P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

Slides:



Advertisements
Similar presentations
© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
P2P Systems and Distributed Hash Tables Section COS 461: Computer Networks Spring 2011 Mike Freedman
Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.
Identity Theft Protection in Structured Overlays Lakshmi Ganesh Ben Y. Zhao University of California, Santa Barbara NPSec 2005.
P2psip WG, IETF841 Jin Peng Qing Yu Yuan Li One Hop Lookups Algorithm Plugin for RELOAD draft-peng-p2psip-one-hop-plugin-02.
Outline for today Structured overlay as infrastructures Survey of design solutions Analysis of designs.
The Oceanstore Regenerative Wide-area Location Mechanism Ben Zhao John Kubiatowicz Anthony Joseph Endeavor Retreat, June 2000.
Small-world Overlay P2P Network
FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
P2P: Advanced Topics Filesystems over DHTs and P2P research Vyas Sekar.
Centre for Wireless Communications University of Oulu, Finland
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Routing Security in Ad Hoc Networks
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Applied Cryptography for Network Security
Data Security in Local Networks using Distributed Firewalls
Wide-area cooperative storage with CFS
Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
SIMULATING A MOBILE PEER-TO-PEER NETWORK Simo Sibakov Department of Communications and Networking (Comnet) Helsinki University of Technology Supervisor:
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei
A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Trusted Computing, Peer-To-Peer Distribution, and the Economics of Pirated Entertainment Peter Scott Based on paper by S. E. Schechter, R. A. Greenstadt,
Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.
P2PSIP diagnostics Song Haibin draft-zheng-p2psip-diagnose-02
Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Xiaozhou Li COS 461: Computer Networks (precept 04/06/12) Princeton University.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)
Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,
Structuring P2P networks for efficient searching Rishi Kant and Abderrahim Laabid Abderrahim Laabid.
Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.
Paper Survey of DHT Distributed Hash Table. Usages Directory service  Very little amount of information, such as URI, metadata, … Storage  Data, such.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity.
Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.
1. Efficient Peer-to-Peer Lookup Based on a Distributed Trie 2. Complex Queries in DHT-based Peer-to-Peer Networks Lintao Liu 5/21/2002.
Protocol Requirements draft-bryan-p2psip-requirements-00.txt D. Bryan/SIPeerior-editor S. Baset/Columbia University M. Matuszewski/Nokia H. Sinnreich/Adobe.
The NAT Traversal Problem in P2PSIP Bruce Lowekamp (SIPeerior) Philip Matthews (Avaya)
Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece
CS 347Notes081 CS 347: Parallel and Distributed Data Management Notes 08: P2P Systems.
Discussion On Routing Modes IETF72 P2PSIP WG draft-jiang-p2psip-sep-01 Jiang XingFeng Carlos Macian Victor Pascual.
1 Plaxton Routing. 2 History Greg Plaxton, Rajmohan Rajaraman, Andrea Richa. Accessing nearby copies of replicated objects, SPAA 1997 Used in several.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.
COS 461: Computer Networks
P2P Systems and Distributed Hash Tables
COS 461: Computer Networks
Presentation transcript:

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

Transport Security To prevent illegal peers/clients participating in the overlay, TLS/DTLS is necessary to authenticate between each association and protect the communication privacy

P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

Routing Maintenance Security A peer may receive fake routing table entries from malicious neighbors Each DHT must resolve this according to its specific routing table maintenance rules Generally speaking, each peer must verify each new entry in its routing table for correctness Attacks can try to induce security threats by increasing churn Node must waste significant bandwidth to update routing table and replicate transfer stored data The higher the churn rate is, the more entries in one’s routing table turn to be outdated, which will cause lower efficiency

KBR Security(1) Intermediate peers may claim to be the destination peer to hijack application component A check mechanism is required to verify if the response is from the responsible peer for desired key This linked paper provide an example for a proof mechanism: /identity-npsec05.pdf /identity-npsec05.pdf

KBR Security(2) Misbehaving forwarding by intermediate peer Intentional forwarding to a wrong next hop Discarding incoming messages Modifying the message before forwarding Chosen ID attack make KBR even less secure Malicious nodes can repeatedly request new nodeIDs to obtain some control over nodeID assignment

KBR Security(3) Some approaches for protection mechanisms Digital signatures for initial bootstrapping messages One approach is to chain together packet acks to determine responsibility for lost or misrouted messages Secure Node ID assignment mechanism

P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

Distributed Storage Security Protect data objects against unauthorized data operations Writing data Modification Removal Data poisoning Publish invalid or non-existent data into the overlay Publish victim node’s address as location for a popular data object to induce DDOS attack

Distributed Storage Security Storage denial of service attacks Overlays work well for a reasonable amount of data objects, but can easily be overwhelmed by inserting large numbers of objects per node Malicious nodes can publish great amount of junk data to the overlay Replication security is TODO

P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

Application Security TBD

P2PSIP Security Analysis and evaluation Trusted Overlay Base Untrusted Overlay Base

Trusted Overlay Base All peers in the overlay are deployed with trusted nodes, e.g. an operator deploys the core CHORD ring of P2P overlay network, and provides services to the ordinary clients by accessing peers in the overlay

Possible attacks in the overlay with Trusted Overlay Base

P2PSIP Security Analysis and evaluation Trusted Overlay Base Untrusted Overlay Base

Peers in a Untrusted P2P Overlay Base are not all trusted. There may exist some malicious behaving nodes in that P2P Overlay Base. All security issues with the Tursted Overlay Base still exist here More security threats emerge

More attacks in the overlay with Untrusted Overlay Base

Thank You