1 / 16

POPULAR POWER

POPULAR POWER. Security Issues of Peer-to-Peer Systems February 14, 2001 O’Reilly Peer-to-Peer Conference. Overview. Peer-to-peer security is hard Some old techniques, some new Example: Popular Power. POPULAR POWER. Standard security concerns. Someone stealing my data

boyettk
Download Presentation

POPULAR POWER

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. POPULAR POWER Security Issues of Peer-to-Peer Systems February 14, 2001 O’Reilly Peer-to-Peer Conference

  2. Overview • Peer-to-peer security is hard • Some old techniques, some new • Example: Popular Power POPULAR POWER

  3. Standard security concerns • Someone stealing my data • Virus infecting my computer • Someone impersonating me • Someone modifying my data POPULAR POWER

  4. The Real Problem: the Network Anna Kournikova VBS/SST-A VBS/SST@MM OnTheFly ILOVEYOU VBS/Loveletter.a Melissa Trinoo Tribe Flood Network Creative W32/ProLin@MM Kalamar’s VBS Worm Generator +50,000 more Stacheldraht POPULAR POWER

  5. Client/Server Security: Understood • Make a secure server • Use firewall to restrict access to server • Encrypt all communications • Authenticate server to client • Authenticate client to server (oops) • Audit server: logs, tripwires, etc • Pray you have no bugs POPULAR POWER

  6. P2P Security is Harder • Each computer is untrusted • Peers don't have trust relationships • Capacity for rapid spread of trouble • Individuals can cause local damage that spreads • Everyone can be running different software • Code may be mobile; beware! • Decentralization can make auditing difficult • Complex systems: hard to understand POPULAR POWER

  7. Security Tools (not Solutions!) • Encryption • Authentication • Firewalls • Trust and Reputation • Sandboxes • Frameworks: SSL, Intel’s PTPTL, etc. POPULAR POWER

  8. Firewalls • Good things • Easy to set up • Restrict access to a “white list” of allowed traffic • Single point of control • Bad things • Unsubtle: Block all traffic on port, not application • Inflexible: Generally static rulesets • Single point of control • Difficult for users inside network to influence • Not an Internet-wide security solution POPULAR POWER

  9. Trust and Reputation Mechanisms • Give entities identities (pseudonymonous) • Create reputation sharing mechanism • Assign reputations to entities • Allow others to retrieve reputations • Use reputation to build trust relationships • Example: eBay • Example: Public key infrastructure • Verisign-style certificate hierarchies • PGP Web of Trust • Peer to Peer / decentralized solutions POPULAR POWER

  10. Secure Execution Environments • Essential for mobile code systems! • Traditional approaches • OS-based security • Ad-hoc mechanisms (VBS, Javascript, Emacs) • Sandboxes • Java Virtual Machine • Inferno / Dis • C# / CLR • NSA / VMWare: NetTop POPULAR POWER

  11. Example Application: Popular Power • Distributed computing • Centralized server • Untrusted clients • Mobile code • Must protect four different groups: • Our own servers • Client computers • Customers submitting jobs • The Internet itself POPULAR POWER

  12. Protecting Our Servers • Standard Unix server protection • Firewalls • Validating all input (Java – no buffer overflows) • Auditing servers • Offline signature keys POPULAR POWER

  13. Protecting Client Computers • Threat model: Byzantine failure • Malicious code • Buggy code • Secure execution environment • Java sandbox • Fine-grained policy model to add privileges • Authentication • Cryptographic protection on files, communication POPULAR POWER

  14. Protecting Job Submitters • Theft of intellectual property • Obfuscation of code • Encryption of data • “Shredding” of computation • Time to crack vs. value of data • Data manipulation – spoofing results • Redundant execution + verification • Reputations of client computers • Running checksums POPULAR POWER

  15. Protecting the Internet • Distributed denial of service • Load testing / quality of service monitoring • Malicious attack, or accident in programming • Careful authentication of job submission • Built-in failsafes in code • Built-in failsafes in system • Play nice with firewalls • Open question? POPULAR POWER

  16. Conclusion • There are lots of good security tools • Peer-to-peer has hard problems • Complex decentralized systems are inherently difficult to secure • We have an ethical responsibility to create secure systems POPULAR POWER

More Related