Presentation is loading. Please wait.

Presentation is loading. Please wait.

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

Published byLora Byrd Modified over 9 years ago

Similar presentations

Presentation on theme: "P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao"— Presentation transcript:

1 P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao melodysong@huawei.com Ben Y. Zhao ravenben@cs.ucsb.edu

2 P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

3 Transport Security To prevent illegal peers/clients participating in the overlay, TLS/DTLS is necessary to authenticate between each association and protect the communication privacy

4 P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

5 Routing Maintenance Security A peer may receive fake routing table entries from malicious neighbors Each DHT must resolve this according to its specific routing table maintenance rules Generally speaking, each peer must verify each new entry in its routing table for correctness Attacks can try to induce security threats by increasing churn Node must waste significant bandwidth to update routing table and replicate transfer stored data The higher the churn rate is, the more entries in one’s routing table turn to be outdated, which will cause lower efficiency

6 KBR Security(1) Intermediate peers may claim to be the destination peer to hijack application component A check mechanism is required to verify if the response is from the responsible peer for desired key This linked paper provide an example for a proof mechanism: http://www.cs.ucsb.edu/~ravenben/publications/pdf /identity-npsec05.pdf http://www.cs.ucsb.edu/~ravenben/publications/pdf /identity-npsec05.pdf

7 KBR Security(2) Misbehaving forwarding by intermediate peer Intentional forwarding to a wrong next hop Discarding incoming messages Modifying the message before forwarding Chosen ID attack make KBR even less secure Malicious nodes can repeatedly request new nodeIDs to obtain some control over nodeID assignment

8 KBR Security(3) Some approaches for protection mechanisms Digital signatures for initial bootstrapping messages One approach is to chain together packet acks to determine responsibility for lost or misrouted messages Secure Node ID assignment mechanism

9 P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

10 Distributed Storage Security Protect data objects against unauthorized data operations Writing data Modification Removal Data poisoning Publish invalid or non-existent data into the overlay Publish victim node’s address as location for a popular data object to induce DDOS attack

11 Distributed Storage Security Storage denial of service attacks Overlays work well for a reasonable amount of data objects, but can easily be overwhelmed by inserting large numbers of objects per node Malicious nodes can publish great amount of junk data to the overlay Replication security is TODO

12 P2PSIP Security Analysis and evaluation Enrollment Server P2P Layers Application Distributed storage/ replication Routing maintenance/KBR/ NAT/FW traversal Transport Security with each layer must be considered

13 Application Security TBD

14 P2PSIP Security Analysis and evaluation Trusted Overlay Base Untrusted Overlay Base

15 Trusted Overlay Base All peers in the overlay are deployed with trusted nodes, e.g. an operator deploys the core CHORD ring of P2P overlay network, and provides services to the ordinary clients by accessing peers in the overlay

16 Possible attacks in the overlay with Trusted Overlay Base

17 P2PSIP Security Analysis and evaluation Trusted Overlay Base Untrusted Overlay Base

18 Peers in a Untrusted P2P Overlay Base are not all trusted. There may exist some malicious behaving nodes in that P2P Overlay Base. All security issues with the Tursted Overlay Base still exist here More security threats emerge

19 More attacks in the overlay with Untrusted Overlay Base

20 Thank You www.huawei.com

Download ppt "P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao"

Similar presentations

© 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
P2P Systems and Distributed Hash Tables Section 9.4.2 COS 461: Computer Networks Spring 2011 Mike Freedman

P2P Systems and Distributed Hash Tables Section COS 461: Computer Networks Spring 2011 Mike Freedman
Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.

Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.
Identity Theft Protection in Structured Overlays Lakshmi Ganesh Ben Y. Zhao University of California, Santa Barbara NPSec 2005.

Identity Theft Protection in Structured Overlays Lakshmi Ganesh Ben Y. Zhao University of California, Santa Barbara NPSec 2005.
P2psip WG, IETF841 Jin Peng Qing Yu Yuan Li One Hop Lookups Algorithm Plugin for RELOAD draft-peng-p2psip-one-hop-plugin-02.

P2psip WG, IETF841 Jin Peng Qing Yu Yuan Li One Hop Lookups Algorithm Plugin for RELOAD draft-peng-p2psip-one-hop-plugin-02.
Outline for today Structured overlay as infrastructures Survey of design solutions Analysis of designs.

Outline for today Structured overlay as infrastructures Survey of design solutions Analysis of designs.
The Oceanstore Regenerative Wide-area Location Mechanism Ben Zhao John Kubiatowicz Anthony Joseph Endeavor Retreat, June 2000.

The Oceanstore Regenerative Wide-area Location Mechanism Ben Zhao John Kubiatowicz Anthony Joseph Endeavor Retreat, June 2000.
Small-world Overlay P2P Network

Small-world Overlay P2P Network
FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
P2P: Advanced Topics Filesystems over DHTs and P2P research Vyas Sekar.

P2P: Advanced Topics Filesystems over DHTs and P2P research Vyas Sekar.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Similar presentations

Ads by Google