1 / 16

Safe and Private Peer to Peer Data Sharing

Safe and Private Peer to Peer Data Sharing. Bogdan C. Popescu Bruno Crispo Andrew S. Tanenbaum. Overview. Peer to peer file sharing Threat model & defenses Our solution Conclusion. Started around 1999 with Napster mostly exchange of music&video highly popular

arleen
Télécharger la présentation

Safe and Private Peer to Peer Data Sharing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Safe and Private Peer to Peer Data Sharing Bogdan C. Popescu Bruno Crispo Andrew S. Tanenbaum

  2. Overview • Peer to peer file sharing • Threat model & defenses • Our solution • Conclusion

  3. Started around 1999 with Napster mostly exchange of music&video highly popular from very beginning very controversial Third generation P2P systems: Kazaa, LimeWire Sparkled interest in P2P paradigm Peer to peer file sharing

  4. Should we work on this? • Non-commercial file sharing - not a crime in EU – protect EU citizens against legal harassment abroad • In P2P networks information cannot be censored – safe & private data sharing would aid free speech • P2P keeps in check de-facto monopolies! – perceived as major threat by entertainment industry – subject to various types of attacks

  5. Attack the company offering the service move to de-centralized solutions - 100% success Attack the software provider move off-shore or underground - 100% success Attack the content content tracing and rating - partial success Attack individual users BIG PROBLEM!! Types of Attacks on P2P

  6. Most content is provided by small fraction of users RIAA’s “Crush the Connectors” strategy Identify users sharing large number of files Retrieve incriminating content Take them to court Exchanging content with strangersbecomes dangerous Attacking Users

  7. Fraction of all P2P nodes controlled by enemy Need to prevent exposing good nodes exchanging data w. enemy nodes passive logging attacks Less concerned about traffic analysis anonymity Threat Model

  8. Such systems currently being designed (Freenet) make impossible to identify source & destination based on earlier work - mix nets, Crowds and Onion Routing In theory RIAA has nobody to sue In practice endpoints are always exposed Anonymous File Sharing (1)

  9. Exposed!! RIAA Anonymous File Sharing (2) 3. 5. Source 1. 4. 6. 2. Endpoints are always exposed!

  10. Create the P2P overlay based on social links Communication between links is encrypted “Friend” nodes agree on keys out-of-band Both queries and results go hop-by-hop Solution - Turtle Data exchanged only between trusted parties!

  11. Turtle ? ? ? ? ? ? ? ! ! ! ? ? ! ? ? ? ! ? ? ? ! ? ! ! ? ? ! ? ? ! ? ! ! ! ! !

  12. Query/Hit Protocol Q: XYZ QID = 764 TTL = 10 Q: XYZ QID = 764 TTL = 9 HID: 444 QID = 764 Metadata Dist = 0 BW: 25KB/s HID: 444 QID = 764 Metadata Dist = 1 BW: 10KB/s 1 1 1 A B C QID: 764 Channel: 4 QID: 764 Channel: 3 QID: 764 Channel: - HID: 444 Channel: 2 Dist: 1 BW: 10 HID: 444 Channel: - HID: 444 Channel: 2 2 4 2 3 3 2

  13. Query/hit protocol is not anonymous TTL in query packet can reveal identity of initiator Dist. Count in hit packet reveals identity of respoder identities only disclosed to small group of friends! Anonymous protocol also possible: replace TTL with probability of forwarding no more Dist. Count in query hit drawbacks: less flexible result selection Anonymous query/hit protocol

  14. Node compromise causes localized damage Immune to Sybil and Eclipse attack Good protection against attacks on content Good protection against DoS attacks Security properties

  15. How connected is the friendship graph? Social networking - Orkut, Friendster In 3 months Orkut has grown to 200000 members Through 14 friends I reach 90% of Orkut members Are people on-line long enough? ADSL & cable modem becoming widespread Turtle adds extra motivation Can connectors cope with relaying demands? ???? How will this work?

  16. Turtle is the first P2P architecture that can guarantee private and safe data sharing Currently being implemented Feedback, please! Conclusion

More Related