Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

Similar presentations


Presentation on theme: "© 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University."— Presentation transcript:

1 © Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

2 © 2004 Ravi Sandhu 2 Mainframe Client-Server P2P Mainframe era: 1970s Dumb terminals connected to a big mainframe Mainframes possibly networked together Client-server: Late 1980s Many clients, 1 user per client Dedicated servers Single client can access multiple servers Significant computing resources on client Peer-to-Peer (P2P) Late 1990s Each computer is a client and a server Takes on whatever role is appropriate for a given task at a given time Harnesses computing and communication power of the entire network

3 © 2004 Ravi Sandhu 3 P2P versus Client-Server: Idealized View From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

4 © 2004 Ravi Sandhu 4 No Clear Border From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

5 © 2004 Ravi Sandhu 5 Hybrid P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

6 © 2004 Ravi Sandhu 6 P2P Perspective From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

7 © 2004 Ravi Sandhu 7 Napster From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

8 © 2004 Ravi Sandhu 8 Power Server From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

9 © 2004 Ravi Sandhu 9 Power Server Coordinator From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

10 © 2004 Ravi Sandhu 10 Comparison of Different P2P Models From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

11 © 2004 Ravi Sandhu 11 Taxonomy of Computer Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

12 © 2004 Ravi Sandhu 12 Taxonomy of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

13 © 2004 Ravi Sandhu 13 Classification of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

14 © 2004 Ravi Sandhu 14 Taxonomy of P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

15 © 2004 Ravi Sandhu 15 Taxonomy of P2P Markets From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

16 © 2004 Ravi Sandhu 16 P2P Markets versus P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

17 © 2004 Ravi Sandhu 17 P2P System Architecture From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

18 © 2004 Ravi Sandhu 18 Security Issues in P2P Systems Many old issues carry over New issues emerge Old issues are re-emphasized

19 © 2004 Ravi Sandhu 19 Security Protection against malicious downloaded P2P application code Enabling technologies Java sandboxing Trusted computing From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003 Old issue re-emphasized

20 © 2004 Ravi Sandhu 20 Security (claimed to be new issues) Multi-key encryption Annonymity requirement for Publius Sandboxing Digital Rights Management Reputation and Accountability Firewall Traversal and Hidden Peers From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

21 © 2004 Ravi Sandhu 21 Annonymity (is this a security issue?) From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL , March 8th, 2002

22 © 2004 Ravi Sandhu 22 Security in Data Sharing Systems Availability DOS attack, e.g., chosen-victim attack –Use amplification mechanism of P2P system File availability File authenticity How do I know this is the file I am looking for? Anonymity Lots of work in this area Need anonymity at all layers of the network stack Access Control DRM Usage Control From Open Problems in Data-Sharing Peer-to-Peer Systems, Neil Daswani, Hector Garcia-Molina, and Beverly Yang, LNCS 2572, pp. 1–15, 2003.

23 © 2004 Ravi Sandhu 23 Security in Data Sharing Systems (P2P Overlay Networks) Routing Secure nodeId assignment Robust routing primitives Ejecting misbehaving nodes Storage Quota architectures Distributed auditing Other forms of fairness Trust From A Survey of Peer-to-Peer Security Issues, Dan S.Wallach, LNCS 2609, pp. 42–57,


Download ppt "© 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University."

Similar presentations


Ads by Google