Privacy Issues in Peer-To-Peer Systems Raj Dandage, Tim Gorton, Ngozika Nwaneri, Mark Tompkins

Privacy Issues in Peer-To-Peer Systems Raj Dandage, Tim Gorton, Ngozika Nwaneri, Mark Tompkins 6.805-p2p@mit.edu4/26/01

Agenda Introduction & Status Report Introduction & Status Report Definition of peer-to-peer Definition of peer-to-peer What it is, what is isn’t, what it used to be, what it should do What it is, what is isn’t, what it used to be, what it should do Privacy Concerns (Threat Model) Privacy Concerns (Threat Model) What do we care about? What do we care about? Legal Issues affecting privacy on P2P systems Legal Issues affecting privacy on P2P systems What does that law care about? What does that law care about? A few examples of current P2P systems A few examples of current P2P systems Analyze w.r.t. goals, privacy concerns, legal issues, etc. Analyze w.r.t. goals, privacy concerns, legal issues, etc. Recommendations Recommendations Synthesis, and Conclusion Synthesis, and Conclusion

Status Report: Goals develop criteria for evaluating peer-to-peer applications and architectures with regard to technical, business, and public policy goals develop criteria for evaluating peer-to-peer applications and architectures with regard to technical, business, and public policy goals identify different peer-to-peer applications and architectures identify different peer-to-peer applications and architectures evaluate these applications and architectures in terms of the goals set forth and privacy issues evaluate these applications and architectures in terms of the goals set forth and privacy issues explore legal issues surrounding p2p architectures explore legal issues surrounding p2p architectures develop recommendations for the modification and design of peer-to-peer systems in order to resolve privacy concerns and encourage the design of privacy-enhancing systems develop recommendations for the modification and design of peer-to-peer systems in order to resolve privacy concerns and encourage the design of privacy-enhancing systems

What is P2P? What isn’t? Old-school “P2P” Old-school “P2P” Usenet Usenet DNS DNS WWW Hyperlinks WWW Hyperlinks Today’s P2P Today’s P2P Leveraging a new Internet usage model Leveraging a new Internet usage model Transient connectivity at the “fringes” Transient connectivity at the “fringes”

Peer-to-Peer Defined Peer-to-peer is NOT simply illegally sharing copyrighted material. Peer-to-peer is NOT simply illegally sharing copyrighted material. Peer-to-peer computing is sharing of computer resources and services by direct exchange. It is about decentralized networking applications. The “litmus test” for peer-to-peer: Peer-to-peer computing is sharing of computer resources and services by direct exchange. It is about decentralized networking applications. The “litmus test” for peer-to-peer: “does it allow for variable connectivity and temporary network addresses? “does it allow for variable connectivity and temporary network addresses? does it give the nodes at the edges of the network significant autonomy?” does it give the nodes at the edges of the network significant autonomy?” Clay Shirky in Peer-to-Peer

Peer-to-Peer: Hybrid Systems Hybrid Systems (brokered peer-to-peer system) uses a centralized server to connect to computers together before a direct exchange takes place. Hybrid Systems (brokered peer-to-peer system) uses a centralized server to connect to computers together before a direct exchange takes place. Repeater – someone who publicly shares files that they are not authors of; Republishing someone else’s work. Repeater – someone who publicly shares files that they are not authors of; Republishing someone else’s work. Metadata - the collection of information from various sources, related and managed in a central directory for the use of linkage and file sharing. Metadata - the collection of information from various sources, related and managed in a central directory for the use of linkage and file sharing.

Privacy Concerns (Threat Models) Anonymity Anonymity … of your identity … of your identity … of your online activity … of your online activity … of your publications … of your publications Authentication Authentication Access to your data Access to your data data on your local machine data on your local machine data transmitted on the ‘net data transmitted on the ‘net

Possible “Attackers” Malicious hacker Malicious hacker Governments (court order, wiretapping) Governments (court order, wiretapping) Employers Employers ISP’s ISP’s Operators of P2P systems (ex Napster) Operators of P2P systems (ex Napster) Another everyday user Another everyday user

Legal Issues affecting P2P privacy Arenas of Concern Arenas of Concern Copyright Copyright Libel Libel Censorship (more political than legal) Censorship (more political than legal) Who is liable/in danger? Who is liable/in danger? ISP’s? ISP’s? Service operators? Service operators? Individual developers? Individual developers? End users? End users?

Copyright Direct Infringement Direct Infringement when end users do Bad Things when end users do Bad Things Contributory Infringement Contributory Infringement Some act of direct infringement by someone else Some act of direct infringement by someone else Defendant “knew or should have known” of infringement Defendant “knew or should have known” of infringement Defendant “materially contributed” to infringement Defendant “materially contributed” to infringement Vicarious Infringement (Napster) Vicarious Infringement (Napster) Some act of direct infringement by someone else Some act of direct infringement by someone else Defendant had the “right or ability to control” the infringer Defendant had the “right or ability to control” the infringer Defender derived a “direct financial benefit” from the infringement (Napster has no business model.) Defender derived a “direct financial benefit” from the infringement (Napster has no business model.)

Digital Millennium Copyright Act of 1998 (DMCA) Prohibits “circumvent[ing] a technological measure that effectively controls access to a work protected under this title” Prohibits “circumvent[ing] a technological measure that effectively controls access to a work protected under this title” Exempts “service providers” from copyright liability if: Exempts “service providers” from copyright liability if: they block copyrighted material after they are notified by a copyright holder, they block copyrighted material after they are notified by a copyright holder, they identify an infringing user to a copyright holder upon being issued a subpoena, they identify an infringing user to a copyright holder upon being issued a subpoena, and they don’t interfere with “standard technical measures” used to protect or identify copyrighted material and they don’t interfere with “standard technical measures” used to protect or identify copyrighted material

Who are “service providers”? “an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received.” sec 512 (k)(1) “an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received.” sec 512 (k)(1) Also “provider of online services or network access, or the operator of facilities therefor” Also “provider of online services or network access, or the operator of facilities therefor” ISP’s, P2P system operators… end users? ISP’s, P2P system operators… end users?

Libel: CDA CDA immunizes providers and users of “interactive computer systems” from being treated as speakers or publishers of information provided by a 3rd party CDA immunizes providers and users of “interactive computer systems” from being treated as speakers or publishers of information provided by a 3rd party “‘interactive computer system’ means any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.” “‘interactive computer system’ means any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.” so… your computer might be a “server” so… your computer might be a “server”

Censorship Subverting censorship of authoritarian governments by providing anonymous publication is a stated goal of several P2P systems Subverting censorship of authoritarian governments by providing anonymous publication is a stated goal of several P2P systems Examples of authoritarian governments: Examples of authoritarian governments: Australian law would make supplying R-rated material illegal Australian law would make supplying R-rated material illegal US Courts have ruled that the DMCA makes supplying the DeCSS code or linking to a site that supplies the DeCSS code illegal US Courts have ruled that the DMCA makes supplying the DeCSS code or linking to a site that supplies the DeCSS code illegal Naturally, there are others… Naturally, there are others…

Who’s in legal trouble? P2P system operators P2P system operators Must disable access when notified of copyright infringement, may serve as a circumvention of a TPM as per DMCA Must disable access when notified of copyright infringement, may serve as a circumvention of a TPM as per DMCA ISP’s ISP’s Users’ copyright violations--ISP’s must disable access when notified by copyright holder Users’ copyright violations--ISP’s must disable access when notified by copyright holder P2P system developers P2P system developers DMCA: they may produce TPM circumvention technology DMCA: they may produce TPM circumvention technology P2P users P2P users They’re often doing Bad Things. But what if they’re just forwarding content, perhaps unknowingly? Libel? Copyright? Targeted by authoritarian regimes? They’re often doing Bad Things. But what if they’re just forwarding content, perhaps unknowingly? Libel? Copyright? Targeted by authoritarian regimes?

Example P2P Systems Possible threats to privacy and usability Possible threats to privacy and usability Example P2P systems/protocols: Example P2P systems/protocols: What is it? What is it? How does it work? How does it work? What are its business and public policy goals? What are its business and public policy goals? How does it address the threats in our model? How does it address the threats in our model?

Possible Privacy Threats to P2P Systems Monitoring of transactions Monitoring of transactions Tracking systems placed on network Tracking systems placed on network Monitoring of data at or going through a node Monitoring of data at or going through a node Manipulation of transactions Manipulation of transactions Forgery of data Forgery of data Filtration of transaction information Filtration of transaction information Impersonation and misrepresentation Impersonation and misrepresentation Identification of individuals or nodes Identification of individuals or nodes Legal action Legal action Social pressure and external action Social pressure and external action

Possible Usability Threats to P2P Systems Denial of service Denial of service Unreliability and transient availability of resources Unreliability and transient availability of resources Blocking of access to network resources Blocking of access to network resources Firewalls Firewalls NATs NATs Malicious content Malicious content Viruses Viruses Freeloading and inequitable use of resources Freeloading and inequitable use of resources

Example P2P Applications and Networks Napster Napster Gnutella (BearShare) Gnutella (BearShare) SETI@home SETI@home Freenet (Espra) Freenet (Espra) FreeHaven FreeHaven Mojo Nation Mojo Nation Jabber / AOL Instant Messenger Jabber / AOL Instant Messenger Groove.net Groove.net

Napster: What is it? “The largest, most diverse online community of music lovers in history." “The largest, most diverse online community of music lovers in history." A file transfer system for music lovers to search for and trade mp3’s A file transfer system for music lovers to search for and trade mp3’s Also features: Also features: user hotlist user hotlist chatrooms chatrooms instant messaging instant messaging

Napster: How does it work? “hybrid” P2P architecture “hybrid” P2P architecture centralized server takes all file requests, searches dynamically updated database centralized server takes all file requests, searches dynamically updated database server brokers connections between clients for decentralized downloads server brokers connections between clients for decentralized downloads

Napster: Original Business and Public Policy Goals create an easy way to search for and share music for free over the internet create an easy way to search for and share music for free over the internet take advantage of latent disk space on edges of internet take advantage of latent disk space on edges of internet avoid copyright issues by having each user responsible for their own content avoid copyright issues by having each user responsible for their own content

Napster: Current Business and Public Policy Goals Avoid lawsuits! Avoid lawsuits! Metallica Metallica Filename filtering Filename filtering Monthly fee? Monthly fee? Get musicians on their side Get musicians on their side “empower yourself!” “empower yourself!” Get activists on their side Get activists on their side Napster Action Network Napster Action Network

Napster: How does it address the threats in our model? Monitoring of transactions, identifying individuals Monitoring of transactions, identifying individuals Tracking programs Tracking programs Users can log usernames/files downloaded from them Users can log usernames/files downloaded from them Possible to search entire shared file directory of a user (hotlist) Possible to search entire shared file directory of a user (hotlist) Impersonation and misrepresentation Impersonation and misrepresentation Only one username per program – cannot change Only one username per program – cannot change

Napster: How does it address the threats in our model? (cont’d) Legal action Legal action Very vulnerable, as we have seen Very vulnerable, as we have seen Denial of Service Attack Denial of Service Attack Would prevent searches, but not file transfers Would prevent searches, but not file transfers Malicious Content Malicious Content Everything is mp3 format Everything is mp3 format

Gnutella: What is it? A protocol, not an actual program A protocol, not an actual program Completely decentralized architecture – “pure” P2P Completely decentralized architecture – “pure” P2P Used for file transfer Used for file transfer Open source, so many other programs have built off of it Open source, so many other programs have built off of it BearShare BearShare LimeWare LimeWare GnuFrog GnuFrog

Gnutella: How does it work? Works like the real world (gossip, word- of-mouth) Works like the real world (gossip, word- of-mouth) Makes initial connection to other hosts in cache (ping) Makes initial connection to other hosts in cache (ping) Broadcasts, propagates queries to these hosts Broadcasts, propagates queries to these hosts Responses travel back along same path Responses travel back along same path Connects directly to transfer files Connects directly to transfer files

Gnutella: How does it work? (cont’d)

Gnutella: Business and Public Policy Goals “internet on top of the internet” “internet on top of the internet” New real-time search engine model New real-time search engine model Decentralization Decentralization No single point of failure No single point of failure Open source code Open source code Allows for new innovations, freelance application development Allows for new innovations, freelance application development

Gnutella: How does it address the threats in our model? Monitoring of Transactions, Identification Monitoring of Transactions, Identification Tracking programs Tracking programs Users can see requests passed through their node, but not original sender Users can see requests passed through their node, but not original sender Users can log IP’s of nodes with whom they transfer files Users can log IP’s of nodes with whom they transfer files Zeropaid.com’s Wall of Shame Zeropaid.com’s Wall of Shame Legal Action Legal Action Who can copyright holders realistically sue? Who can copyright holders realistically sue?

Gnutella: How does it address the threats in our model? (cont’d) Denial of Service Attacks Denial of Service Attacks Unreliability of resources Unreliability of resources Finding initial group of peers Finding initial group of peers Malicious content Malicious content Mandragore scare Mandragore scare Know what you’re downloading Know what you’re downloading Trust who you’re downloading from Trust who you’re downloading from Freeloading Freeloading Increases the length of search requests Increases the length of search requests Some software, like LimeWare, allows users to have “preferences” to nodes who are also sharing material Some software, like LimeWare, allows users to have “preferences” to nodes who are also sharing material

Gnutella: Scalability Issues and Bandwidth Inequity Clip2 Reflectors – “super peers” Clip2 Reflectors – “super peers”

Gnutella: Scalability Issues and Bandwidth Inequity (cont’d) BearShare v. 3.0.0 Alpha BearShare v. 3.0.0 Alpha 3 modes 3 modes Client (low bandwidth) Client (low bandwidth) Server/Defender (high bandwidth) Server/Defender (high bandwidth) Peer (normal) Peer (normal) Centralizes system somewhat, provides targets, but increases efficiency Centralizes system somewhat, provides targets, but increases efficiency

Copyright Violation Trackers on Napster and Gnutella Copyright Agent Copyright Agent Roy Orbison fans beware! Roy Orbison fans beware! Media Tracker Media Tracker Masquerades as a user Masquerades as a user Logs IP’s, ISP’s, files Logs IP’s, ISP’s, files Operated from outside US, so not subject to US privacy laws Operated from outside US, so not subject to US privacy laws

Monitoring of Transactions on Napster and Gnutella (cont’d) Screenshot of Media-Tracker Screenshot of Media-Tracker

SETI@home: What is it? Allows PC owners to help in the search for extraterrestrial intelligence Allows PC owners to help in the search for extraterrestrial intelligence Free screensaver, analyzes radio telescope data when PC is idle Free screensaver, analyzes radio telescope data when PC is idle

SETI@home: How does it work? Not “pure” P2P Not “pure” P2P Central server sends data to hosts Central server sends data to hosts Hosts compute FFT’s on data, send results back to server Hosts compute FFT’s on data, send results back to server No inter-host communication No inter-host communication Example of how processing power can be shared among computers Example of how processing power can be shared among computers

SETI@home: What are its business and public policy goals? Find more aliens in less time Find more aliens in less time Create a community of extraterrestrial enthusiasts using a participatory medium Create a community of extraterrestrial enthusiasts using a participatory medium Other possible applications for distributed computing Other possible applications for distributed computing Code breaking Code breaking Genetic analysis Genetic analysis

SETI@home: How does it address the threats in our model? Manipulation of Transactions Manipulation of Transactions Doctored versions Doctored versions Trying to find better ways to compute FFT’s Trying to find better ways to compute FFT’s No open source code No open source code Doctored result files Doctored result files Encryption, checksums Encryption, checksums

SETI@home: How does it address the threats in our model? (cont’d) Identification of individuals or nodes Identification of individuals or nodes Denial of Service Denial of Service Unreliability of resources Unreliability of resources Redundant data units distributed Redundant data units distributed Malicious content Malicious content Downloads data, not executables Downloads data, not executables

Freenet: What is it? Distributed, decentralized, anonymous publishing system Distributed, decentralized, anonymous publishing system Like one enormous, shared hard drive Like one enormous, shared hard drive

Freenet: How does it work? Every data has a key Every data has a key Need to know key to access data Need to know key to access data No effective search mechanism yet No effective search mechanism yet Key search: uses a depth-first search along nodes Key search: uses a depth-first search along nodes If a node does not have a key, it directs to node with “closest” key If a node does not have a key, it directs to node with “closest” key Unique ID’s, routing data back, nodes cache data along way Unique ID’s, routing data back, nodes cache data along way more scalable, efficient than broadcast – routes you closer each hop more scalable, efficient than broadcast – routes you closer each hop

Freenet: How does it work? (cont’d) Every node allocates space to be used by network Every node allocates space to be used by network Cannot update files Cannot update files Sends key request w/ unique ID Sends key request w/ unique ID InsertRequest InsertRequest Checks if data already exists Checks if data already exists DataRequest DataRequest If next node contains key, returns data along same path If next node contains key, returns data along same path If not, finds the “closest key”, forwards to that node If not, finds the “closest key”, forwards to that node Data with similar keys become biased toward node “clusters” – positive feedback Data with similar keys become biased toward node “clusters” – positive feedback Once it has a key, requests for similar keys will be forwarded to it, and it will cache this data Once it has a key, requests for similar keys will be forwarded to it, and it will cache this data Reverses Slashdot effect Reverses Slashdot effect Most requested files are easier to download! Most requested files are easier to download!

Freenet: How does it work? (cont’d) Key/data stack model Key/data stack model

Freenet: What are its business and public policy goals? Prevent censorship of documents Prevent censorship of documents Provide anonymity of users Provide anonymity of users Plausible deniability for node operators Plausible deniability for node operators Must trace back requests through every node in path Must trace back requests through every node in path Remove any single point of control Remove any single point of control Keep most requested data, not most “acceptable” data Keep most requested data, not most “acceptable” data

Freenet: How does it address the threats in our model? Monitoring of transactions Monitoring of transactions Hard unless you have control of many nodes Hard unless you have control of many nodes Manipulation of transactions Manipulation of transactions Attacker cannot forge data or update it Attacker cannot forge data or update it Every node checks key for validity of document while it is being forwarded back Every node checks key for validity of document while it is being forwarded back Impersonation and misrepresentation Impersonation and misrepresentation No way to know where data comes from anyway No way to know where data comes from anyway Identification of individuals or nodes Identification of individuals or nodes Legal action Legal action Plausible deniability for requests Plausible deniability for requests You cannot see what is on your own node You cannot see what is on your own node Cannot censor material Cannot censor material Not responsible for content Not responsible for content Social pressure and external action Social pressure and external action Impossible to censor documents Impossible to censor documents Denial of Service Denial of Service Unreliability of nodes Unreliability of nodes Malicious content Malicious content Once word gets out, document will disappear Once word gets out, document will disappear Can block Can block Freeloading Freeloading

Raj’s pictures

FreeHaven: What is it? Network that allows users to publish documents Network that allows users to publish documents Provides anonymity, server accountability, and equitability of resource distribution Provides anonymity, server accountability, and equitability of resource distribution

FreeHaven: How does it work? Distributed network of servers Distributed network of servers Servers communicate through anonymous channels, such as reply blocks sent via re- mailers Servers communicate through anonymous channels, such as reply blocks sent via re- mailers Data enters and propagates through the network through the process of trading Data enters and propagates through the network through the process of trading Files are divided into pieces and distributed among servers, only a subset of which are needed to reconstruct the file Files are divided into pieces and distributed among servers, only a subset of which are needed to reconstruct the file All data is encrypted and signed before transfer or storage All data is encrypted and signed before transfer or storage

FreeHaven: What are its business and public policy goals? Business goals Business goals To be used in conjunction with services such as FreeHaven to provide long-term, popularity independent data storage To be used in conjunction with services such as FreeHaven to provide long-term, popularity independent data storage Public policy goals Public policy goals Anonymity of author, publisher, reader, document, server, and query Anonymity of author, publisher, reader, document, server, and query System accountability (as opposed to user accountability) System accountability (as opposed to user accountability) Equity of resource distribution Equity of resource distribution

FreeHaven: How does it address the threats in our model? Monitoring of transactions Monitoring of transactions All FreeHaven traffic is encrypted in transit and in storage All FreeHaven traffic is encrypted in transit and in storage Document requests are forwarded through the system via anonymous re-mailers Document requests are forwarded through the system via anonymous re-mailers Manipulation of transactions Manipulation of transactions All data segments are signed All data segments are signed Only a subset of the segments are required to reconstruct the data Only a subset of the segments are required to reconstruct the data Impersonation and misrepresentation Impersonation and misrepresentation

FreeHaven: How does it address the threats in our model? (cont’d) Identification of individuals or nodes Identification of individuals or nodes Author/publisher anonymity through trading Author/publisher anonymity through trading Server anonymity through pseudonyms and anonymous communication via re-mailer reply blocks Server anonymity through pseudonyms and anonymous communication via re-mailer reply blocks Legal action, social pressure, external action Legal action, social pressure, external action No central authority to be held accountable No central authority to be held accountable “Plausible deniability:” server does not know what data it is storing or what is being requested “Plausible deniability:” server does not know what data it is storing or what is being requested Only a subset of the servers must be available to reconstruct the data Only a subset of the servers must be available to reconstruct the data Data cannot be revoked from the network Data cannot be revoked from the network

FreeHaven: How does it address the threats in our model? (Cont’d) Denial of service, unreliability of resources Denial of service, unreliability of resources Only a subset of the servers must be available to reconstruct data Only a subset of the servers must be available to reconstruct data Accountability mechanisms for servers Accountability mechanisms for servers Blocking of access to network resources Blocking of access to network resources Malicious content Malicious content Freeloading and inequitable resource use Freeloading and inequitable resource use Must donate space to publish data Must donate space to publish data

Mojo Nation: What is it? Distributed, micro-payment based publishing/resource distribution system Distributed, micro-payment based publishing/resource distribution system Resource consumers and providers make “capitalist” exchanges of resources (storage space, computation) Resource consumers and providers make “capitalist” exchanges of resources (storage space, computation)

Mojo Nation: How does it work? Content trackers keep list of content pieces and addresses of nodes that have them Content trackers keep list of content pieces and addresses of nodes that have them Query different nodes until you have all of the parts needed to reconstruct the file Query different nodes until you have all of the parts needed to reconstruct the file

Mojo Nation: What are its business and public policy goals Business goals Business goals Public policy goals Public policy goals

Mojo Nation: How does it address the threats in our model? Monitoring of transactions Monitoring of transactions Manipulation of transactions Manipulation of transactions Impersonation and misrepresentation Impersonation and misrepresentation Identification of individuals Identification of individuals May be addressed in future by payment for “hops” over a number of nodes, but not currently addressed May be addressed in future by payment for “hops” over a number of nodes, but not currently addressed Legal action Legal action “Plausible deniability” because server does not have enough of a document to reconstruct it “Plausible deniability” because server does not have enough of a document to reconstruct it

Jabber/AIM: What are they? Instant messaging platforms Instant messaging platforms Jabber provides universal connectivity to other IM services, including AIM, ICQ, MSN Messenger Jabber provides universal connectivity to other IM services, including AIM, ICQ, MSN Messenger Jabber designed as protocol to allow for person-to-person as well as app-to-app communication Jabber designed as protocol to allow for person-to-person as well as app-to-app communication

Jabber/AIM: How do they work? AIM AIM Client/server: almost all data relayed through AOL servers Client/server: almost all data relayed through AOL servers Jabber Jabber Distributed system of servers, each presiding over a namespace Distributed system of servers, each presiding over a namespace When a server receives a message, it will forward it to its peers if recipient not in its namespace When a server receives a message, it will forward it to its peers if recipient not in its namespace Communicate via XML or proprietary protocols where necessary Communicate via XML or proprietary protocols where necessary

Jabber/AIM: What are their business and public policy goals? AIM AIM Business goals Business goals Large scale IM solution, centralized Large scale IM solution, centralized Supported by advertisements Supported by advertisements Public policy goals Public policy goals Jabber Jabber Business goals Business goals Open source, open structure for naming, presence, and "roster" (buddy list) information Open source, open structure for naming, presence, and "roster" (buddy list) information Allow users to have one client for multiple IM protocols Allow users to have one client for multiple IM protocols Public policy goals Public policy goals

Jabber/AIM: How do they address the threats in our model? Monitoring of transactions Monitoring of transactions Data generally sent clear-text through (possibly) untrusted servers Data generally sent clear-text through (possibly) untrusted servers Jabber’s XML structure allows for security for certain apps using encryption and vCard, but not supported in the standard Jabber’s XML structure allows for security for certain apps using encryption and vCard, but not supported in the standard Manipulation of transactions Manipulation of transactions Impersonation and misrepresentation Impersonation and misrepresentation There have been several cases of ID theft and password fraud on AIM There have been several cases of ID theft and password fraud on AIM Jabber allows for dialback to prevent spoofing Jabber allows for dialback to prevent spoofing Identification of individuals or nodes Identification of individuals or nodes

Jabber/AIM: How do they address the threats in our model? (Cont’d) Legal action, social pressure, denial of service Legal action, social pressure, denial of service AIM servers all centralized AIM servers all centralized Jabber servers distributed, each presides over separate namespace Jabber servers distributed, each presides over separate namespace Blocking of access to resources Blocking of access to resources Unreliability of resources Unreliability of resources Malicious content Malicious content

Groove: What is it? “Shared space” for real-time collaboration “Shared space” for real-time collaboration Chat, IM, whiteboard, group web browsing, calendar, discussion board, integration with other applications Chat, IM, whiteboard, group web browsing, calendar, discussion board, integration with other applications

Groove: How does it work? End-user application connects directly with peers, but can use gateway servers if necessary End-user application connects directly with peers, but can use gateway servers if necessary All data in XML format All data in XML format Different modes of operation to provide different levels of anonymity of participants Different modes of operation to provide different levels of anonymity of participants

Groove: What are its business and public policy goals? Business goals Business goals Public policy goals Public policy goals

Groove: How does it address the threats in our model? Monitoring of transactions Monitoring of transactions All data is encrypted in transit and in storage All data is encrypted in transit and in storage Manipulation of transactions Manipulation of transactions All data is signed so it cannot be manipulated All data is signed so it cannot be manipulated Impersonation and misrepresentation Impersonation and misrepresentation Key distribution system uses SDSI-type attributes Key distribution system uses SDSI-type attributes All invitation messages are signed and sent with signer’s public key All invitation messages are signed and sent with signer’s public key Recipient can compute “fingerprint” from public key and check it against previously known value Recipient can compute “fingerprint” from public key and check it against previously known value Identification, legal action, etc. Identification, legal action, etc.

Groove: How does it address the threats in our model? (Cont’d) Denial of service Denial of service Central servers used only when necessary Central servers used only when necessary Blocking of access to network Blocking of access to network Can work through gateway servers designed to tunnel through firewalls, etc. Can work through gateway servers designed to tunnel through firewalls, etc. Unreliability and transient availability Unreliability and transient availability All communication is mirrored locally for all participants All communication is mirrored locally for all participants Malicious content Malicious content Freeloading and inequity Freeloading and inequity

Privacy Issues in Peer-To-Peer Systems Raj Dandage, Tim Gorton, Ngozika Nwaneri, Mark Tompkins

Similar presentations

Presentation on theme: "Privacy Issues in Peer-To-Peer Systems Raj Dandage, Tim Gorton, Ngozika Nwaneri, Mark Tompkins"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Privacy Issues in Peer-To-Peer Systems Raj Dandage, Tim Gorton, Ngozika Nwaneri, Mark Tompkins

Similar presentations

Presentation on theme: "Privacy Issues in Peer-To-Peer Systems Raj Dandage, Tim Gorton, Ngozika Nwaneri, Mark Tompkins"— Presentation transcript:

Similar presentations

About project

Feedback