Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Slides:



Advertisements
Similar presentations
Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
Advertisements

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.
Chapter 17: WEB COMPONENTS
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.
Lecture 11 Reliability and Security in IT infrastructure.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Intranet, Extranet, Firewall. Intranet and Extranet.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
32-1 Internet Safety/Security Issues Trojan/Virus precautions When you run an executable program from an untrusted source you’re opening yourself.
Internet Security for Small & Medium Business Week 6
October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Software Security Testing Vinay Srinivasan cell:
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
SECURITY ENGINEERING 2 April 2013 William W. McMillan.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Network Security Management Dr. Robert Chi Chair and Professor, IS department Chief editor, Journal of Electronic Commerce Research.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,
Security Vulnerabilities in A Virtual Environment
1 Lecture 1: Introduction Outline course’s focus intruder’s capabilities motivation for security worms, viruses, etc. legal and patent issues.
Ingredients of Security
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending Non-repudiation E-commerce.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Chapter 40 Internet Security.
Secure Software Confidentiality Integrity Data Security Authentication
POPULAR POWER Security Issues of Peer-to-Peer Systems
Message Digest Cryptographic checksum One-way function Relevance
Intrusion detection systems?
Operating System Security
Faculty of Science IT Department By Raz Dara MA.
Security.
Operating System Concepts
CSE 542: Operating Systems
Presentation transcript:

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER

Overview Peer-to-peer security is hard Some old techniques, some new Example: Popular Power POPULAR POWER

Standard security concerns Someone stealing my data Virus infecting my computer Someone impersonating me Someone modifying my data POPULAR POWER

The Real Problem: the Network POPULAR POWER Anna Kournikova VBS/SST-A OnTheFly ILOVEYOU VBS/Loveletter.a Melissa Kalamars VBS Worm Generator Creative +50,000 more Stacheldraht Trinoo Tribe Flood Network

Client/Server Security: Understood Make a secure server Use firewall to restrict access to server Encrypt all communications Authenticate server to client Authenticate client to server (oops) Audit server: logs, tripwires, etc Pray you have no bugs POPULAR POWER

P2P Security is Harder Each computer is untrusted Peers don't have trust relationships Capacity for rapid spread of trouble Individuals can cause local damage that spreads Everyone can be running different software Code may be mobile; beware! Decentralization can make auditing difficult Complex systems: hard to understand POPULAR POWER

Security Tools (not Solutions!) Encryption Authentication Firewalls Trust and Reputation Sandboxes Frameworks: SSL, Intels PTPTL, etc. POPULAR POWER

Firewalls Good things –Easy to set up –Restrict access to a white list of allowed traffic –Single point of control Bad things –Unsubtle: Block all traffic on port, not application –Inflexible: Generally static rulesets –Single point of control Difficult for users inside network to influence Not an Internet-wide security solution POPULAR POWER

Trust and Reputation Mechanisms Give entities identities (pseudonymonous) Create reputation sharing mechanism –Assign reputations to entities –Allow others to retrieve reputations Use reputation to build trust relationships Example: eBay Example: Public key infrastructure –Verisign-style certificate hierarchies –PGP Web of Trust Peer to Peer / decentralized solutions POPULAR POWER

Secure Execution Environments Essential for mobile code systems! Traditional approaches –OS-based security –Ad-hoc mechanisms (VBS, Javascript, Emacs) Sandboxes –Java Virtual Machine –Inferno / Dis –C# / CLR NSA / VMWare: NetTop POPULAR POWER

Example Application: Popular Power Distributed computing –Centralized server –Untrusted clients –Mobile code Must protect four different groups: –Our own servers –Client computers –Customers submitting jobs –The Internet itself POPULAR POWER

Protecting Our Servers Standard Unix server protection –Firewalls –Validating all input (Java – no buffer overflows) –Auditing servers –Offline signature keys POPULAR POWER

Protecting Client Computers Threat model: Byzantine failure –Malicious code –Buggy code Secure execution environment –Java sandbox –Fine-grained policy model to add privileges Authentication –Cryptographic protection on files, communication POPULAR POWER

Protecting Job Submitters Theft of intellectual property –Obfuscation of code –Encryption of data –Shredding of computation –Time to crack vs. value of data Data manipulation – spoofing results –Redundant execution + verification –Reputations of client computers –Running checksums POPULAR POWER

Protecting the Internet Distributed denial of service –Load testing / quality of service monitoring –Malicious attack, or accident in programming –Careful authentication of job submission –Built-in failsafes in code –Built-in failsafes in system Play nice with firewalls Open question? POPULAR POWER

Conclusion There are lots of good security tools Peer-to-peer has hard problems Complex decentralized systems are inherently difficult to secure We have an ethical responsibility to create secure systems POPULAR POWER

Template POPULAR POWER

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.