400 likes | 746 Views
Peer-to-Peer Network Security. 1 st March 2013 Symposium on Privacy & Security 2013, IIT, Kanpur. Chittaranjan Hota Dept. of Computer Sc. & Information Systems hota@hyderabad.bits-pilani.ac.in. Growth of the Internet. Source: Internet World Stats.
E N D
Peer-to-Peer Network Security 1st March 2013 Symposium on Privacy & Security 2013, IIT, Kanpur Chittaranjan Hota Dept. of Computer Sc. & Information Systems hota@hyderabad.bits-pilani.ac.in
Growth of the Internet Source: Internet World Stats Source: Cisco VNI Global Forecast, 2011-2016
Leading Applications Source: Sandvine Global Internet Phenomena Report, 2012 Internet bandwidth usage estimation report, 2011
Pirate Bay Indian ISPs Unblock Torrent Sites After Madras High Court Order Consortium of internet providers win fight to access legitimate content on the P2P file-sharing sites. Finally its a sigh of relief from millions of BitTorrent users across India as the Madras High Court has ruled that Indian ISPs should not block the entire website for preventing a single content to be shared online. July 2012 May 2012
Mobile world By 2020 Each Person Will Own 7+ Connected Devices Source: Traffic and Market data report Ericsson, June 2012
Have you ever wondered? • 966 million P2P searches every day. • 800,000 of which include terms like credit cards, tax returns, bank accounts, medical insurance, and passwords. Source: www.idtheftcenter.org
Some news… Blueprints of Marine One helicopter leaked, SC Magazine, March 2009 Skype used by hackers to attack Windows PC, Times of India, Oct 2012 "lol is this your new profile pic?" WikiLeaks mined popular P2P applications for data in the past, Tiversa Inc, 2011 • Federal Trade Commission (FTC) notifies close to 100 US organizations about P2P security breach, Feb 2010
Cyber security threats reported to CERT-in • Threat alert: Indian Internet systems under attack, Feb 24, 2013 (Bamital trojan) 14000 12000 10000 8000 Others Website Intrusion and Malware propagation Spam 6000 Virus/Malicious code Network scanning/Probing Phishing 4000 2000 0 2004 2005 2006 2007 2008 2009 2010 2011 Source: Institute for Defense Studies and Analyses task force report, March 2012
What is a P2P Network? C E F P2P overlay layer H A G D B A C E F H AS1 AS4 AS6 B AS2 Native IP layer D AS5 G AS3
Generic P2P Architecture Search API Content Storage Overlay Messaging API Routing and Forwarding Neighbor Discovery Join/Leave Bootstrap Peer Role Selection Capability & Configuration NAT/ Firewall Traversal Operating System
Examples of P2P Networks DC++ GNUnet
Security Gap in P2P Peer A Peer B Internet Protected Network A TCP Port Peer X Firewall Malicious Peer C
Effect of NATing on P2P Server Internet NAT P2P Application Public IP Addresses Private IP Addresses
NAT Traversal Application Relay Internet Private IP Addresses Private IP Addresses Public IP Addresses
Security threats: FilePollution original content polluted content pollution company
File Pollution pollution server pollution company File sharing network pollution server pollution server pollution server
File Pollution Unsuspecting users spread pollution ! Alice File sharing network Bob
Index Poisoning 46.100.80.23 index titlelocation file1 120.18.89.100 file2 46.100.80.23 file3 234.8.98.20 120.18.89.100 file sharing network 234.8.98.20
Index Poisoning 46.100.80.23 index titlelocation file1 120.18.89.100 file2 46.100.80.23 file3 234.8.98.20 file4 111.22.22.22 120.18.89.100 file sharing network 234.8.98.20 111.22.22.22
Fake Block Attack Victim Peer Genuine Blocks 5. Hash Fail 1. TCP Connection Genuine Blocks 3. Block Request 2. Fake BitMap 4. Fake Block Genuine Blocks Attacker
Node Insertion attack Victim peer A node insertion
Trust Management Centralized Peers Peers Super-peers Peers Ordinary Peers Hybrid P2P architecture Fully Decentralized P2P
Snort detecting P2P traffic Snort rules P2P apps running on campus detected…
Anonymization 172.16.90.25 is mapped to 1.0.0.1 and 172.16.2.163 is mapped to 1.0.0.2 all through Anontool in execution
Privacy preserving P2P classifier Protocol, Flags, Payload length Approaches for Measuring P2P Classification Efficiency for Intrusion Detection and Prevention Systems, Jagan Mohan Reddy, Abhishek Thakur, and Chittaranjan Hota, National Conference on Cyber Security, NCCS 2012, Defense Institute of Advanced Technology (DU), Pune, India, 2012.
Flow based P2P classification Feature calculation
S 12 13 S Multipath Routing Sybil Group1 3-1-8-6-7-4-13-14-12 S 3-4-13-12 3-1-2-5-6-7-4-13-12 3-4-13-14-12 3-1-8-6-7-4-13-12 3-7-4-13-12 9 3-7-4-13-14-12 1 1 S A.E1 10 S 6 8 A.E2 2 S 11 . V . . 5 V 7 Sybil Group2 3 S 3 A.E3 14 4 Honest Group Safeguarding against Sybil attacks via Social Networks and Multipath Routing, Chittaranjan Hota, Antti Ylä-Jääski, Janne Lindqvist and Kristine Karvonen,International Conference on Communications and Networking in China, Shanghai, China, 2007.
Replication File Owner Honest Node file2 file2 Sybil Node file1 file1 file3 Common Storage Detecting Sybils in Peer-to-Peer File Replication Systems, K. Haribabu, Chittaranjan Hota, and Saravana S, International Conference on Information Security and Digital Forensics, London, UK, 2009.
Psychometric Analysis Detecting Sybils in P2P Overlays using Psychometric Analysis Methods, K Haribabu, Arindam Pal, Chittaranjan Hota, IEEE International Conference on Advanced Information Networking and Applications (AINA), Singapore, 2011. GAUR: A method to detect Sybil groups in Peer-to-Peer overlays, Haribabu K, Chittaranjan Hota, and A Paul, Int. J. Grid and Utility Computing, IJGUC, Vol. 3, Nos. 2/3, Inderscience, 2012. BITS Pilani, Hyderabad Campus
References http://news.netcraft.com/archives/2007/05/23/p2p_networks_hijacked_for_ddos_attacks.htm S Mcbride, and G A Flower, Estimate of Film-piracy cost soars: Hollywood loss is put at $6.1b a year, The Wall Street Journal Europe, may 4th, 2006. Thomas Karagiannis, Andre Broido, Michalis Faloutsos, Kc claffy, Transport Layer Identification of P2P Traffic, in Proc. 4th ACM SIGCOMM conference on Internet measurement, pp. 121-134, 2004. Subhabrata Sen, Oliver Spatscheck, and Dongmei Wang, Accurate, Scalable InNetwork Identification of P2P Traffic Using Application Signatures, WWW 2004, May 2004. S Sen, Jia Wang, Analyzing Peer-To-Peer Traffic Across Large Networks, IEEE/ACM Transactions on Networking, Vol. 12, No. 2, April 2004. Thuy T T N, and G Armitage, A survey of Techniques for Internet Traffic Classification using Machine Learning, IEEE Communications Surveys & Tutorials, Vol. 10, No. 4, 2008. Hassan Khan, S A Khayam, L Golubchik, M. Rajarajan, and Michael Orr, Wirespeed, Privacy-Preserving P2P Traffic Detection on Commodity Switches, Available Online at www.xflowresearch.com Intrusion detection system: At: http://en.wikipedia.org/wiki/Intrusion_detection_system. P. Garcia-Teodoroa, J. Diaz-Verdejo, G.Macia-Fernandeza, and E. Vazquezb, Anomaly-based network intrusion detection: Techniques, systems and challenges, Computers and Security, vol. 28, Issue: 1-2, pp. 18-28, 2009. Gupta R, and Somani A K, Game theory as a tool to strategize as well as predict node’s behavior in peer-to-peer networks , International conf. on PDS, 2005, pp. 244-249. Roberto G Cascella, 2nd ENISA Workshop on Authentication Interoperability Languages held at the ENISA/EEMA European eIdentity conference, Paris, France, June 12-13, 2007. C Wang, Li Chen, H Chen, and K Zhou, Incentive Mechanism Based on Game Theory in P2P Networks, ITCS 2010, pp. 190-193. Sarraute, C., et al., Simulation of Computer Network Attacks, CoreLabs, Core Security Technologies, 2010. http://www.metasploit.com/ www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray www.metasploit.com/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids http://www.metasploit.com/modules/exploit/windows/smb/ms08_067_netapi Quinlan, J. R, C4.5: Programs for Machine Learning, Morgan Kaufmann Publishers, 1993. http://www.cs.waikato.ac.nz/ml/weka/ http://pytbull.sourceforge.net/ http://www.secdev.org/projects/scapy Massicotte, F. and Labiche, Y, An analysis of signature overlaps in Intrusion Detection Systems, Dependable Systems & Networks (DSN) IEEE/IFIP 41st International Conference, pp. 109-120, 2011. Cheng-Yuan Ho, Yuan-Cheng Lai, I-Wei Chen, Fu-Yu Wang, and Wei-Hsuan Tai, Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems, Communication Magazine, IEEE, pp.146-154, 2012. Sardar Ali, Hassan Khan, and Syed Ali Khayam, What is the Impact of P2P Traffic on Anomaly Detection?, Proceeding of 13th International symposium, Recent Advances in Intrusion Detection (RAID) 2010, pp. 1-7, 2010. Jeffrey Erman, et al. Identifying and Discriminating Between Web and Peer-to-Peer in the Network Core, WWW 2007, ACM, pp. 883-892. Genevieve B, et al., Estimating P2P traffic volume at USC, Technical Report, USC, June 2007. Alok Madhukar, Carey W, A Longitudinal Study of P2P Traffic Classification, IEEE International Symposium on Modeling, Analysis, and Simulation, CA, 2006, pp. 179-188. Hongwei C, et al., A SVM method for P2P traffic identification based on multiple traffic mode, Journal of Networks, Nov 2010, pp. 1381-1388. K Ilgun, et al, State transition analysis: A rule based intrusion detection approach, IEEE transactions on software engineering, Vol 21, 1995. F Jemili, et al, A framework for an adaptive intrusion detection system using bayesian network, IEEE Intelligence and Security Informatics, May 2007, pp.66-70.