Presentation is loading. Please wait.

Presentation is loading. Please wait.

POPULAR POWER Security Issues of Peer-to-Peer Systems

Published byOlivia Chase Modified over 6 years ago

Similar presentations

Presentation on theme: "POPULAR POWER Security Issues of Peer-to-Peer Systems"— Presentation transcript:

1 POPULAR POWER Security Issues of Peer-to-Peer Systems
February 14, 2001 O’Reilly Peer-to-Peer Conference Nelson Minar, CTO

2 Overview Peer-to-peer security is hard Some old techniques, some new
Example: Popular Power POPULAR POWER

3 Standard security concerns
Someone stealing my data Virus infecting my computer Someone impersonating me Someone modifying my data POPULAR POWER

4 The Real Problem: the Network
Anna Kournikova VBS/SST-A OnTheFly ILOVEYOU VBS/Loveletter.a Melissa Trinoo Tribe Flood Network Creative Kalamar’s VBS Worm Generator +50,000 more Stacheldraht POPULAR POWER

5 Client/Server Security: Understood
Make a secure server Use firewall to restrict access to server Encrypt all communications Authenticate server to client Authenticate client to server (oops) Audit server: logs, tripwires, etc Pray you have no bugs POPULAR POWER

6 P2P Security is Harder Each computer is untrusted
Peers don't have trust relationships Capacity for rapid spread of trouble Individuals can cause local damage that spreads Everyone can be running different software Code may be mobile; beware! Decentralization can make auditing difficult Complex systems: hard to understand POPULAR POWER

7 Security Tools (not Solutions!)
Encryption Authentication Firewalls Trust and Reputation Sandboxes Frameworks: SSL, Intel’s PTPTL, etc. POPULAR POWER

8 Firewalls Good things Bad things Easy to set up
Restrict access to a “white list” of allowed traffic Single point of control Bad things Unsubtle: Block all traffic on port, not application Inflexible: Generally static rulesets Difficult for users inside network to influence Not an Internet-wide security solution POPULAR POWER

9 Trust and Reputation Mechanisms
Give entities identities (pseudonymonous) Create reputation sharing mechanism Assign reputations to entities Allow others to retrieve reputations Use reputation to build trust relationships Example: eBay Example: Public key infrastructure Verisign-style certificate hierarchies PGP Web of Trust Peer to Peer / decentralized solutions POPULAR POWER

10 Secure Execution Environments
Essential for mobile code systems! Traditional approaches OS-based security Ad-hoc mechanisms (VBS, Javascript, Emacs) Sandboxes Java Virtual Machine Inferno / Dis C# / CLR NSA / VMWare: NetTop POPULAR POWER

11 Example Application: Popular Power
Distributed computing Centralized server Untrusted clients Mobile code Must protect four different groups: Our own servers Client computers Customers submitting jobs The Internet itself POPULAR POWER

12 Protecting Our Servers
Standard Unix server protection Firewalls Validating all input (Java – no buffer overflows) Auditing servers Offline signature keys POPULAR POWER

13 Protecting Client Computers
Threat model: Byzantine failure Malicious code Buggy code Secure execution environment Java sandbox Fine-grained policy model to add privileges Authentication Cryptographic protection on files, communication POPULAR POWER

14 Protecting Job Submitters
Theft of intellectual property Obfuscation of code Encryption of data “Shredding” of computation Time to crack vs. value of data Data manipulation – spoofing results Redundant execution + verification Reputations of client computers Running checksums POPULAR POWER

15 Protecting the Internet
Distributed denial of service Load testing / quality of service monitoring Malicious attack, or accident in programming Careful authentication of job submission Built-in failsafes in code Built-in failsafes in system Play nice with firewalls Open question? POPULAR POWER

16 Conclusion There are lots of good security tools
Peer-to-peer has hard problems Complex decentralized systems are inherently difficult to secure We have an ethical responsibility to create secure systems POPULAR POWER

Download ppt "POPULAR POWER Security Issues of Peer-to-Peer Systems"

Similar presentations

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.
Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Peer-to-Peer Technology and Security Issues By Raul Rodriguez, Arash Zarrinbakhsh, Cynthia Roger and Phillip Shires College of Business Administration.

Peer-to-Peer Technology and Security Issues By Raul Rodriguez, Arash Zarrinbakhsh, Cynthia Roger and Phillip Shires College of Business Administration.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.

Similar presentations

Ads by Google