1 / 8

Marcin Matuszewski marcin.matuszewski@nokia

P2PSIP Security Analysis draft-matuszewski-p2psip-security-requirements-02 draft-song-p2psip-security-eval-00 71st IETF - Philadelphia, PA, USA P2PSIP WG Meeting. Marcin Matuszewski marcin.matuszewski@nokia.com Jan-Erik Ekberg jan-erik.ekberg@nokia.com

allegra-hodges
Télécharger la présentation

Marcin Matuszewski marcin.matuszewski@nokia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. P2PSIP Security Analysis draft-matuszewski-p2psip-security-requirements-02draft-song-p2psip-security-eval-0071st IETF - Philadelphia, PA, USA P2PSIP WG Meeting Marcin Matuszewski marcin.matuszewski@nokia.com Jan-Erik Ekberg jan-erik.ekberg@nokia.com Pekka Laitinen pekka.laitinen@nokia.com Song Yongchao melodysong@huawei.com Ben Y. Zhao ravenben@cs.ucsb.edu

  2. Challenges Facing P2PSIP Security • Nodes in the overlay are highly autonomous • They could do what they want to do • The functions of the overlay • Realized by the services between peers • Two basic services: routing service and storage service • So the requested actions from the peers who provide service are suspicious • It may not be served according to the service agreements

  3. P2PSIP Security Analysis Application Distributed storage/ replication P2P Layers Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered List some of security threats, not Complete!

  4. Security On Routing • Intermediate peers may • Discard the message • Forward to the wrong next-hop • Modify messages before forwarding • Open issues • Should the peer (As a Client) check whether the peer (As a Server) serve the request properly? • Or just ignore these misbehavior?

  5. Security On Routing • Any peer who is on the path to the destination peer May • Claim it is the peer being responsible for the key • It also called Identity Attack • What could the peer sending the message do? • Accept the results unconditionally • Or do some check?

  6. Security On Storage • A malicious peer may • Publish a large amount of useless data into the overlay? • It may make valid PUT operation fail? • Open issue • Does the P2PSIP need a mechanism to prevent or reduce the adverse effect?

  7. Security On Storage • Any peer may • Put malicious information, such as a victim’s reachability information; • May launch DDoS attack on the victim; • P2P overlay Should not be a DDoS engine by attackers

  8. Discussions • What’s the scope of the security considerations? • Ignore most of the malicious behavior while designing protocol? • Or establish framework to reduce the adverse effect from the malicious behavior? • Are the security considerations proposed in current proposals enough?

More Related