Safe and private peer to peer data sharing
Download
1 / 16

Safe and Private - PowerPoint PPT Presentation


  • 358 Views
  • Updated On :

Safe and Private Peer to Peer Data Sharing. Bogdan C. Popescu Bruno Crispo Andrew S. Tanenbaum. Overview. Peer to peer file sharing Threat model & defenses Our solution Conclusion. Started around 1999 with Napster mostly exchange of music&video highly popular

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Safe and Private ' - arleen


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Safe and private peer to peer data sharing l.jpg

Safe and Private Peer to Peer Data Sharing

Bogdan C. Popescu

Bruno Crispo

Andrew S. Tanenbaum


Slide2 l.jpg

Overview

  • Peer to peer file sharing

  • Threat model & defenses

  • Our solution

  • Conclusion


Peer to peer file sharing l.jpg

Started around 1999 with Napster

mostly exchange of music&video

highly popular

from very beginning very controversial

Third generation P2P systems: Kazaa, LimeWire

Sparkled interest in P2P paradigm

Peer to peer file sharing


Slide4 l.jpg

Should we work on this?

Non-commercial file sharing - not a crime in EU

protect EU citizens against legal harassment abroad

In P2P networks information cannot be censored

safe & private data sharing would aid free speech

P2P keeps in check de-facto monopolies!

perceived as major threat by entertainment industry

subject to various types of attacks


Types of attacks on p2p l.jpg

Attack the company offering the service

move to de-centralized solutions - 100% success

Attack the software provider

move off-shore or underground - 100% success

Attack the content

content tracing and rating - partial success

Attack individual users

BIG PROBLEM!!

Types of Attacks on P2P


Attacking users l.jpg

Most content is provided by small fraction of users

RIAA’s “Crush the Connectors” strategy

Identify users sharing large number of files

Retrieve incriminating content

Take them to court

Exchanging content with strangersbecomes dangerous

Attacking Users


Threat model l.jpg

Fraction of all P2P nodes controlled by enemy

Need to prevent exposing good nodes

exchanging data w. enemy nodes

passive logging attacks

Less concerned about

traffic analysis

anonymity

Threat Model


Anonymous file sharing 1 l.jpg

Such systems currently being designed (Freenet)

make impossible to identify source & destination

based on earlier work - mix nets, Crowds and Onion Routing

In theory RIAA has nobody to sue

In practice endpoints are always exposed

Anonymous File Sharing (1)


Anonymous file sharing 2 l.jpg

Exposed!!

RIAA

Anonymous File Sharing (2)

3.

5.

Source

1.

4.

6.

2.

Endpoints are always exposed!


Solution turtle l.jpg

Create the P2P overlay based on social links

Communication between links is encrypted

“Friend” nodes agree on keys out-of-band

Both queries and results go hop-by-hop

Solution - Turtle

Data exchanged only between trusted parties!


Turtle l.jpg
Turtle

?

?

?

?

?

?

?

!

!

!

?

?

!

?

?

?

!

?

?

?

!

?

!

!

?

?

!

?

?

!

?

!

!

!

!

!


Slide12 l.jpg

Query/Hit Protocol

Q: XYZ

QID = 764

TTL = 10

Q: XYZ

QID = 764

TTL = 9

HID: 444

QID = 764

Metadata

Dist = 0

BW: 25KB/s

HID: 444

QID = 764

Metadata

Dist = 1

BW: 10KB/s

1

1

1

A

B

C

QID: 764

Channel: 4

QID: 764

Channel: 3

QID: 764

Channel: -

HID: 444

Channel: 2

Dist: 1

BW: 10

HID: 444

Channel: -

HID: 444

Channel: 2

2

4

2

3

3

2


Anonymous query hit protocol l.jpg

Query/hit protocol is not anonymous

TTL in query packet can reveal identity of initiator

Dist. Count in hit packet reveals identity of respoder

identities only disclosed to small group of friends!

Anonymous protocol also possible:

replace TTL with probability of forwarding

no more Dist. Count in query hit

drawbacks: less flexible result selection

Anonymous query/hit protocol


Security properties l.jpg

Node compromise causes localized damage

Immune to Sybil and Eclipse attack

Good protection against attacks on content

Good protection against DoS attacks

Security properties


How will this work l.jpg

How connected is the friendship graph?

Social networking - Orkut, Friendster

In 3 months Orkut has grown to 200000 members

Through 14 friends I reach 90% of Orkut members

Are people on-line long enough?

ADSL & cable modem becoming widespread

Turtle adds extra motivation

Can connectors cope with relaying demands?

????

How will this work?


Conclusion l.jpg

Turtle is the first P2P architecture that can guarantee private and safe data sharing

Currently being implemented

Feedback, please!

Conclusion


ad