430 likes | 450 Vues
This research paper explores various security issues in Peer-to-Peer (P2P) systems, including cryptography, network security, and intrusion detection. It discusses different P2P architectures and their advantages and disadvantages. The paper also examines the evolution of P2P architectures over time, from centralized to de-centralized to hybrid architectures. Relevant research topics in information security are covered, such as security in mobile communications, ad hoc networks, WiMax, multimedia, and P2P systems.
 
                
                E N D
P2P Security Min-Shiang Hwang Department of Computer Science and Information Engineering Asia University
Research Topics in Information Security • Cryptography • Network (System) Security • Security Model • Intrusion Detection • Applications • Security in Mobile Communications • Security in Ad Hoc Networks • Security in WiMax • Security in Multimedia • Security in P2P Systems • Security in …
Outline Introduction P2P Architectures Centralized Architecture De-centralized Architecture Hybrid Architecture (Supernode) Security Issues Conclusion
Evolution Centralized Architecture (1970) Client-Server Architecture (1990) Peer-to-Peer (P2P) Architecture (2000) Server Peer Peer Introduction (1/3) Terminal
Introduction (2/3) • Peer-to-Peer (P2P) is a communications model • Each node (peer) has both server and client capabilities • Each peer can initiate a communication session • Applications connect with each other directly Love.mp3 Love.mp3
Introduction (3/3) • Applications: • Instant Messaging • MSN Messenger、SKYPE • File Sharing • Napster • Gnutella • Chord • Distributed Computing • SETI@Home (to study the extraterrestrial signals) • Anti-Cancer For any complex problem, each peer in the P2P networking can compute a subproblem of the problem and quickly answer it; then all peers' answers are combined to get the correct answer to the problem.
P2P Architecture (1/27) • Centralized Architecture • Exists a central server in the network • Routing Management • Dynamic Group Management • De-centralized Architecture • Hybrid Architecture
P2P Architecture (2/27) Centralized Architecture 1 2 Central Server
P2P Architecture (3/27) Centralized Architecture Advantage Search can be quick and need very little bandwidth Disadvantage Single point of failure (server fails) Have limited scalability Can be easily attacked
user user user P2P Architecture (4/27) • Napster (2000) • A client had to connect to a specific server run by the individual or company that set up the network • Clients then transfer files between each other • It is the first service taking advantage of the enormous amounts of free storage placed in the Internet clients. Napster Server Search request user Search response Peer Download Peer
Napster Server P2P Architecture (5/27) • Napster: First Steps • File (Information) list is uploaded
Napster Server P2P Architecture (6/27) • Napster: Step 2 • User requests a search at server Request and results
Napster Server P2P Architecture (7/27) • Napster: Step 3 • User pings hosts that apparently have data. • Looks for best transfer rate Pings Pings
Napster Server P2P Architecture (8/27) • Napster: Step 4 • User retrieves file File Transmission
P2P Architecture (9/27) • De-centralized Architecture • No existing a central server in the network • Control and data are completely distributed • The overview of architecture • Advantage • No single point of failure • High scalability • Disadvantage • Lack of efficient of query • Query flooding
Server p P2P Architecture (10/27) • Gnutella (Host Cache) • It is a pure P2P protocol in contrast with Napster • It is a broadcast-type network • The core of the protocol consists of 5 descriptors • PING, PONG, QUERY, QUERY HIT and PUSH • A Peer needs to connect to 1 or more other Gnutella Peers in order to participate in the network Gnutella Network N QUERY 1 QUERY HIT 2 Server p2
P2P Architecture (11/27) Gnutella Find Hosts
P2P Architecture (12/27) Gnutella Ping
P2P Architecture (13/27) Gnutella Pong
P2P Architecture (14/27) Gnutella Pong
P2P Architecture (15/27) Gnutella Pong
P2P Architecture (16/27) Gnutella Query
P2P Architecture (17/27) Gnutella Query TTL=2
P2P Architecture (18/27) Gnutella query Query TTL=3
P2P Architecture (19/27) Gnutella Query Hit
P2P Architecture (20/27) Gnutella Download File
P2P Architecture (21/27) • Hybrid Architecture (Supernodes) • The Supernode functions is similar to that of the central server in the centralized architecture • Supernodes are normal peers that have been automatically elected • Each Supernode maintains a database of shared items • File identifier, their child are sharing • Metadata (file name, size) • Corresponding IP address of children • The overview of architecture
P2P Architecture (22/27) • Hybrid Architecture (Supernodes) • Advantage • High efficient of node locating and query • Efficiency of resource management • Disadvantage • The Supernode maybe results in bottleneck • Less of query efficient while a Supernode fails
P2P Architecture (23/27) - Chord (1/5) Chord provides improvements to the searching process Nodes in a network are organized in a circle Each node and each key have assigned identifiers Node identifiers: SHA1(IP address) Key Identifiers: SHA1(key itself) Each node need to maintain its predecessor and successor Each key is assigned to its successor
P2P Architecture (24/27) - Chord (2/5) • Simple Key Location • Sends the query to successors • Lack of efficient
P2P Architecture (25/27) - Chord (3/5) • Scalable Key Location • Finger table • The information stored in the Finger Table is used for scalable location N+2i-1
P2P Architecture (26/27) - Chord (4/5) • Scalable Key Location
P2P Architecture (27/27)- Chord (5/5) • Joining Node • Node 26 want to join the ring
Security Issues (1/4) • Security Types • Authentication • Authorization • Confidentiality (Encryption) • Integrity • P2P Systems Characteristic • Group Is Dynamic • Users Do Not Trust • Difficult To Trace Who Is Who (Anonymity) • Clients May Frequently Change • No Common Directory Services
Security Issues (2/4) P2P Security Threats DoS (Denial of Service) Attacks Access to Confidential Information Malicious Software Spyware Bundles Intellectual Property
Security Issues (3/4) Criteria (Requirements) Efficiency – Servers should not become bottleneck. Security Functions Security Requirements in P2P Secure Group Communications Uniform Credential Certification Interoperability in Security Policies Single Sign-on
Security Issues (4/4) Research Issues in P2P Systems Secure Communications for File Sharing (Napster, Gnutella, & Chord) Message Authentication for File Sharing Anonymity in P2P Systems Digital Right Management (DRM) for P2P Systems E-Payment Schemes for P2P Systems Intellectual Property for P2P Systems Verifying Computational Results for Distributed Computing Server-Assisted Authentication for Distributed Computing Secure Communications for Instant Messages P2P Intrusion Detection :
De-centralized P2P Architecture 7 8 love.mp3 6 4 5 3 2 1 Query love.mp3
Hybrid P2P Architecture Peer Peer Peer Peer Peer Peer Peer
Secure Communications for File Sharing Key Exchange Scheme E(K55, K14) E(K55, K32) : :
Message Authentication for File Sharing 7 8 love.mp3 6 4 5 3 2 Query love.mp3 1 Query love.mp3 (lovevirus.exe)