitude Patriot Act allows subpoena of information of Patriot Act allows subpoena of information of

anyone suspected of illegal file-sharinganyone suspected of illegal file-sharing Lawsuit can be filed once they have the informationLawsuit can be filed once they have the information

Electronic Frontier Foundation (EFF) angered Electronic Frontier Foundation (EFF) angered by the process and abuse of Patriot Act, by the process and abuse of Patriot Act, defends those who have evidence to prove defends those who have evidence to prove their innocence in courttheir innocence in court

Page 19: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

““Oops!” Oops!” The RIAA Makes Some The RIAA Makes Some

MistakesMistakes Ross PlankRoss Plank

Accused of sharing hundreds of Latin Accused of sharing hundreds of Latin American music files on KazaaAmerican music files on Kazaa

Does not listen to Latin American musicDoes not listen to Latin American music Has never used KazaaHas never used Kazaa His records show he was not using the IP His records show he was not using the IP

address that the RIAA linked the address address that the RIAA linked the address to the illegal file sharing at the time they to the illegal file sharing at the time they linked itlinked it

Being defended by EFFBeing defended by EFF

Page 20: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

““Oops!” Oops!” They Did it Again…They Did it Again…

Sarah WardSarah Ward 65-year-old teacher65-year-old teacher Accused of sharing hundreds of music Accused of sharing hundreds of music

files illegally on Kazaafiles illegally on Kazaa Uses a Mac, which is unable to run Uses a Mac, which is unable to run

KazaaKazaa Only evidence: 3 screen shotsOnly evidence: 3 screen shots Case dropped by RIAA weeks laterCase dropped by RIAA weeks later

Page 21: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Study on the Security Study on the Security of P2P Networksof P2P Networks

Conducted by the U.S. House of Conducted by the U.S. House of Representatives Committee on Representatives Committee on Government reform in 2002-2003Government reform in 2002-2003

Findings:Findings: Great deal of personal/confidential data Great deal of personal/confidential data

being sharedbeing shared Many viruses, worms, Trojan horses Many viruses, worms, Trojan horses

found propagating through networkfound propagating through network Spyware and adware come with most Spyware and adware come with most

P2P applicationsP2P applications

Page 22: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Personal/Confidential Personal/Confidential Information SharedInformation Shared

On searches conducted by the committee using On searches conducted by the committee using Kazaa, the following were found freely available:Kazaa, the following were found freely available: Completed tax returns with social security numbers, income

and investment info Medical records of military personnel and military medical

supply records Confidential legal documents such as attorney-client

communications regarding divorce proceedings and living wills

Personal correspondence, including entire e-mail inboxes of individuals

Business files, including contracts and personnel evaluations Campaign and political records and private correspondence

with constituents Resumes with personal addresses, contact information, job

histories, salary requirements, and references Default setting when Kazaa is installed is to have Default setting when Kazaa is installed is to have

Kazaa find files on your computer to shareKazaa find files on your computer to share May find files you didn’t indend to shareMay find files you didn’t indend to share

Page 23: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Viruses, Worms, Trojan Viruses, Worms, Trojan Horses Horses

in P2P Networksin P2P Networks Easily spread by users who are not Easily spread by users who are not

educated on malicious programs, and not educated on malicious programs, and not cautions when downloading programscautions when downloading programs

Report done by ZDNet found Report done by ZDNet found eight worms infected P2P networks between May and September 2002

Benjamin worm: Created and shared new Kazaa folders Masked itself as popular music and other

multimedia files

Page 24: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

Spyware and AdwareSpyware and Adware Come with many P2P applications like Come with many P2P applications like

KazaaKazaa Spyware:Spyware:

Tracks surfing habits, purchases, etc. and Tracks surfing habits, purchases, etc. and reports info back to creatorsreports info back to creators

Could be used to collect credit card information Could be used to collect credit card information and other private information and other private information

Adware:Adware: Causes annoying pop-up ads to appear even Causes annoying pop-up ads to appear even

when not surfing the internetwhen not surfing the internet Is not outlawed because accepting the Is not outlawed because accepting the

EULA gives the application permission to EULA gives the application permission to install the spyware and adwareinstall the spyware and adware

Page 25: Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday6-2-04

ConclusionConclusion Security issues need to be addressed in Security issues need to be addressed in

future P2P applicationsfuture P2P applications Users of P2P networks need to be educated Users of P2P networks need to be educated

on how to properly use their P2P applicationon how to properly use their P2P application Avoid sharing personal/confidential informationAvoid sharing personal/confidential information Avoid spreading viruses, worms and Trojan HorsesAvoid spreading viruses, worms and Trojan Horses Learn how to remove spyware and adwareLearn how to remove spyware and adware

Lawmakers need to be educated on P2P and Lawmakers need to be educated on P2P and constantly updated on it so the law stays up constantly updated on it so the law stays up to date with the technologyto date with the technology