Privacy in P2P based Data Sharing Muhammad Nazmus Sakib CSCE 824 April 17, 2013.

Slides:



Advertisements
Similar presentations
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Advertisements

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Application Layer Overlays IS250 Spring 2010 John Chuang.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.
Efficient Content Location Using Interest-based Locality in Peer-to-Peer Systems Presented by: Lin Wing Kai.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Gnutella, Freenet and Peer to Peer Networks By Norman Eng Steven Hnatko George Papadopoulos.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presentation by Theodore Mao CS294-4: Peer-to-peer Systems August 27, 2003.
Data Communications and Networks
Bluebear: Exploring Privacy Threats in the Internet Arnaud Legout EPI, Planète
Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.
Anonymity and the Internet Nathan Owens. Overview Regular Internet anonymity Non-standard implementations Benefits Negatives Legal changes Future Ideas.
Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.
1 Reading Report 4 Yin Chen 26 Feb 2004 Reference: Peer-to-Peer Architecture Case Study: Gnutella Network, Matei Ruoeanu, In Int. Conf. on Peer-to-Peer.

BitTorrent How it applies to networking. What is BitTorrent P2P file sharing protocol Allows users to distribute large amounts of data without placing.
Forensics Investigation of Peer-to- Peer File Sharing Networks Authors: Marc Liberatore, Robert Erdely, Thomas Kerle, Brian Neil Levine & Clay Shields.
1 Telematica di Base Applicazioni P2P. 2 The Peer-to-Peer System Architecture  peer-to-peer is a network architecture where computer resources and services.
Distributed Systems Concepts and Design Chapter 10: Peer-to-Peer Systems Bruce Hammer, Steve Wallis, Raymond Ho.
Thesis Proposal Data Consistency in DHTs. Background Peer-to-peer systems have become increasingly popular Lots of P2P applications around us –File sharing,
Peer-to-Peer Networking. Presentation Introduction Characteristics and Challenges of Peer-to-Peer Peer-to-Peer Applications Classification of Peer-to-Peer.
Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.
Monitoring for network security and management Cyber Solutions Inc.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.
A P2P file distribution system ——BitTorrent Pegasus Team CMPE 208.
Adrian Crenshaw. Darknets  There are many definitions, but mine is “anonymizing private networks ”  Use of encryption.
Peer-to-Peer Networks University of Jordan. Server/Client Model What?
Professor OKAMURA Laboratory. Othman Othman M.M. 1.
1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)
Hongil Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Cryptography and Network Security (CS435) Part One (Introduction)
Peer-to-Peer Network Tzu-Wei Kuo. Outline What is Peer-to-Peer(P2P)? P2P Architecture Applications Advantages and Weaknesses Security Controversy.
1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.
PEER TO PEER (P2P) NETWORK By: Linda Rockson 11/28/06.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Freenet Ubiquitous Computing - Assignment Guided By: Prof. Niloy Ganguly Department of Computer Science and Engineering Submitted By: o Parin Deepak Cheda.
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
ADVANCED COMPUTER NETWORKS Peer-Peer (P2P) Networks 1.
Peer-to-Peer Systems: An Overview Hongyu Li. Outline  Introduction  Characteristics of P2P  Algorithms  P2P Applications  Conclusion.
LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.
Bruce Hammer, Steve Wallis, Raymond Ho
INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.
09/13/04 CDA 6506 Network Architecture and Client/Server Computing Peer-to-Peer Computing and Content Distribution Networks by Zornitza Genova Prodanoff.
P2P Networking: Freenet Adriane Lau November 9, 2004 MIE456F.
Skype.
An example of peer-to-peer application
BitTorrent Vs Gnutella.
I know what you are Sharing
Privacy Through Anonymous Connection and Browsing
OneSwarm: Privacy Preserving P2P
Presentation by Theodore Mao CS294-4: Peer-to-peer Systems
PEER-TO-PEER SYSTEMS.
Presentation transcript:

Privacy in P2P based Data Sharing Muhammad Nazmus Sakib CSCE 824 April 17, 2013

Outline Problem Description Background ◦ Privacy ◦ P2P Type of Privacy ◦ Location based ◦ Content based Summary

Problem Description Privacy concerns in P2P networks ◦ User’s ability to control disclosure of personal information Our Goal ◦ Assess the current privacy exposures in existing networks ◦ Discuss the existing solutions to counter them

Privacy The right of individuals to determine for themselves when, how and what extent of information about them is communicated to others  Alan Westin, Columbia University

Overview of P2P Distributed application architecture Partitions tasks and workloads Peers are both supplier & consumer No or little centralized control Types ◦ Structured  Uses DHT (Distributed Hash Table)  Example - Kad ◦ Unstructured  Ad hoc fashion  Example – Freenet, Gnutella.

Types of Privacy Location Privacy ◦ Controlling disclosure of IP address, geo- graphic location, identity, etc. Content Privacy ◦ Controlling disclosure of personal data files and user behavior.

Location Privacy The problem ◦ Gnutella, eDonkey ◦ Kaaza ◦ Skype + BitTorrent Solutions ◦ Freenet ◦ OneSwarm ◦ I2P

Location Privacy:Problem Gnutella/eDonkey ◦ Change from protocol V.0.4 to V.0.6 increased privacy vulnerability ◦ Users can be monitored by  IP address  DNS name  Software versions  Shared files  Queries

Location Privacy:Problem Kaaza ◦ No support for anonymity Skype + BitTorrent ◦ It is possible to determine the IP address and file sharing usage of a particular user  Blond et al.

Skype + BitTorrent Finding the IP address ◦ Find the target person’s Skype ID ◦ Inconspicuously call this person ◦ Extract callee’s IP address from packet headers ◦ Skype privacy settings fail to protect against this scheme ◦ Observe mobility of the Skype users

Skype + BitTorrent Linking internet usage ◦ Skype tracker employs ten tracking clients to daily collect the IP address for the 100,000 users ◦ Infohash crawler determines the infohashes (file IDs) of the 50,000 most popular BitTorrent swarms ◦ BitTorrent crawler collects the IP addresses participating in the 50,000 most popular swarms ◦ Verifier attempts to initiate P2P communications with the two applications in order to verify that the same user is indeed running both of them

Location Privacy: Solutions Freenet ◦ Protects anonymity of both producers and consumers ◦ Identical nodes collectively pool their storage space to store data files ◦ Dynamically replicated files are referred to in a location-independent manner ◦ Infeasible to discover the true origin or destination of a passing file

Location Privacy: Solutions Freenet ◦ Weakness  TTL value of the packets can be used to gain knowledge about the source of the file  Surrounding a node with all malicious nodes can monitor incoming and outgoing of packets  Slower performance than traditional P2P networks

:Location Privacy: Solutions OneSwarm ◦ Makes a trade-off between performance and anonymity  Better performance than Freenet  Better privacy than BitTorrent ◦ Control of Privacy is on the users ◦ Data transferred through disposable addresses ◦ Prevents monitoring of user behavior

OneSwarm

OneSwarm Weakness ◦ Timing attack is possible with only two attacking nodes ◦ 15% attacking peers can make 90% peers vulnerable ◦ Thwarting attacks will increase response time greater than Freenet ◦ 25% attackers can monitor 98% peers ◦ A TCP-based attack with only one attacker can identify source of data

Location Privacy: Solutions I2P (Invisible Internet Project) ◦ Network layer allowing communication pseudonymously ◦ Implemented through I2P routers ◦ End-to-end encryption ◦ P2P implementations  I2P over BitTorrent  iMule (Invisible eMule)  I2Phex

I2P Attacks ◦ Timpanaro et al. developed a large scale monitoring architecture ◦ It reveals that a large scale system can compromise its anonymity ◦ Still a better choice than Tor or Freenet

Content Privacy Kaaza Kad Personal Health Information

Content Privacy Kaaza ◦ Good et al. conducted experiments to  Find out whether users are sharing personal files  Find out whether the shared files are downloaded ◦ Results indicate (24 hour period)  156 distinct users shared their inbox  19 out of 20 users shared files  9 users shared web browser cache  5 users shared word processing documents  2 users shared financial documents  Shared dummy files were downloaded by 4 distinct users

Content Privacy Kad Network ◦ Dragonfly monitoring system  Passively monitor sharing and downloading events ◦ Within 2 weeks  5000 private files related to 10 distinct keywords ◦ Honey files  192 distinct attackers tried to download  45 attackers tried to hack into the honey accounts 125 times ◦ Solution  eMule plugin – Numen

Content Privacy Personal Health Information (PHI) ◦ Emam et al. designed a system to download files from P2P networks ◦ Results show  0.4% Canadian IP had PHI  0.6% US IP had PHI Personal Financial Information (PFI) ◦ Same experiment  1.7% Canadian IP had PFI  4.7% US IP had PFI Experiments performed over ◦ FastTrack (Kaaza) ◦ Gnutella ◦ eDonkey

Summary Considerable amount of privacy exposures are present in current P2P systems for both location and content privacy Several solutions have been proposed to provide anonymity, while very few solutions for content privacy Flaws are present in the existing solutions

Questions?