Peer To Peer Network Security
From Computing and Software Wiki
Peer-to-Peer (or P2P) networking is a fairly popular networking concept. Networks such as BitTorrent and eMule make it easy for people to find what they want and share what they have. P2P networks are used primarily to exchange pirated audio, video, software, and other inappropriate content. [5,6]
Contents |
What is Peer to Peer Network
A pure peer-to-peer network does not have the notion of clients or servers, but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes on the network. An example for a non P2P file transfer is an FTP server where the client and server programs are quite distinct. [3] P2P networks are generally simpler but they usually do not offer the same performance under heavy loads. The P2P network itself relies on computing power at the ends of a connection rather than from within the network itself. [8] Besides file sharing, P2P networks are also used for Distributed Computation or Instant messaging.
Network Structure
Peer-to-peer file sharing networks are transient Internet networks that allow computer users within the same P2P networking program to connect with each other computers and use sophisticated searching techniques to directly access and download files from one another's hard drives. [7] The P2P overlay network consists of all the participating peers as network nodes. There are links between any two nodes that know each other. Based on how nodes link to each other, P2P networks can classify as Unstructured and Structured. [3]
Unstructured P2P networks
An unstructured P2P network is formed when the overlay links are established arbitrarily. Such networks can be easily constructed as a new peer that wants to join the network can copy existing links of another node and then form its own links over time. In an unstructured P2P network, if a peer wants to find a desired piece of data in the network, the query has to be flooded through the network to find as many peers as possible that share the data. The main disadvantage with such networks is that the queries may not always be resolved. Popular content is likely to be available at several peers and any peer searching for it is likely to find the same thing, but if a peer is looking for rare data shared by only a few other peers, then it is highly unlikely that search will be successful. [3]
Structured P2P networks
Structured P2P network employ a globally consistent protocol to ensure that any node can efficiently route a search to some peer that has the desired file, even if the file is extremely rare. Such a guarantee necessitates a more structured pattern of overlay links. By far the most common type of structured P2P network is the distributed hash table (DHT), in which a variant of consistent hashing is used to assign ownership of each file to a particular peer, in a way analogous to a traditional hash table's assignment of each key to a particular array slot. [3]
Security Concern
One major concern of using P2P architecture in the workplace is, of course, network security. Security concerns stem from the architecture itself. Today we find most blocking and routing handles by a specific server within network, but the P2P architecture has no single fixed server responsible for routing and requests. There are many kind of P2P networking attacks that cause the security problem and we have some example below. On the other hand, most of the security mechanisms using today are based on secret key, public key or combination of them. below has some introduction of the basic aspects of them. [8,9]
Attack
- TCP port - To share files on the computer within a P2P network such as BitTorrent, a specific TCP port must be opened for the P2P software to communicate. In effect, once you open the port you are no longer protected from malicious traffic coming through it. [5]
- Trojans, Viruses - When files are downloading from other peer, there are no guarantee that the files being transfered are the one that you want. Also, when you double-click the EXE file, you can not sure that it has not installed a Trojans or bring viruses to the computer. [5]
- Malware - The P2P network software itself may contain malware or spyware. [3]
- Bandwidth Clogging and File Sharing - P2P applications such as BitTorrent make it possible for one computer to share files with another computer located somewhere else on the Internet. A major problem with P2P file-sharing programs is that they result in heavy traffic, which clogs the institution networks. The rich audio and video files that P2P users share are very big. This affects response times for internal users as well as e-business customers and that results in lost income. [9]
Security Mechanisms
- Secret Key - Secret key techniques are based on the fact that the sender and recipient share a secret, which is used for various cryptographic operations, such as encryption and decryption of messages and the creation and verification of message authentication data. This secret key must be exchanged in a separate out of bound procedure prior to the intended communication (using a PKI for example). [9]
- Public Key - Public Key Techniques are based on the use of asymmetric key pairs. Usually each user is in possession of just one key pair. One of the pair is made publicly available, while the other is kept private. Because one is available there is no need for an out of band key exchange, however there is a need for an infrastructure to distribute the public key authentically. Because there is no need for pre-shared secrets prior to a communication, public key techniques are ideal for supporting security between previously unknown parties. [9]
- Trust -
Applications
An important goal in peer-to-peer networks is that all clients provide resources, including bandwidth, storage space, and computing power. Thus, as nodes arrive and demand on the system increases, the total capacity of the system also increases. [3]
Peer-to-peer can be used for:
- File sharing
- Telephony
- Streaming media
- Software publication and distribution
References
- [1]http://www.spinellis.gr/pubs/jrnl/2004-ACMCS-p2p/html/AS04.html
- [2]http://www.ibiblio.org/team/intro/search/search.html
- [3]http://en.wikipedia.org/wiki/Peer-to-peer
- [4]http://www.ibm.com/developerworks/java/library/j-p2ptrust/
- [5]http://netsecurity.about.com/od/newsandeditorial1/a/p2psecurity.htm
- [6]http://www.websense.com/global/en/ResourceCenter/p2p_security.php
- [7]http://www.websense.com/docs/WhitePapers/PeertoPeer.pdf
- [8]http://www.webopedia.com/DidYouKnow/Internet/2005/peer_to_peer.asp
- [9]http://ntrg.cs.tcd.ie/undergrad/4ba2.02-03/p10.html
See Also
External Links
Image:Architecture.png
--Chowkw 23:46, 6 April 2008 (EDT)