1 Bringing P2P to the Web: Security and Privacy in the Firecoral Network Jeff Terrace Harold Laidlaw Hao Eric Liu Sean Stern Michael Freedman.

Slides:

Advertisements

Similar presentations

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Browser Security Modes Alex Crowell and James Kasten.

Testing Web Applications & Services Testing Web Applications & Web Services.

By: Ansuya Chauhan.

Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.

XML Based Learning Environment Prashant Karmarkar Brendan Nolan Alexander Roda.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

PORTIA Robert Grimm New York University Security Challenges for Rich-Media Educational Environments.

Proxy Servers Dr. Ronald Bergmann, CIO, ISO. Proxy servers A proxy server is a machine which acts as an intermediary between the computers of a local.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

E-Commerce The technical side. LAMP Linux Linux Apache Apache MySQL MySQL PHP PHP All Open Source and free packages. Can be installed and run on most.

Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

APACHE SERVER By Innovationframes.com »

WHAT IS PHP PHP is an HTML-embedded scripting language primarily used for dynamic Web applications.

Introducing Fiddler Web Debugging for Performance and Operations

1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

Ashish jaiman architect evangelist Microsoft

Managing Client Access

Introduction: Drupal is a free and open-source content management system (CMS). A content management system(CMS) is a computer program that allows publishing,

Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.

Masud Hasan Secue VS Hushmail Project 2.

April 14, 2008 Secure Coding Faculty Workshop Web Application Security: Exercise Development Approaches James Walden

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

Zenon Mousmoulas Greek Research and Technology Network IPv6 Technologies & Advanced Services Athens, 19 October 2004 Supporting HTTP over IPv6 for production/legacy.

Nynox.com Nynox Help Desk Affordable Help Desk Solution.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

PAPI Points of Access to Providers of Information.

Cross Site Integration “mashups” cross site scripting.

How to create DNS rule that allow internal network clients DNS access Right click on Firewall Policy ->New- >Access Rule Right click on Firewall.

1Computer Sciences Department Princess Nourah bint Abdulrahman University.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.

Shibboleth: An Introduction

AfterCollege Self-Service Scrape Configuration & Posting Utility Kai Hu Haiyan Wu May 14, Harney 235.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Module 7: Advanced Application and Web Filtering.

ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.

AFTERCOLLEGE SELF- SERVICE SCRAPE CONFIGURATION AND POSTING UTILITY Kai Hu Haiyan Wu March 17, Cowell 416 Midterm Presentation.

2007cs Servers on the Web. The World-Wide Web 2007 cs CSS JS HTML Server Browser JS CSS HTML Transfer of resources using HTTP.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.

 Before you continue you should have a basic understanding of the following:  HTML  CSS  JavaScript.

Selenium server By, Kartikeya Rastogi Mayur Sapre Mosheca. R

EWS Redesign Business Case A look at creating a reports client for new or small market participants.

Web Cache. What is Cache? Cache is the storing of data temporarily to improve performance. Cache exist in a variety of areas such as your CPU, Hard Disk.

Phonegap API & Phonegap Bridge CIS 136 Building Mobile Apps 1.

Fault – Tolerant Distributed Multimedia Streaming Web Application By Nirvan Sagar – Srishti Ganjoo – Syed Shahbaaz Safir

BUILD SECURE PRODUCTS AND SERVICES

Web Programming Language

SFS-HTTP: Securing the Web with Self-Certifying URLs

Thank You for Joining Us

What is WWW? The term WWW refers to the World Wide Web or simply the Web. The World Wide Web consists of all the public Web sites connected to the Internet.

Processes The most important processes used in Web-based systems and their internal organization.

Developing Web-Based Applications

PHP / MySQL Introduction

Dynamic Web Pages (Flash, JavaScript)

Web Systems Development (CSC-215)

Web Systems Development (CSC-215)

Lecture 1: Multi-tier Architecture Overview

Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.

Cloud Web Filtering Platform

XML Based Learning Environment

Securing web applications Externally

Web Application Development Using PHP

Presentation transcript:

1 Bringing P2P to the Web: Security and Privacy in the Firecoral Network Jeff Terrace Harold Laidlaw Hao Eric Liu Sean Stern Michael Freedman

2 Slashdot Effect

3 Existing Commerical CDNs Build your own solution –Expensive to set up –Only cost effective at massive scale Purchase from provider –Expensive –Requires prior knowledge of demand

4 Existing Free CDNs Peer-to-peer CDNs –Easy to use –Free! –Automatic redirection Unfortunately… –Over-subscribed –Under-provisioned –Scalability limited due to trust

5 Existing P2P Networks Leverage file-sharing networks –Demonstrated to provide scalability, fairness, and high-performance Design Mismatch –Not easily integrated into web browsers –High latency cost for small files

6 Introducing Firecoral What is Firecoral? –A peer-to-peer network for the web –Integrates directly into a user’s web browser –Ensures authenticity of content –Preserves user privacy –Backwards compatible Not focused on –P2P Algorithms –Incentives –Evaluation This talk’s focus –Security –Privacy –Usability

7 Firecoral Goals Content Providers –Easily integrate into existing web servers –Backwards compatibility –Not interfere with advertisements and analytics End Users –Easy to install and transparent to use –Provide content integrity –Respect privacy/sharing policies

8 Modified Content Provider ContentProviderContentProvider ClientClient PeerPeer PeerPeer PeerPeer URL Content Provider –Acts as tracker –Ensures authenticity But content provider –Still handles every request

9 External Tracker ContentProviderContentProvider ClientClient PeerPeer PeerPeer PeerPeer URL TrackerTracker ? Content provider –Still needs to provide authenticity –Still requires modification

10 Signing Service ContentProviderContentProvider ClientClient PeerPeer PeerPeer PeerPeer URL TrackerTracker SigningServiceSigningService Private Key = SS Computes Sig SS URL Sig SS

11 When to Use Firecoral Content to avoid –HTTPS Banking Online Shopping –POST Requests Web mail Feedback forms –Other private content?

12 When to Use Firecoral Simply list domains –Too coarse grained –Requires site lists be known Use HTTP referrer header –Captures 3rd party advertisements –Interferes with analytics

13 Configuration Example

14 Configuration Solution HTML Text –Difficult to parse –Requires maintenance Web standards! –XML Path Language (XPath) –Queries can select XML nodes from HTML –XPath rules are simple and easy to write –Firefox executes XPath very quickly

15 XPath Example Query for digg.com used to be: ' and Digg releases “DiggBar” feature which changes HTML New query only changes one word: ' and

16 Subscriptions List of Domain/XPath pairs Whitelist –Use Firecoral –Contains popular news aggregators Blacklist –Don’t use Firecoral –Contains known well-provisioned sites

17 Implementation Tracker –1000 lines of PHP running on Apache –Uses MySQL, Memcachedb, and Memcached Signing Service –700 lines of Python Firefox Extension –7000 lines of JavaScript, XUL, and CSS –Runs an HTTP proxy server within Firefox –Uses Mozilla XPConnect API for access to low-level network functions –Cross platform

18 Demo

19 Conclusions Firecoral brings P2P to the web Firecoral provides –Security –Privacy –Usability Allows content providers to easily support Firecoral Allows users to easily configure sharing and privacy policy

20 Future Work Implementation –NAT traversal –Apache plug-in for signing and redirection Design –Incentives –Peer selection –Measurement study

21 Thank You Questions?