Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Published byCharles Emery Modified over 11 years ago

Similar presentations

Presentation on theme: "Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER."— Presentation transcript:

1 Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER

2 Overview Peer-to-peer security is hard Some old techniques, some new Example: Popular Power POPULAR POWER

3 Standard security concerns Someone stealing my data Virus infecting my computer Someone impersonating me Someone modifying my data POPULAR POWER

4 The Real Problem: the Network POPULAR POWER Anna Kournikova VBS/SST-A VBS/SST@MM OnTheFly ILOVEYOU VBS/Loveletter.a Melissa Kalamars VBS Worm Generator Creative W32/ProLin@MM +50,000 more Stacheldraht Trinoo Tribe Flood Network

5 Client/Server Security: Understood Make a secure server Use firewall to restrict access to server Encrypt all communications Authenticate server to client Authenticate client to server (oops) Audit server: logs, tripwires, etc Pray you have no bugs POPULAR POWER

6 P2P Security is Harder Each computer is untrusted Peers don't have trust relationships Capacity for rapid spread of trouble Individuals can cause local damage that spreads Everyone can be running different software Code may be mobile; beware! Decentralization can make auditing difficult Complex systems: hard to understand POPULAR POWER

7 Security Tools (not Solutions!) Encryption Authentication Firewalls Trust and Reputation Sandboxes Frameworks: SSL, Intels PTPTL, etc. POPULAR POWER

8 Firewalls Good things –Easy to set up –Restrict access to a white list of allowed traffic –Single point of control Bad things –Unsubtle: Block all traffic on port, not application –Inflexible: Generally static rulesets –Single point of control Difficult for users inside network to influence Not an Internet-wide security solution POPULAR POWER

9 Trust and Reputation Mechanisms Give entities identities (pseudonymonous) Create reputation sharing mechanism –Assign reputations to entities –Allow others to retrieve reputations Use reputation to build trust relationships Example: eBay Example: Public key infrastructure –Verisign-style certificate hierarchies –PGP Web of Trust Peer to Peer / decentralized solutions POPULAR POWER

10 Secure Execution Environments Essential for mobile code systems! Traditional approaches –OS-based security –Ad-hoc mechanisms (VBS, Javascript, Emacs) Sandboxes –Java Virtual Machine –Inferno / Dis –C# / CLR NSA / VMWare: NetTop POPULAR POWER

11 Example Application: Popular Power Distributed computing –Centralized server –Untrusted clients –Mobile code Must protect four different groups: –Our own servers –Client computers –Customers submitting jobs –The Internet itself POPULAR POWER

12 Protecting Our Servers Standard Unix server protection –Firewalls –Validating all input (Java – no buffer overflows) –Auditing servers –Offline signature keys POPULAR POWER

13 Protecting Client Computers Threat model: Byzantine failure –Malicious code –Buggy code Secure execution environment –Java sandbox –Fine-grained policy model to add privileges Authentication –Cryptographic protection on files, communication POPULAR POWER

14 Protecting Job Submitters Theft of intellectual property –Obfuscation of code –Encryption of data –Shredding of computation –Time to crack vs. value of data Data manipulation – spoofing results –Redundant execution + verification –Reputations of client computers –Running checksums POPULAR POWER

15 Protecting the Internet Distributed denial of service –Load testing / quality of service monitoring –Malicious attack, or accident in programming –Careful authentication of job submission –Built-in failsafes in code –Built-in failsafes in system Play nice with firewalls Open question? POPULAR POWER

16 Conclusion There are lots of good security tools Peer-to-peer has hard problems Complex decentralized systems are inherently difficult to secure We have an ethical responsibility to create secure systems POPULAR POWER

17 Template POPULAR POWER

Download ppt "Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER."

Similar presentations

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.

University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Similar presentations

Ads by Google