Preventing Illegal Peer-to-Peer (P2P) using … is simple, easy-to-use, remains transparent to the user and effectively forbids the Internet piracy. It guarantees wiping out and the

Preventing Illegal Peer-to-Peer (P2P) Traffic Using SafeMedia’s Clouseau®

A WHITE PAPER

Perambur Neelakanta, PhD., C.Eng., Fellow IEE

Mahesh Neelakanta, M.S.

Copyright© 2007 SafeMedia Corporation. All Rights Reserved.

Abstract: The global presence of Peer-to-Peer (P2P) networks is explicit in today’s corporate, residential and academic arenas. The plethora of traffic in such networks consists of a menacing transfer of pirated software, pornographic materials as well as illegal copies of video and music files. The legal implications and the ethical and moral aspects of such traffic on networks have become topics of concern for CIOs and IT managers of the corporate sector and parents on the homefront. The ability to detect and stop P2P traffic at the premises of the endpoints (desktops and laptops) is key to stopping the proliferation of such illicit activities. The scope of this White Paper is to provide a critical evaluation and appraisal of the Clouseau® appliance-based solution from SafeMedia to block the illegal P2P traffic.

About the Authors: (Independent Consultants retained by SafeMedia Corporation). Perambur Neelakanta is Professor of Electrical Engineering and Mahesh Neelakanta is Director of Technical Services both in the College of Engineering & Computer Science, Florida Atlantic University,


Table of Contents Table of Contents........................................................................................................................................ 1 Table of Contents........................................................................................................................................ 2 List of Figures ............................................................................................................................................. 2 Executive Summary .................................................................................................................................... 3 Introduction................................................................................................................................................. 3 Clouseau® Technological Overview........................................................................................................... 5 The Testing Procedure and Methods (Phase I) ........................................................................................... 6 Areas of Analysis (Phase I)......................................................................................................................... 6

P2P Clients.............................................................................................................................................. 6 Fail-Safe Test Results ............................................................................................................................. 7 Power-On, Reset/Reboot, Return-To-Service Results............................................................................ 7

Sample Network Topologies for Deployment ............................................................................................ 8 Conclusion ................................................................................................................................................ 11 Appendix A – P2P Clients Tested* .......................................................................................................... 12

List of Figures Figure 1 : Residential Home DSL/Cable Modem....................................................................................... 8 Figure 2 : Small Business ........................................................................................................................... 9 Figure 3 : Medium Business ....................................................................................................................... 9 Figure 4 : University Campus with Multiple Clouseau Units................................................................... 10 Figure 5 : University Campus with Centralized Clouseau in HA Mode .................................................. 10

This White Paper is written as Clouseau® product (of SafeMedia Corporation) evaluation report and is provided “as-is” with no Warranties whatsoever. All the third-party brands, trademarks and/or names indicated in the White Paper are the property of their respective owners.


Executive Summary This White Paper examines the general problems faced as a result of P2P related informational piracy. It

shows how SafeMedia’s Clouseau® product line offers a manageable and cost-effective solution

designed to meet the challenges posed by the P2P based illegal transfer of digital information over the

Internet. Further addressed in this White Paper are facts concerning the simplicity of integrating

Clouseau® in the subnet part of any network of peers. The underlying network topologies for

deployment of the product are outlined so as to indicate the business value to the customers of the

product.

Introduction A lucid way of peer-to-peer (P2P) file-sharing became reality thanks to prolific Internet penetration and

sprouting of related business efforts. P2P has facilitated a seamless interlinking of computer systems that

enhanced the scope to exchange unlimited information between PCs. Concurrent to P2P, a networking

effort that was conceived with a gamut of technologies led to implementing alternative strategies (of

P2P) toward sharing a galaxy of digital content between peers.

Christened as the Darknet, it seeded the first generation P2P network realization with an application

and protocol layer riding on existing networks. It paved the path for P2P file-sharing. Unfortunately, the

underlying scheme also allowed the scam of illegal exchange and sharing of copyrighted materials such

as the CDs and DVDs via e-mails and newsgroups.

With the genesis of P2P setup as above, the associated networking was initially centralized, but later

modifications led to decentralized configurations via distributed networking where a desktop user is

made as a part of the network so as to perform server tasks of indexing, searching locally available

resources and route/relay the queries between peers. Relevant query protocol enables each peer to be

connected to a set of others; thus, an endless chattering of digital traffic could then take place across the

peers in search of requests and responses for digital data exchange. In this unhampered and humongous

volume of traffic, the up- and down-stream digital transmissions may largely include illegal transfer and

sharing of copyrighted materials creating a legacy of Internet piracy.

Blocking the copyrighted digital content – such as videos, movies and music is an effort widely

sought after so as to stamp out the Internet piracy. Such avenues would protect the businesses from the

P2P related losses; and, reduction of such losses equates to a boost in return-of-investment (RoI).


Ideally, a simple portable appliance/product, when placed in the premises of PC-to-Internet access and

curtails the illegal P2P flow has the versatility to combat the Internet piracy at large. Conceived thereof

is Clouseau®, a product of SafeMedia Corporation that has the magnificent potential to barricade the

subnets and hamper them from the menace of illegal P2P digital traffics and transactions.

The underlying strategy of the SafeMedia product is that it simply tracks and kills the pirated

information being attempted and negotiated for sharing between peers. All that is required is to place the

product (Clouseau®) in the subnet of a peer end entity (such as a Desktop). The associated core

technology, then detects, tracks and arrests the illegal P2P content transfers across networks and

between the subnets. Thus, it eradicates the illicit and unbridled proliferation of copyrighted digital

information materials. The presence of Clouseau® is transparent to the PC user, while its implementation

is just a plug and play technology. No changes to existing network topology are necessary in order to

deploy Clouseau®.

In summary, in today’s environment, the P2P technology via the Internet protocol has effectively

promoted massive illegal commercial potentials of sharing copyrighted digital information among peers.

P2P users typically linked through a distributed web of ad hoc servers can share content files of illicit

nature. Predominantly such transferred files contain copyrighted items such as CDs and DVDs –that is

unscrupulous P2P digital transfers have seen unsaddled paths of P2P networking and subnets. Such

transfers are destructive to businesses facing concurrent losses and reduced RoI of an enormous extent.

Therefore the SafeMedia Corporation has stepped in and has released its product, the Clouseau®,

which in a very simple way stops the P2P illegal transfers when installed at the premises of the users.

Such installation could be at homes or at a more extensive level such as in campus networking. The said

technology is simple, easy-to-use, remains transparent to the user and effectively forbids the Internet

piracy. It guarantees wiping out and the eradication of illegal P2P information transfers across the peer

network.

The Clouseau® is portable and cost-effective. Its efficient operation and performance considerations

are elucidated in terms of test details outlined in the following sections of this White Paper.


Clouseau® Technological Overview SafeMedia has developed an appliance (Clouseau®) based system that utilizes a variety of methods to track and eradicate P2P-based illegal transfer of digital information. The methods are listed and discussed below:

• Adaptive Finger Printing and DNA Markers – SafeMedia’s filtering system utilizes proprietary finger printing techniques to identify specific P2P clients/protocols. By using these DNA markers, Clouseau® is able to uniquely identify whether a packet is part of a P2P transaction or a regular Internet traffic. By studying the details in-depth, SafeMedia is able to avoid false-positives. In a series of tests conducted by us, Clouseau® did not block any normal packets including web HTTP(S) and VPN (ipSec and PPTP).

• Adaptive Network Patterns – Not all protocols can easily be identified with a single set of

packets. As such, Clouseau® is set to monitor packet flows and adapt its filtering technique on the basis of what it has already seen and what it sees now. This extensible system utilizes a technique called experience libraries that are described next.

• Experience Libraries – P2P clients and protocols are modified and improved on a continuous

basis. The process of adapting to this change and constantly being updated with the latest knowledge of such clients/protocols is the responsibility of the experience libraries indicated above. SafeMedia’s experience library is a knowledge base created from the actual operations of the clients and includes specific fingerprints/DNA makers in addition to the adaptive network patterns.

• Update – No P2P filtering appliance will function without constant updates. P2P clients and

protocols get changed every day. The process of adapting to this change and constantly being updated with the latest knowledge of such clients/protocols is the responsibility of the remote update subsystem. All of the methods adopted in the Clouseau® product described above are constantly evolving.

In addition to the above, Clouseau® also provides some unique improvements to the appliance model:

• Lights-Out Management – Clouseau® has been designed as a zero-maintenance appliance from the perspective of the customer. All updates are done automatically and do not require operator/administrative intervention.

• Network Invisibility – Clouseau® operates in a stealth mode when performing P2P filtering.

This allows the appliance to be completely invisible to attacks that may be launched on the device.

• Resilient and Self-healing – If any attacks are attempted on Clouseau® (say by someone who

may have physical access to the device), the internal self-protection measures are in place so as to protect the device from undesirable changes affecting the functionality of the appliance.


The Testing Procedure and Methods (Phase I) In conducting the tests on Clouseau® the following hardware and software tools were utilized:

• HP dv6000 Laptops running Windows XP+SP2 (for P2P client testing)

In addition, a Bellsouth Business DSL (6 Mbps downstream, 512 Kbps upstream) access loop was used without any inbound firewall to test the P2P Clients. A list of all the P2P clients that were tested is provided in Appendix A.

Areas of Analysis (Phase I) The following aspects of Clouseau® were addressed in the tests performed:

• Testing P2P clients that are publicly available for download on the Internet through Clouseau® in order to verify whether the protocols used by those clients are truly blocked in real-time

• Testing the failure modes (as described and indicated by SafeMedia) of Clouseau® including self-defense and self-healing features

• Testing the fault-tolerance/fail-safe and resiliency of Clouseau® under different situations such as power-failure, network cable disruption, high bandwidth and mal-formed packets

• Testing the reset/reboot time of Clouseau® Each of the above areas of analysis is now described in the following sections:

P2P Clients A list of the P2P clients that were tested is furnished in Appendix A. As can be seen from the list, a wide range of clients were tested and in each case, Clouseau® was able to consistently block the associated protocols and functionality. In most cases, the client would simply keep trying to reach other peers or SuperNodes ad infinitum. In a three cases during testing (Zapr, Azureus and eSnips), a new release of a client was observed which revealed a new protocol or change in protocol. In both cases, a fix was issued within hours of showing the client to the Clouseau® team. The clients/protocols were identified and updated signatures/templates were pushed to the production servers. The ability of Clouseau® to adapt to such new threats and changes reveals the flexibility of the product. As mentioned earlier, P2P clients and protocols are constantly evolving. The list on Appendix A covered a high percentage of the known popular clients as of the period of testing (1st Quarter, 2007). As new clients are released, the SafeMedia will deploy updates to the signatures/templates to the units in production.


Fail-Safe Test Results With the permission of SafeMedia’s developers, we (the consultants) were granted access into the Clouseau® operating environment. With this access, we proceeded to corrupt certain areas of the operating environment. This involved removing or corrupting key components of Clouseau®. During and after such changes, the Clouseau® still continued to operate in a resilient manner. In fact, Clouseau contains self-healing processes and watchdog methods which look for such changes and is able to dynamically restore the missing components without requiring a reboot or shutdown. After verifying these, we proceeded to reboot the system and the built-in fail-safes within Clouseau® were able to restore the operating environment completely to an added level of protection. Granted that the above tests do require physical access to the unit as well as a way to get into the operating environment, it still show the measures taken by the developers to prevent malicious actions against the appliance from shutting it down. In the case of remote exploits, Clouseau® uses a variety of methods to try and cloak itself from intruders. By acting as a bridge, it is a transparent device on the network. Network access via TCP/IP is only used when updates or maintenance is necessary. During normal operations, the system itself is inaccessible over the network. In addition, as inherent part of SafeMedia’s update mechanisms, Clouseau® is able to perform periodic updates throughout the day in order to maintain an up-to-date set of filters. Thus using a combination of resilient operations, self-healing techniques and built-in fail-safes, Clouseau® is able to protect itself from multiple types of attacks that may be imposed on it.

Power-On, Reset/Reboot, Return-To-Service Results With any appliance that works as a bridge, it is vital that a power-cycle and a reset or a reboot should cause as little disruption as possible to the underlying network. As such, we measured the return-to-service time window for Clouseau®. We defined “return-to-service” as starting with a device that is completely powered off but fully connected to the network and then applying power to the point where it is actively processing and filtering or passing packets to the network. The average time that Clouseau-100® took to return to full functionality was 45 seconds. In most environments where the Clouseau-100® appliance will be installed (residential and small-medium businesses), this time is more than acceptable. In more crucial environments, the High-Availability (HA) extensions to Clouseau® may provide Five 9’s uptime capability.

Sample Network Topologies for Deployment The following illustrations depict scenarios and are provided as examples of how to deploy Clouseau® in

common network environments.

Figure 1 : Residential Home DSL/Cable Modem Layout


Figure 2 : Small Business Layout

Figure 3 : Medium Business Layout


Figure 4 : A Layout of a University Campus with Multiple Clouseau® Units


Figure 5 : A layout of a University Campus with Centralized Clouseau® in HA Mode


Conclusion Suppressing illegal transfer of copyrighted digital information on P2P networks translates into a hike in the RoI of concerned businesses. Clouseau® a product of SafeMedia now comes in handy as a plug-and-play appliance at the user premises of the Desktops that so as to knock down the said illegal information flow. This White Paper examines and evaluates the functionality of using Clouseau® and portrays the efficacy of the product.


Appendix A – P2P Clients Tested* Addax aimini Amembo ANts P2P ApexDC++ Ares Galaxy Ares Galaxy Professional Edition Ares Gold Ares Premium P2P Ares SE Azureus Beamfile BearFlix BearShare Bearshare MP3 BearShare Premium BearShare Premium P2P BearShare Turbo Bitcomet Bitcomet Turbo BitLord BitSpirit BitTorrent BitTorrent PRO Cabos CitrixWire DC++

DexterWire Dijjer eChanblardNext eMulePlus eSnips FileCroc Fireant FrostWire FurthurNet Gimme P2P Gnucleus Hamachi I2P I2Phex IfunPix Imesh Imesh MP3 Imesh Turbo KCeasy LimeWire Basic lphant Manolito Marabunta MLDonkey Morpheus Morpheus MP3 Morpheus Music Morpheus PRO

MP3 Rocket MurphsP2P Mute Myster Nodezilla Phex PowerFolder Proxyshare Rodi Rshare Shareaza Shareaza PRO Soulseek Syndie Tor Torpack Trilix TrustyFiles Pro Twister Vidalia Warez WinMX MP3 WinMX Music Xcaramba Xnap 3.0 pre zapr Zeus Zultrax

* These Third Party brands, trademarks and/or names are the property of their respective owners.

Documents

Preventing Illegal Peer-to-Peer (P2P) using … is simple, easy-to-use, remains transparent to the user and effectively forbids the Internet piracy. It guarantees wiping out and the