1 / 23

Security Issues in P2P Systems

Security Issues in P2P Systems. Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu. Mainframe → Client-Server → P2P. Mainframe era: 1970’s Dumb terminals connected to a big mainframe

Download Presentation

Security Issues in P2P Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

  2. Mainframe → Client-Server → P2P • Mainframe era: • 1970’s • Dumb terminals connected to a big mainframe • Mainframes possibly networked together • Client-server: • Late 1980’s • Many clients, 1 user per client • Dedicated servers • Single client can access multiple servers • Significant computing resources on client • Peer-to-Peer (P2P) • Late 1990’s • Each computer is a client and a server • Takes on whatever role is appropriate for a given task at a given time • Harnesses computing and communication power of the entire network

  3. P2P versus Client-Server: Idealized View From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  4. No Clear Border From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  5. Hybrid P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  6. P2P Perspective From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  7. Napster From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  8. Power Server From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  9. Power Server Coordinator From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  10. Comparison of Different P2P Models From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  11. Taxonomy of Computer Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  12. Taxonomy of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  13. Classification of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  14. Taxonomy of P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  15. Taxonomy of P2P Markets From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  16. P2P Markets versus P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  17. P2P System Architecture From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  18. Security Issues in P2P Systems • Many old issues carry over • New issues emerge • Old issues are re-emphasized

  19. Security • Protection against malicious downloaded P2P application code • Enabling technologies • Java sandboxing • Trusted computing Old issue re-emphasized From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  20. Security (claimed to be new issues) • Multi-key encryption • Annonymity requirement for Publius • Sandboxing • Digital Rights Management • Reputation and Accountability • Firewall Traversal and Hidden Peers From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  21. Annonymity (is this a security issue?) From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  22. Security in Data Sharing Systems • Availability • DOS attack, e.g., chosen-victim attack • Use “amplification” mechanism of P2P system • File availability • File authenticity • How do I know this is the file I am looking for? • Anonymity • Lots of work in this area • Need anonymity at all layers of the network stack • Access Control • DRM • Usage Control From Open Problems in Data-Sharing Peer-to-Peer Systems, Neil Daswani, Hector Garcia-Molina, and Beverly Yang, LNCS 2572, pp. 1–15, 2003.

  23. Security in Data Sharing Systems(P2P Overlay Networks) • Routing • Secure nodeId assignment • Robust routing primitives • Ejecting misbehaving nodes • Storage • Quota architectures • Distributed auditing • Other forms of fairness • Trust From A Survey of Peer-to-Peer Security Issues, Dan S.Wallach, LNCS 2609, pp. 42–57, 2003..

More Related