1 / 23

Security Challenges in P2P Systems: Addressing Threats and Safeguarding Data

Peer-to-peer (P2P) systems face various security issues, both old and new, necessitating innovative protective measures. This article explores the emergence of security threats in P2P networks, highlighting key concerns such as malicious code, data authenticity, anonymity, and access control. It also delves into technologies like Java sandboxing and trusted computing that can fortify P2P security. The text examines the intricacies of securing data sharing systems in P2P overlay networks, covering aspects like routing, storage, fairness, and trust. By understanding these challenges and solutions, stakeholders can enhance the resilience of P2P ecosystems against potential risks.

letitiagarrison
Download Presentation

Security Challenges in P2P Systems: Addressing Threats and Safeguarding Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

  2. Mainframe → Client-Server → P2P • Mainframe era: • 1970’s • Dumb terminals connected to a big mainframe • Mainframes possibly networked together • Client-server: • Late 1980’s • Many clients, 1 user per client • Dedicated servers • Single client can access multiple servers • Significant computing resources on client • Peer-to-Peer (P2P) • Late 1990’s • Each computer is a client and a server • Takes on whatever role is appropriate for a given task at a given time • Harnesses computing and communication power of the entire network

  3. P2P versus Client-Server: Idealized View From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  4. No Clear Border From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  5. Hybrid P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  6. P2P Perspective From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  7. Napster From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  8. Power Server From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  9. Power Server Coordinator From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  10. Comparison of Different P2P Models From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  11. Taxonomy of Computer Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  12. Taxonomy of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  13. Classification of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  14. Taxonomy of P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  15. Taxonomy of P2P Markets From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  16. P2P Markets versus P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  17. P2P System Architecture From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  18. Security Issues in P2P Systems • Many old issues carry over • New issues emerge • Old issues are re-emphasized

  19. Security • Protection against malicious downloaded P2P application code • Enabling technologies • Java sandboxing • Trusted computing Old issue re-emphasized From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

  20. Security (claimed to be new issues) • Multi-key encryption • Annonymity requirement for Publius • Sandboxing • Digital Rights Management • Reputation and Accountability • Firewall Traversal and Hidden Peers From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  21. Annonymity (is this a security issue?) From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

  22. Security in Data Sharing Systems • Availability • DOS attack, e.g., chosen-victim attack • Use “amplification” mechanism of P2P system • File availability • File authenticity • How do I know this is the file I am looking for? • Anonymity • Lots of work in this area • Need anonymity at all layers of the network stack • Access Control • DRM • Usage Control From Open Problems in Data-Sharing Peer-to-Peer Systems, Neil Daswani, Hector Garcia-Molina, and Beverly Yang, LNCS 2572, pp. 1–15, 2003.

  23. Security in Data Sharing Systems(P2P Overlay Networks) • Routing • Secure nodeId assignment • Robust routing primitives • Ejecting misbehaving nodes • Storage • Quota architectures • Distributed auditing • Other forms of fairness • Trust From A Survey of Peer-to-Peer Security Issues, Dan S.Wallach, LNCS 2609, pp. 42–57, 2003..

More Related