security issues and solutions in peer to peer systems for
play

Security Issues and Solutions in Peer-to- peer Systems for Real-time - PowerPoint PPT Presentation

Oct 21, 2022 •187 likes •323 views

Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00 Henning Schulzrinne Enrico Marocco Emil Ivov March 2009 (IETF 74) IETF - P2PRG 1 Overview Attacker motivations

  1. Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00 Henning Schulzrinne Enrico Marocco Emil Ivov March 2009 (IETF 74) IETF - P2PRG 1

  2. Overview • Attacker motivations • Attacker resources • P2P for real-time (vs. file sharing) – more than just a DHT March 2009 (IETF 74) IETF - P2PRG 2

  3. Attacker motivations • Disrupt communications – extortion, dislike, political, … – incumbent operator? • Financial gain – impersonation – theft of service – spamming (SPIT) • Fun & fame March 2009 (IETF 74) IETF - P2PRG 3

  4. Attacker resources • Identities: – IP addresses • if used for DHT position • user subscription limitations – mobile phone #’s – email addresses, … • Computational resources – botnets make proof-of-work largely useless March 2009 (IETF 74) IETF - P2PRG 4

  5. Attack timing March 2009 (IETF 74) IETF - P2PRG 5

  6. Review: P2P for real-time • Map names to other identifiers – sip:alice@example.com  alice@128.59.16.1 • Provide (computational) services – proxying (registration, services) – relaying (NAT traversal) • Store data – configuration data – voicemail March 2009 (IETF 74) IETF - P2PRG 6

  7. File sharing vs. real time File sharing Real-time Distributed database file location User locations: one per hundreds or thousands user per user Availability same file, hundreds of each user is unique copies Integrity poison file store with impersonate user  bogus material  but no compromise user direct threat to user communication integrity Confidentiality Files are public Communications is (may want to hide origin) private (src/dest & content) March 2009 (IETF 74) IETF - P2PRG 7

  8. Admission control • Goal: keep rogue percentage low – allows detection, voting, bypassing • Group charter + group authority – authority certifies candidates compliance with charter – central authority or voting • how practical in semi-anonymous systems? • what information can votes be based on? • ballot stuffing by compromised nodes • Use CAPTCHA to reduce impact of bots • RELOAD (and Skype) uses central authority March 2009 (IETF 74) IETF - P2PRG 8

  9. Position in overlay • Sybil attacks do not depend on identifier – but preventing nodes from choosing location randomizes attacks • IP address or identifier provided by central authority – IP address doesn’t work well for NATed devices – Allows attacker more choice • Use temporary identifiers? – randomizes attack targets • Use diametrically opposed IDs to avoid local collusion – rogue nodes can add neighbors March 2009 (IETF 74) IETF - P2PRG 9

  10. Identifying malicious peers • Proactive – use test cases to detect misbehavior – “mystery shopper” • Reactive – detect and report misbehavior • Reputation management – mostly investigated for file sharing – difficult to prevent another denial-of-service attacks of rogue nodes – transitive trust March 2009 (IETF 74) IETF - P2PRG 10

  11. Real-time services are different • Don’t need everyone to be a peer – just enough resources to get job done – just increases routing latency (log(N)) – increases chances of corruption • Typically, promote nodes from clients to peers – use invitation, rather than self-promotion – based on uptime, resources, public IP address, geographic need • Why would a client want to become peer? – Skype: closed  (almost) no choice – Open systems: incentives  randomized promotion for sybil prevention March 2009 (IETF 74) IETF - P2PRG 11

  12. Attack • Denial of service – black hole signaling or media – fictitious error responses (“no such number”) – use iterative routing – getting closer? • Integrity of location bindings – Identity-based crypto  non-intuitive identifiers • Integrity of content (voice mail, …) – generally, only inserter needs access March 2009 (IETF 74) IETF - P2PRG 12

  13. Summary (& my take) • P2P systems for real-time applications ≠ file sharing – more than just key  value mapping • Identity scarcity is crucial – leverage existing hard-to-clone identities • Reputation systems are unlikely to work – either central entity knows “good guys” – or they all look the same • Avoiding centralization at all cost may not matter for real- time services – typically, don’t have Napster/PirateBay problem March 2009 (IETF 74) IETF - P2PRG 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
Mapping Data in Peer-to-Peer Systems: Semantics and Algorithmic Issues Anastasios

Mapping Data in Peer-to-Peer Systems: Semantics and Algorithmic Issues Anastasios

Mapping Data in Peer-to-Peer Systems: Semantics and Algorithmic Issues Anastasios Kementsietsidis, Marcelo Arenas, Rene J. Miller ACM SIGMOD International Conference on Management of Data 2003 Rolando Blanco CS856 Winter 2005 Overview

637 views • 26 slides
NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction Shudong Jin Case Western Reserve University NEONet Workshop, March 1, 2006 Peer-to-Peer Streaming Peer-to-peer systems versus client/server systems

292 views • 15 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Free-Net Ian Clarke, Oskar Sandberg, Brandon Wiley, Theodore Hong, 2000 Goal - peer-to-peer network -

746 views • 36 slides
Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

5/7/08 Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing servers provide special services to clients clients request service from a server Pure peer-peer computing all systems have equivalent

586 views • 20 slides
Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networking Facts Hostile environment - Legal situation - Egoistic

882 views • 57 slides
THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK Introduction Types of nodes Message format Control messages Transaction propagation Block propagation THE PEER TO PEER

767 views • 38 slides
Peer to Peer Networks and Security Kostya Kortchinsky CERT RENATER

Peer to Peer Networks and Security Kostya Kortchinsky CERT RENATER

Peer to Peer Networks and Security Kostya Kortchinsky CERT RENATER Kostya.Kortchinsky@renater.fr 23/06/2003 Kostya Kortchinsky - RENATER 1 Agenda Some Figures Security Issues Viruses, trojans, and other malware

757 views • 33 slides
Distributed Systems Peer-to-Peer Rik Sarkar James

Distributed Systems Peer-to-Peer Rik Sarkar James

Distributed Systems Peer-to-Peer Rik Sarkar James Cheney University of Edinburgh Spring 2014 Recap: p2p We studied properEes of p2p

340 views • 33 slides
INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie & Francois le Faucheur

INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie & Francois le Faucheur

INTERCONNECTING CDNS AKA PEERING PEER-TO- PEER Bruce Davie & Francois le Faucheur Outline Background: peering peer-to-peer providers CDN Interconnect Motivation CDNI Technical Issues Discussion Why is this a

876 views • 19 slides
Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Motivation Anonymous Communication NISAN Torsk Conclusion Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt theri@mailbox.tu-berlin.de Seminar Computer Security Technische Universitt Berlin 28 July 2011

390 views • 17 slides
Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Literature Feldman, Chuang Overcoming Free-Riding Behavior in Peer-to-Peer Systems, 2005

449 views • 24 slides
Building RDF- and Schema-Based Peer-to-Peer Systems / University of Hannover Wolfgang Nej dl

Building RDF- and Schema-Based Peer-to-Peer Systems / University of Hannover Wolfgang Nej dl

Building RDF- and Schema-Based Peer-to-Peer Systems / University of Hannover Wolfgang Nej dl Germany L3S Overview Relevant L3S Proj ect Background Motivation Proj ect Background - PADLR, Edutella, et al S chema-Based Peer-to-Peer

666 views • 28 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Cuckoo Hashing for Security Awerbuch, Scheideler, Towards Scalable and Robust Overlay Networks Problem: -

329 views • 19 slides
THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In peer-to-peer networks, all the operations Peer-to-peer networks Proof-of-work equally rely on each node in the system. Digital signature Registry

328 views • 18 slides
Social Computing CS 278 | Stanford University | Michael Bernstein How can we design the social

Social Computing CS 278 | Stanford University | Michael Bernstein How can we design the social

Social Computing CS 278 | Stanford University | Michael Bernstein How can we design the social systems that we inhabit? What is social computing? Social computing systems are computational systems that mediate social interactions.

645 views • 38 slides
IntelMQ - a KISS incident handling automation project (IHAP) L. Aaron Kaplan kaplan@cert.at

IntelMQ - a KISS incident handling automation project (IHAP) L. Aaron Kaplan kaplan@cert.at

IntelMQ - a KISS incident handling automation project (IHAP) L. Aaron Kaplan kaplan@cert.at Sebastian Wagner Tom as Lima tomas.lima@cert.pt wagner@cert.at 2015-11-21 L. Aaron Kaplan kaplan@cert.at, Sebastian Wagner wagner@cert.at , Tom

464 views • 29 slides
PGCon-2020 Online 2020-05-26 Database systems: 2002-2005: since

PGCon-2020 Online 2020-05-26 Database systems: 2002-2005: since

PGCon-2020 Online 2020-05-26 Database systems: 2002-2005: since 2005: Worked on XML data type and functions (2005-2007) Long-term community activist #RuPostgres, 2000+ members Conferences Program

909 views • 64 slides
Private ! Virtual ! Infrastructure for ! Cloud ! Computing John ! Krautheim UMBC ! Cyber ! Defense

Private ! Virtual ! Infrastructure for ! Cloud ! Computing John ! Krautheim UMBC ! Cyber ! Defense

Private ! Virtual ! Infrastructure for ! Cloud ! Computing John ! Krautheim UMBC ! Cyber ! Defense ! Lab Cloud ! Computing ! Security ! Someone ! else ! owns ! the ! cloud ! Data ! in ! cloud ! is ! out ! of ! control ! of ! data ! owner ! Does !

324 views • 10 slides
Functions as a Service (Serverless computing) Motivation All require at least one server to

Functions as a Service (Serverless computing) Motivation All require at least one server to

Functions as a Service (Serverless computing) Motivation All require at least one server to be running at all times Want something that costs $0 if not used Portland State University CS 410/510 Internet, Web, and Cloud Systems Serverless

1.3k views • 52 slides
Workshop 3 Running Around Start downloading the TagBot project template (~75MB) in advance

Workshop 3 Running Around Start downloading the TagBot project template (~75MB) in advance

Faculty of Mathematics and Physics Charles University in Prague 10 th March 2015 UT2004 bots made easy! Tag! Tournament Workshop 3 Running Around Start downloading the TagBot project template (~75MB) in advance now Start

731 views • 42 slides
Interactive Robot Education Riad Akrour, Marc Schoenauer, Mich` ele Sebag RL-Feedbacks

Interactive Robot Education Riad Akrour, Marc Schoenauer, Mich` ele Sebag RL-Feedbacks

Interactive Robot Education Riad Akrour, Marc Schoenauer, Mich` ele Sebag RL-Feedbacks @ECMLPKDD, Praha, sept. 2013 Swarm Robotics Swarm-bot (2001-2005) Swarm Foraging, UWE Symbrion IP, 2008-2013; http://symbrion.org/ This talk: Train a

540 views • 53 slides
GRAF: Graph-based Runtime Adaptation Framework SEAMS 2011 Waikiki, Honolulu, Hawaii, USA Mahdi

GRAF: Graph-based Runtime Adaptation Framework SEAMS 2011 Waikiki, Honolulu, Hawaii, USA Mahdi

GRAF: Graph-based Runtime Adaptation Framework SEAMS 2011 Waikiki, Honolulu, Hawaii, USA Mahdi Derakhshanmanesh 1 , Mehdi Amoui 2 , Greg OGrady 2 Jrgen Ebert 1 , Ladan Tahvildari 2 1 Institute for Software Technology, University of

673 views • 28 slides

More recommend