1 / 42

P2P Security

P2P Security. Min-Shiang Hwang Department of Computer Science and Information Engineering Asia University. Research Topics in Information Security. Cryptography Network (System) Security Security Model Intrusion Detection Applications Security in Mobile Communications

ahollingsworth
Télécharger la présentation

P2P Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. P2P Security Min-Shiang Hwang Department of Computer Science and Information Engineering Asia University

  2. Research Topics in Information Security • Cryptography • Network (System) Security • Security Model • Intrusion Detection • Applications • Security in Mobile Communications • Security in Ad Hoc Networks • Security in WiMax • Security in Multimedia • Security in P2P Systems • Security in …

  3. Outline Introduction P2P Architectures Centralized Architecture De-centralized Architecture Hybrid Architecture (Supernode) Security Issues Conclusion

  4. Evolution Centralized Architecture (1970) Client-Server Architecture (1990) Peer-to-Peer (P2P) Architecture (2000) Server Peer Peer Introduction (1/3) Terminal

  5. Introduction (2/3) • Peer-to-Peer (P2P) is a communications model • Each node (peer) has both server and client capabilities • Each peer can initiate a communication session • Applications connect with each other directly Love.mp3 Love.mp3

  6. Introduction (3/3) • Applications: • Instant Messaging • MSN Messenger、SKYPE • File Sharing • Napster • Gnutella • Chord • Distributed Computing • SETI@Home (to study the extraterrestrial signals) • Anti-Cancer For any complex problem, each peer in the P2P networking can compute a subproblem of the problem and quickly answer it; then all peers' answers are combined to get the correct answer to the problem.

  7. P2P Architecture (1/27) • Centralized Architecture • Exists a central server in the network • Routing Management • Dynamic Group Management • De-centralized Architecture • Hybrid Architecture

  8. P2P Architecture (2/27) Centralized Architecture 1 2 Central Server

  9. P2P Architecture (3/27) Centralized Architecture Advantage Search can be quick and need very little bandwidth Disadvantage Single point of failure (server fails) Have limited scalability Can be easily attacked

  10. user user user P2P Architecture (4/27) • Napster (2000) • A client had to connect to a specific server run by the individual or company that set up the network • Clients then transfer files between each other • It is the first service taking advantage of the enormous amounts of free storage placed in the Internet clients. Napster Server Search request user Search response Peer Download Peer

  11. Napster Server P2P Architecture (5/27) • Napster: First Steps • File (Information) list is uploaded

  12. Napster Server P2P Architecture (6/27) • Napster: Step 2 • User requests a search at server Request and results

  13. Napster Server P2P Architecture (7/27) • Napster: Step 3 • User pings hosts that apparently have data. • Looks for best transfer rate Pings Pings

  14. Napster Server P2P Architecture (8/27) • Napster: Step 4 • User retrieves file File Transmission

  15. P2P Architecture (9/27) • De-centralized Architecture • No existing a central server in the network • Control and data are completely distributed • The overview of architecture • Advantage • No single point of failure • High scalability • Disadvantage • Lack of efficient of query • Query flooding

  16. Server p P2P Architecture (10/27) • Gnutella (Host Cache) • It is a pure P2P protocol in contrast with Napster • It is a broadcast-type network • The core of the protocol consists of 5 descriptors • PING, PONG, QUERY, QUERY HIT and PUSH • A Peer needs to connect to 1 or more other Gnutella Peers in order to participate in the network Gnutella Network N QUERY 1 QUERY HIT 2 Server p2

  17. P2P Architecture (11/27) Gnutella Find Hosts

  18. P2P Architecture (12/27) Gnutella Ping

  19. P2P Architecture (13/27) Gnutella Pong

  20. P2P Architecture (14/27) Gnutella Pong

  21. P2P Architecture (15/27) Gnutella Pong

  22. P2P Architecture (16/27) Gnutella Query

  23. P2P Architecture (17/27) Gnutella Query TTL=2

  24. P2P Architecture (18/27) Gnutella query Query TTL=3

  25. P2P Architecture (19/27) Gnutella Query Hit

  26. P2P Architecture (20/27) Gnutella Download File

  27. P2P Architecture (21/27) • Hybrid Architecture (Supernodes) • The Supernode functions is similar to that of the central server in the centralized architecture • Supernodes are normal peers that have been automatically elected • Each Supernode maintains a database of shared items • File identifier, their child are sharing • Metadata (file name, size) • Corresponding IP address of children • The overview of architecture

  28. P2P Architecture (22/27) • Hybrid Architecture (Supernodes) • Advantage • High efficient of node locating and query • Efficiency of resource management • Disadvantage • The Supernode maybe results in bottleneck • Less of query efficient while a Supernode fails

  29. P2P Architecture (23/27) - Chord (1/5) Chord provides improvements to the searching process Nodes in a network are organized in a circle Each node and each key have assigned identifiers Node identifiers: SHA1(IP address) Key Identifiers: SHA1(key itself) Each node need to maintain its predecessor and successor Each key is assigned to its successor

  30. P2P Architecture (24/27) - Chord (2/5) • Simple Key Location • Sends the query to successors • Lack of efficient

  31. P2P Architecture (25/27) - Chord (3/5) • Scalable Key Location • Finger table • The information stored in the Finger Table is used for scalable location N+2i-1

  32. P2P Architecture (26/27) - Chord (4/5) • Scalable Key Location

  33. P2P Architecture (27/27)- Chord (5/5) • Joining Node • Node 26 want to join the ring

  34. Security Issues (1/4) • Security Types • Authentication • Authorization • Confidentiality (Encryption) • Integrity • P2P Systems Characteristic • Group Is Dynamic • Users Do Not Trust • Difficult To Trace Who Is Who (Anonymity) • Clients May Frequently Change • No Common Directory Services

  35. Security Issues (2/4) P2P Security Threats DoS (Denial of Service) Attacks Access to Confidential Information Malicious Software Spyware Bundles Intellectual Property

  36. Security Issues (3/4) Criteria (Requirements) Efficiency – Servers should not become bottleneck. Security Functions Security Requirements in P2P Secure Group Communications Uniform Credential Certification Interoperability in Security Policies Single Sign-on

  37. Security Issues (4/4) Research Issues in P2P Systems Secure Communications for File Sharing (Napster, Gnutella, & Chord) Message Authentication for File Sharing Anonymity in P2P Systems Digital Right Management (DRM) for P2P Systems E-Payment Schemes for P2P Systems Intellectual Property for P2P Systems Verifying Computational Results for Distributed Computing Server-Assisted Authentication for Distributed Computing Secure Communications for Instant Messages P2P Intrusion Detection :

  38. De-centralized P2P Architecture 7 8 love.mp3 6 4 5 3 2 1 Query love.mp3

  39. Hybrid P2P Architecture Peer Peer Peer Peer Peer Peer Peer

  40. Secure Communications for File Sharing Key Exchange Scheme E(K55, K14) E(K55, K32) : :

  41. Message Authentication for File Sharing 7 8 love.mp3 6 4 5 3 2 Query love.mp3 1 Query love.mp3 (lovevirus.exe)

More Related