safe and private peer to peer data sharing
Download
Skip this Video
Download Presentation
Safe and Private Peer to Peer Data Sharing

Loading in 2 Seconds...

play fullscreen
1 / 16

Safe and Private - PowerPoint PPT Presentation


  • 365 Views
  • Uploaded on

Safe and Private Peer to Peer Data Sharing. Bogdan C. Popescu Bruno Crispo Andrew S. Tanenbaum. Overview. Peer to peer file sharing Threat model & defenses Our solution Conclusion. Started around 1999 with Napster mostly exchange of music&video highly popular

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Safe and Private ' - arleen


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
safe and private peer to peer data sharing

Safe and Private Peer to Peer Data Sharing

Bogdan C. Popescu

Bruno Crispo

Andrew S. Tanenbaum

slide2

Overview

  • Peer to peer file sharing
  • Threat model & defenses
  • Our solution
  • Conclusion
peer to peer file sharing
Started around 1999 with Napster

mostly exchange of music&video

highly popular

from very beginning very controversial

Third generation P2P systems: Kazaa, LimeWire

Sparkled interest in P2P paradigm

Peer to peer file sharing
slide4

Should we work on this?

Non-commercial file sharing - not a crime in EU

protect EU citizens against legal harassment abroad

In P2P networks information cannot be censored

safe & private data sharing would aid free speech

P2P keeps in check de-facto monopolies!

perceived as major threat by entertainment industry

subject to various types of attacks

types of attacks on p2p
Attack the company offering the service

move to de-centralized solutions - 100% success

Attack the software provider

move off-shore or underground - 100% success

Attack the content

content tracing and rating - partial success

Attack individual users

BIG PROBLEM!!

Types of Attacks on P2P
attacking users
Most content is provided by small fraction of users

RIAA’s “Crush the Connectors” strategy

Identify users sharing large number of files

Retrieve incriminating content

Take them to court

Exchanging content with strangersbecomes dangerous

Attacking Users
threat model
Fraction of all P2P nodes controlled by enemy

Need to prevent exposing good nodes

exchanging data w. enemy nodes

passive logging attacks

Less concerned about

traffic analysis

anonymity

Threat Model
anonymous file sharing 1
Such systems currently being designed (Freenet)

make impossible to identify source & destination

based on earlier work - mix nets, Crowds and Onion Routing

In theory RIAA has nobody to sue

In practice endpoints are always exposed

Anonymous File Sharing (1)
anonymous file sharing 2

Exposed!!

RIAA

Anonymous File Sharing (2)

3.

5.

Source

1.

4.

6.

2.

Endpoints are always exposed!

solution turtle
Create the P2P overlay based on social links

Communication between links is encrypted

“Friend” nodes agree on keys out-of-band

Both queries and results go hop-by-hop

Solution - Turtle

Data exchanged only between trusted parties!

turtle
Turtle

?

?

?

?

?

?

?

!

!

!

?

?

!

?

?

?

!

?

?

?

!

?

!

!

?

?

!

?

?

!

?

!

!

!

!

!

slide12

Query/Hit Protocol

Q: XYZ

QID = 764

TTL = 10

Q: XYZ

QID = 764

TTL = 9

HID: 444

QID = 764

Metadata

Dist = 0

BW: 25KB/s

HID: 444

QID = 764

Metadata

Dist = 1

BW: 10KB/s

1

1

1

A

B

C

QID: 764

Channel: 4

QID: 764

Channel: 3

QID: 764

Channel: -

HID: 444

Channel: 2

Dist: 1

BW: 10

HID: 444

Channel: -

HID: 444

Channel: 2

2

4

2

3

3

2

anonymous query hit protocol
Query/hit protocol is not anonymous

TTL in query packet can reveal identity of initiator

Dist. Count in hit packet reveals identity of respoder

identities only disclosed to small group of friends!

Anonymous protocol also possible:

replace TTL with probability of forwarding

no more Dist. Count in query hit

drawbacks: less flexible result selection

Anonymous query/hit protocol
security properties
Node compromise causes localized damage

Immune to Sybil and Eclipse attack

Good protection against attacks on content

Good protection against DoS attacks

Security properties
how will this work
How connected is the friendship graph?

Social networking - Orkut, Friendster

In 3 months Orkut has grown to 200000 members

Through 14 friends I reach 90% of Orkut members

Are people on-line long enough?

ADSL & cable modem becoming widespread

Turtle adds extra motivation

Can connectors cope with relaying demands?

????

How will this work?
conclusion
Turtle is the first P2P architecture that can guarantee private and safe data sharing

Currently being implemented

Feedback, please!

Conclusion
ad